May 2, 2010 at 03:18Easy way to get a lot of valid email addresses
In a topic about vandicating people with vandas , I said that vandas themselves can have a list of valid email addresses that can be used for spam, but it’s more profitable to use MailAgent’s built-in search. This time I decided to check how easy it is to get them out of there.
So, as everyone probably knows, MailRu has its own instant messaging network, which consists of users of the company's main service - mail. And MailRu is currently the de facto standard in choosing mail (although many are now migrating to gmail.com). In other words, this company now has the largest number of work addresses, not counting, perhaps, Contact.
What, in fact, is the essence of the problem: for authorization, the user's mail address is used as a login and a unique identifier. Since the protocol contains the function of searching for contacts (which is quite logical), and there is an address in the output, you can easily make a grabber of valid mail addresses. And even more - you can search by criteria (age, country, gender) and whether the contact is online. By default, the user agent is enabled in mAgent when a new message is received in the mailbox. What do we have as a result? We are looking for people from a specific target audience online, we send them spam, they will even receive a notification about a new letter and it is likely to read it.
Regarding the protocol. Although the specification is there, it has not been updated for a long time. The package MRIM_CS_CHANGE_STATUS has changed and become larger. MRIM_CS_LOGIN2 generally increased significantly. It now conveys some undocumented things, including the name of the OS, processor and video card. I remember, not so long ago they were not there.
Actually, here is the program . Attention, it is given for informational purposes.Do not use it for its intended purpose. Oh yes, they always tell me that my code is crooked, and I myself am a fool - I agree with everyone in advance. The program does not provide for any emergency situations such as someone logging into the same account.
And yet, to enter the server, of course, you need an account in MailRu, but use the mail that you are not sorry to lose, you never know how the company reacts to such jokes.
So, as everyone probably knows, MailRu has its own instant messaging network, which consists of users of the company's main service - mail. And MailRu is currently the de facto standard in choosing mail (although many are now migrating to gmail.com). In other words, this company now has the largest number of work addresses, not counting, perhaps, Contact.
What, in fact, is the essence of the problem: for authorization, the user's mail address is used as a login and a unique identifier. Since the protocol contains the function of searching for contacts (which is quite logical), and there is an address in the output, you can easily make a grabber of valid mail addresses. And even more - you can search by criteria (age, country, gender) and whether the contact is online. By default, the user agent is enabled in mAgent when a new message is received in the mailbox. What do we have as a result? We are looking for people from a specific target audience online, we send them spam, they will even receive a notification about a new letter and it is likely to read it.
What made
No, no, if I write again “what made the developers blah blah blah”, then I’ll start repeating myself. I’ll put it simpler, make the user ID (so that I can send messages to him and so on) with some unique id, and don’t shine someone else’s mail at all (people will need to find out - they will ask the other person themselves), the problem would disappear by itself. And, note that you could leave the login through the mailing address. Yes, yes, I know, "you are the one so clever, and in MailRule some fools are sitting and without you, of course, they don’t know how to do it right."What to do with the received addresses
- Spam mail mainly. Having a real username (and it is also in the search results, although my program does not give it out), you can make spam / scam more reliable.
- Twist on qwerty or the user's birthday (and he is in the search results), and we have a working mail account with all the correspondence.
The program itself
I wrote in php, there are no requirements for modules / packages, the main thing is that fsockopen would work. 200 lines, 6 hours of work, including time to study the protocol. Finds ~ 450 addresses per minute.Regarding the protocol. Although the specification is there, it has not been updated for a long time. The package MRIM_CS_CHANGE_STATUS has changed and become larger. MRIM_CS_LOGIN2 generally increased significantly. It now conveys some undocumented things, including the name of the OS, processor and video card. I remember, not so long ago they were not there.
Actually, here is the program . Attention, it is given for informational purposes.Do not use it for its intended purpose. Oh yes, they always tell me that my code is crooked, and I myself am a fool - I agree with everyone in advance. The program does not provide for any emergency situations such as someone logging into the same account.
And yet, to enter the server, of course, you need an account in MailRu, but use the mail that you are not sorry to lose, you never know how the company reacts to such jokes.