MadPPC

Based on the requests from some others, they wanted a script that not only checked for useful proxies but to see how anonymous they are.  The first one you upload to some server, it rates the proxy based on the header information passed.  3 being highly anonymous to 1 being a transparent proxy.

<?php
//proxy levels
//Level 3 Elite Proxy, connection looks like a regular client
//Level 2 Anonymous Proxy, no ip is forworded but target site could still tell it's a proxy
//Level 1 Transparent Proxy, ip is forworded and target site would be able to tell it's a proxy

if(!$_SERVER['HTTP_X_FORWARDED_FOR'] && !$_SERVER['HTTP_VIA'] && !$_SERVER['HTTP_PROXY_CONNECTION']){
 echo '3';
} elseif(!$_SERVER['HTTP_X_FORWARDED_FOR']){
 echo '2';
} else echo '1';
?>

This next script can be run from anywhere:

<?php
function checkProxies($proxies){
 //$proxies is an array of proxies in format ip:port,username:password
 $url = 'http://www.someplace.tld/proxycheck.php'; //url to query

 $count = count($proxies); //number of items in array
 echo 'Number of proxies in list: ' . $count . '<br />';

 $curl_arr = array();
 $master = curl_multi_init(); //create multi curl resource

 for($i = 0; $i < $count; $i++) {
 $proxy = $proxies[$i]; //grab proxy from array
 $curl_arr[$i] = curl_init(); // create new curl resource
 curl_setopt($curl_arr[$i], CURLOPT_RETURNTRANSFER, TRUE); //return the data don't output it outright
 curl_setopt($curl_arr[$i], CURLOPT_HEADER, FALSE); //do not output the header info
 curl_setopt($curl_arr[$i], CURLOPT_URL, $url); //set our url to query
 curl_setopt($curl_arr[$i], CURLOPT_CONNECTTIMEOUT, 10); //set how long we'll give the proxy to respond in seconds in this instance 10 seconds

 $cproxy = explode(',', $proxy); //split the proxy into an array $cproxy[0] will be ip:port $cproxy[1] will be username:password
 curl_setopt($curl_arr[$i], CURLOPT_PROXY, $cproxy[0]); //set our proxy ip:port

 if($cproxy[1]) { //test for username pass
 curl_setopt($curl_arr[$i], CURLOPT_PROXYUSERPWD, $cprosy[1]); //set username:password
 }
 curl_multi_add_handle($master, $curl_arr[$i]); //add the current curl resource handle to the master
 }

 $running = null;
 do {
 curl_multi_exec($master,$running); //while there are running connections just keep looping
 } while($running > 0);

 echo 'Results: <br />';
 $a = 0; //output array counter
 for($i = 0; $i < $count; $i++) {
 $rawdata = curl_multi_getcontent($curl_arr[$i]); //get returned data from curl handle

 if($rawdata == '3'){
 //process elite proxy
 echo 'Elite Proxy found: ' . $proxies[$i] . '<br /><br />';
 $proxylist[$a] = $proxies[$i]; //it's a good proxy add it to our list
 $a++;
 } elseif($rawdata == '2'){
 //process anonymous proxy
 echo 'Anonymous Proxy found: ' . $proxies[$i] . '<br /><br />';
 $proxylist[$a] = $proxies[$i]; //it's a good proxy add it to our list
 $a++;
 } elseif($rawdata == '1') {
 //process transparent proxy
 echo 'Transparnet proxy: ' . $proxies[$i] . ' - Skipping. <br /><br />';
 } else echo 'Bad Proxy, nothing returned: ' . $proxies[$i] .  ' - Skipping. <br /><br />';

 }
 echo 'Number of good proxies: ' . count($proxylist);

 curl_multi_close($master); //destory the multi curl resource
 return $proxylist; //return an array of useable proxies

}

//start of main code
set_time_limit(0);
$proxies = file('proxies.txt'); //loads a file into an array each line being a new element
$proxies = checkProxies($proxies); //$proxies will be a returned array of usable proxies

?>

Enjoy.

Been using a certain proxy finder lately, after lengthy testing you get lots of dead or not anonymous proxies. Testing these one by one with back to back curl calls is very time inefficient (testing 150 proxies even at 1 second a piece is going to take over 150 seconds). So I’ve wrote a nice little function that uses the curl_multi functions to run the calls simultaneously.

I setup a simple script on another server that simply echos ‘Hi’. This script will query a url and test the output vs ‘Hi’ (of course you can change it to whatever you like).

I’m hung over as fuck, it’s fully commented, have fun.

