Kill Your Neighbor With a Shovel
For quite a long time, an interesting thought about alternative ways of using iframe traffic has been wandering around in my head, and now, finally, it has fermented into the following article. Light, clamp, scalpel, the lab work begins :yes2:
Probably many of you are familiar with the desire (not the best in terms of the impact on karma :blink: ) to take revenge on some jerk who screwed you over/scammed you, etc… Let’s say you know the villain’s website, what can you do with it?
Well, firstly, it is possible to hack it purely theoretically, and if you have the right hands, then with your own, or you can order a professional to hack it.
Secondly, it’s to fucking kill the bastard.
So, in the absence of specialized knowledge, such “self-satisfaction” will cost a pretty penny. We will not talk about the prices today, but they are definitely not small.
Today I will tell you how you can do something nasty with your own hands, without stepping on the rake of the law.
For this we will need about ten free hosts registered by ourselves, preferably on different domains, a little bit of writing and actually iframe traffic, which can be bought for pennies if you really want to.
Now about how it all works. Firstly, this method can only organize http GET DOS, at least this is what first comes to mind. We select resource-intensive scripts on the victim’s server (these can be search queries on the site, output of