<?php
function checkProxies($proxies){
 //$proxies is an array of proxies in format ip:port,username:password
 $url = 'http://someplace.tld/testphp.php'; //url to query
 $return = 'Hi'; //expected reply

 $count = count($proxies); //number of items in array
 echo 'Number of proxies in list: ' . $count . '<br />';

 $curl_arr = array();
 $master = curl_multi_init(); //create multi curl resource

 for($i = 0; $i < $count; $i++) {
 $proxy = $proxies[$i]; //grab proxy from array
 $curl_arr[$i] = curl_init(); // create new curl resource
 curl_setopt($curl_arr[$i], CURLOPT_RETURNTRANSFER, TRUE); //return the data don't output it outright
 curl_setopt($curl_arr[$i], CURLOPT_HEADER, FALSE); //do not output the header info
 curl_setopt($curl_arr[$i], CURLOPT_URL, $url); //set our url to query
 curl_setopt($curl_arr[$i], CURLOPT_CONNECTTIMEOUT, 10); //set how long we'll give the proxy to respond in seconds in this instance 10 seconds

 $cproxy = explode(',', $proxy); //split the proxy into an array $cproxy[0] will be ip:port $cproxy[1] will be username:password
 curl_setopt($curl_arr[$i], CURLOPT_PROXY, $cproxy[0]); //set our proxy ip:port

 if($cproxy[1]) { //test for username pass
 curl_setopt($curl_arr[$i], CURLOPT_PROXYUSERPWD, $cprosy[1]); //set username:password
 }
 curl_multi_add_handle($master, $curl_arr[$i]); //add the current curl resource handle to the master
 }

 $running = null;
 do {
 curl_multi_exec($master,$running); //while there are running connections just keep looping
 } while($running > 0);

 echo 'Results: <br />';
 $a = 0; //output array counter
 for($i = 0; $i < $count; $i++) {
 $rawdata = curl_multi_getcontent($curl_arr[$i]); //get returned data from curl handle

 if($rawdata == $return){ //check the data returned vs what we expect
 echo $i . '. Good Proxy: ' . $proxies[$i] . '<br /><br />';
 $proxylist[$a] = $proxies[$i]; //it's a good proxy add it to our list
 $a++;
 } else echo $i . '. Bad Proxy: ' . $proxies[$i] . '<br /><br />';
 }
 echo 'Number of good proxies: ' . count($proxylist);

 curl_multi_close($master); //destory the multi curl resource
 return $proxylist; //return an array of useable proxies

}

//start of main code
$proxies = file('proxies.txt'); //loads a file into an array each line being a new element
$proxies = checkProxies($proxies); //$proxies will be a returned array of usable proxies

?>

A couple days ago all of a sudden I couldn’t access my email accounts on a server of mine.  I figured it was most likely temporary, who knows – shit happens – and sometimes the tubes get crossed.  However after a day I was getting pretty concerned.

I wondered why, after months of no issues, all of a sudden none of my domains using that nameserver resolved.  As it turned out the solution was pretty simple, but very unexpected.

The answer was: my private nameserver wasn’t returning ‘A records‘.  Yeah, I know right?  WTF.

The reason why nameservers now have to return ‘A records‘ is to prevent whats called ‘DNS cache poisoning‘.  In layman explanation would be, basically it prevents someone from making you connect to a server it shouldn’t.  That’s probably not the best explanation ever, but you can read up more on it through the link I posted.

How do you fix it when it happens?

You have to give your nameservers ‘A records‘.  So for example in this instance my own server runs it’s own DNS server, I just add my nameserver domain like I would with any other domain.  I then at the registrar set the nameservers of my nameserver domain to itself (ns1./ns2.domain-server.tld)  because it already points to the server running the DNS server.  Reading that it sounds really confusing, but all your doing is adding nameservers to a domain like you would with any other domain.

That’s all that’s to it.

If you ever wanted to know what it would be like to watch a network flush their rep down the drain in one of the fastest ways possible, look no farther as XY7 is doing it right now.

I guarantee it’ll only get better.

This should be a lesson to all networks:

1. Don’t belittle an affiliate of your network, and only prove his point for him.  Really, how smart was that?
2. Don’t create a fake account and try and do damage control with it.  Yes the guy says he’s an affiliate that works in the XY7 office, how the fuck do we know or care?
3. Don’t bring in your compliance department to try and smooth it over.  When a network wants to see your landing page and know your traffic source, the typical response should be that you’ll switch to a competing networks (depending on the offer).

Why would you do something this stupid?  Who knows.

Of course you already knew that, because you might partake in some sort of internet marketing.  People don’t read the fine print, well in general most people read very little ad print period.  So I guess it comes as no surprise that Senator Rockefeller is getting all up on the nuts of the exit / post order offers and offers used to give you “credits” and whatnot on Facebook games.

A nice article at Techcrunch can be found here.

The major gripe I can see here is that the place you just bought something from is just handing over your credit card details – that’s some shady shit to a point.  However these exit / post order ads are far from scams.

I’ve seen them before, I forget where.  I wasn’t magically taken by them.  My thought process goes:

1. A free $10 huh?  That’s cool.
2. Hmmm, what’s the catch? (I don’t believe you can typically get anything for nothing)
3. Oh, there it is, I’ll be billed every month some amount greater than $10.
4. Pfffft, forget it.

See it’s pretty simple, and it’s the exact same reason things like zip submits can work.  People are lazy.  Then they claim being the victim.

</internet facepalm>

There’s been more and more reports of peoples servers getting jacked from things like mal-ware ganking your FTP user-names and passwords.  I can’t find the original article that I read about the subject, but regardless, you should take precautions to keep yourself safe.  Or you’ll end up in one of these headlines: Trojan plunders $480k from online bank account.  Another article just surfaced: Thousands of sites loaded with potent malware cocktail.

Chances are the system your working on right now is not safe.  Chances are it’s crawling with some sort of mal-ware (especially if your a Windows user).  Chances are your at major risk of suffering the same fate, having your credentials stolen and your servers breached (not to mention all the other nasty things that could happen, see articles above).

So what should you do?  Simple.  Create a ‘clean box’.  I literally just coined the term under the thought of what a ‘clean room’ is like.

Now the clean box in itself is abstract, because it’s really up to the end user how they want to set it up.  What your doing is basically sandboxing the things that could cause your system to be compromised.  Here’s the jist of it:

Note:  These directions are assuming your only use one computer.  If you are going to use two or more computers the overall is the same, but instead of partitions think of it as different hard drives on different computers.

Setup two partitions on your hard drive.

Use one partitions for all your normal use:  watching porn, downloading warez, playing games, what ever.  Never login to any kind of sensitive website or service where the data obtained from the source could hurt your business or whatnot.  Such examples would be: your own servers, online banking, business email, etc…

Install an OS on the other partition, and get it up to date, download some virtual machine software, like Virtual Box (it’s free!).  With software like Virtual Box, you can install a virtual OS and run it right from your desktop.  Even better you can create different snapshots of the OS at any point and time.  So after you install an OS in Virtual Box, and get it up to date, you can snap shot it at a clean state.

I would personally create two images, one for use in surfing known safe sites, email, and whatnot.  The other I would create for the sole purpose of uploading and managing servers.  Once finished with your session you don’t have to save it and you can just keep loading from the clean snapshots.

In closing, in an industry so reliant on the internet we all know there pitfalls out there.  Exploits will not ever go away, and they will continued to be developed.  Until software can sandbox itself (ie have no access to the rest of the computer) than you have to do it yourself.  The question is, are you going to take the precautions or are you simple going to stand by, and when it happens to you, kick yourself in the ass?

Hey guys, it is with much regret and sadness today I received and Cease and Desist letter from Facebooks lawyers in regards to two tools I have released: FBSpy and Facebook link cloaker.

As of today I will no longer sell, support, or develop either one of these tools (so don’t ask).  I will also ask everyone who has a copy to please stop using it!  All posts about them, or techniques on how to use them, have been removed from MADPPC.com as far as I can tell.  They also want me to turn over the names of anyone who has bought FBSpy, but I have no intention on doing that.

Frankly the link cloaker is a pretty generic (and shitty) link cloaking script wrote a long time ago (and never updated) and only contained the Facebook name because that was a hot developing advertising platform at the time, and it was very cloakable.  Hell I could whip a new 10x better version in a day now, so no big loss.  There are also many other cloakers out there for sale (and free) that are much better than that.

FBSpy was something close to me though, it was a tool that I’m sure a few have thought of doing, I just actually followed through.  Kinda put me in the lime light and helped me gain some rep in the community.

You know in our business there is a never ending need to want to get a step up on the guy in front of us, or to just make a campaign profitable – period.  Although my tool itself does not click ads, like some others do (I don’t have the link of the posts on WF so if someone finds it let me know). I’m sure their major beefs are:

1. Referring to Facebook in any way shape or form.
2. The fact that you can manually click though ads.

[rant]I know this tool made many people a lot of money, which in turn made Facebook a lot of money, but since when has Facebook ever cared about being profitable?  Yet, you can’t dispute that there is a high probability that this stems from the whole click fraud issue that really came full circle with the published techcrunch articles due to outcry of the community (original article and followup article).  Now maybe they’ll fix their horrific ad manager (do you hear me Facebook and/or attorneys I know your reading this) but probably not because they love failing.  Facebook if you want some tips, let me know, you have all my primary e-mail addresses after all.[/rant]

I guess that’s my piece, I could rant and rave for a while about the problems with Facebook platform in general that have been shit for a while but honestly I need content for another post in the future and it’s petty.  I’m not sure I’ve said everything I’ve wanted too, but no point to keep dwelling over this.

All  jokes aside though, it would be nice to see something good come out of this, I mean I hope they didn’t go through all this trouble just to shut down a couple silly little tools (not that I’m making them work hard for it).

It was a great run while it lasted, thanks to all my readers and supporters!  I am however on to new, bigger, and better projects that will make me many times more money that FBSpy ever did (like autolandingpage.com).  So don’t be sad, think of this as a new chapter in my journey, we all have a lot to learn yet in this ever changing thing we call ‘internet marketing’.

Now stop reading, go make money and get paid!

Yeah, I wasn’t going to do this post but there is a great deal on VPS over at WickedFire right now.  ZenSix hosting (the owner a well known member on WickedFire) still has a VPS for 50% off for the first month.  After that one is gone you can pick up a VPS for %25 off through July 18th.

THREAD HERE:

All orders placed before July 18th will receive 25% off their first month when the coupon code “25offVPS” is used.

We’ve got a new node set up and we’re ready to start taking new vps orders. Our initial launch a few weeks ago went great and we sold out in under ten days. These new plans are a little different and include access to vePortal.

vePortal is a control panel for your vps that allows you to log in and monitor your bandwidth, disk usage, start/stop/rebuild your vps, and more… see this page for screenshots: vePortal Homepage

Each vps comes with DirectAdmin for FREE. DirectAdmin alone costs $30/month (normally about $10/month for a vps).

VPS-1

• 512MB dedicated RAM
• 768MB burst RAM
• 20GB disk space
• 400GB bandwidth
• 1 IP address
• Powered by OpenVZ
• Equal Share CPU
• FREE DirectAdmin
• Free vePortal access
• Root Access
• Fully Managed
• $24.99 a month

VPS-2

• 768MB dedicated RAM
• 1.5GB burst RAM
• 35GB disk space
• 800GB bandwidth
• 2 IP addresses
• Powered by OpenVZ
• Equal Share CPU
• FREE DirectAdmin
• Free vePortal access
• Root Access
• Fully Managed
• $39.99 a month

VPS-3

• 1GB dedicated RAM
• 2GB burst RAM
• 45GB disk space
• 1,000GB bandwidth
• FREE DirectAdmin
• Free vePortal access
• Powered by OpenVZ
• Equal Share CPU
• 3 IP addresses
• Root Access
• Fully Managed
• $49.99 a month

ADDITIONAL FEATURES:

• IP Address – $1 per month
• Installatron Auto-Installer $2 per month

Order Here: ZenSix Hosting :: Virtual Private Servers

* Please read the TOS before signing up. We do not allow IRC servers, VNC servers, spam, mass emailing, warez, adult content, etc…

** If you want DirectAdmin set up, it could take 24-72 hours for your vps to be ready (because we have to get the DA licenses from our datacenter). If you don’t want DirectAdmin set up, your vps can be ready in a few hours, but it will not be fully managed and you won’t have a control panel.

This is a great deal whether you get the 50% off, 25% off, or pay full price.  Look around at VPS’s you’ll see that they are the same price (as compared to the VPS-2) or cheaper than even UNMANAGED VPS’s (vpsville – $55, linode – $40).  Hell he’ll even through in Direct Admin (yeah it’s not cPanel but it does all the same things).

If you want the 50% off you have to go post in the thread and agree to give Subigo a review.  All others use the 25% off code.

Also I should note I make zero commision, fees, or any other form of payment from this.  Just letting you guys know a good deal.

Yeah I know, no new content in almost a month!  Good reason though, I got caught up with the guys doing this new site and they needed a coder to do the tool.  So I been working with them to get this going.

AutoLandingPages

It’s going to be really cool when it’s all finnished so stay tuned.

Now that we are up to speed on the data we want to collect, and how cURL works, a basic scraper it’s really just a hop, skip, and a jump away.

Getting Data

The only other point we haven’t covered was how to effectively pull data from our page.   For example say we want to grab the value of a link on a page, it’d look something like this:

<a href=”this-is-a-link.com“></a>

How do we easily remove the link value (this-is-a-link.com)?

For such a feat I have long ago wrote my own function:

function getValue($item, $query, $end){

$item = stristr($item, $query);
$item = substr($item, strlen($query));
$stop = stripos($item, $end);
$val = substr($item, 0, $stop);
return $val;
}

It works pretty simply:

• $item : The data we want to get our value from
• $query:  The character(s) immediately in front of the value we want
• $end : The character(s) immediately behind the value we want

The function naturally returns the value in between the first $query and first $end after $query from $item (you catch all of that).  So in the above example (the one with the link) it was be wrote like this:

getValue('<a href="this-is-a-link.com"></a>', '''href="', '">');

Now the second and third fields I used more characters than what I needed just for illustrative purposes.  However the value of this-is-a-link.com would have been returned.

A Note About Firebug

One last mention is when working with the Firebug plug-in for Firefox, make sure you double check the source code.  I had run into it, twice, this scraper where the values shown inside Firebug where not right.  It was putting quotes around some values that didn’t have any quotes around them for example in the source code below, line 47, it had shown <li class=g> as <li class=”g”>, which in the scraping world are WAY different.

The Scraping Process

This is a pretty basic scraper and I’m going to quickly go over how it works:

• lines 3-13: The getValue function.
• lines 16-25: Setting up generic and search variables.  Notice to change your search term you change the vlue on line 23.
• lines 28-44:  Setting all the cURL values, and execting it on line 44.
• line 47: Chop off all the code up until our first search result.
• line 50:  Explode all the results into an array.
• line 53:  Setup and loop through all the results.
• line 55:  Find out if it’s a search result and not a video or image result.
• lines 56-68:  It it was a normal search result, pull our data.
• lines 71-74:  Put our data on screen.
• line 80: close cURL.

It’s only setup to scrape the first page of results from Google.  It’s plenty commented it would be pretty easy to add a little code to get it to get more pages.  Patience, you must walk before you run.

Sourcecode

I didn’t spell check any of the comments in this code, so if you find any just ignore it.

<?php

function getValue($item, $query, $end){
//$item is where we want to search
//$query is something unique just before the value we want
//$end is the something unique just after the value we want
//function returns the first value that is inbetween $query and $end inside $item
$item = stristr($item, $query);
$item = substr($item, strlen($query));
$stop = stripos($item, $end);
$val = substr($item, 0, $stop);
return $val;
}

//path to my cookie file
$cookie = '/tmp/cookie.txt';
//my user agent
$agent = 'User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008100922 Ubuntu/8.04 (hardy) Firefox/3.0.3';
//my base url
$url = 'http://www.google.com/search?q=%searchterm%&hl=en&start=';
//my search term
$searchTerm = 'huge fish';
$searchTerm = urlencode($searchTerm);
//create a search url
$searchURL = str_replace('%searchterm%', $searchTerm, $url);

//initialize new cURL resource
$ch = curl_init();
//set our general options
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);

//cookies
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);

//set our URL
curl_setopt($ch, CURLOPT_URL, $searchURL);
//query the url, get our data
$rawdata = curl_exec($ch);

//find first <li class="g"> return all data after it
$rawdata = strstr($rawdata, '<li class=g>');

//explode the rest of data broken up by search result
$results = explode('<li class=g>', $rawdata);

//setup a loop
foreach($results as $value){
//check to see if it's an actual search entry and not image or video
if(strstr($value, '<div class="s">')){
//it is a valid search entry

//move up to fist link in entry
$data = strstr($value, '<a');

//get url
$url = getValue($data, 'href="', '"');
//get title
$title = getValue($data, '>', '</a>');
//get description
$description = getValue($data, '<div class="s">', '<br>');
//get cite
$cite = getValue($data, '<cite>', '</cite>');

//Do any other processing HERE
echo 'URL: ' . $url . '<br/>';
echo 'Title: ' . strip_tags($title) . '<br/>';
echo 'Description: ' . strip_tags($description) . '<br/>';
echo 'Cite: ' . strip_tags($cite) . '<br/><br/>';

}
//if it's not a valid search entry or we are just done with the entry, will move on to the next until we have them all
}

curl_close($ch);

?>

This section I think would be the most complex yet so if you have questions feel free to leave them in the comments. Now go make monies.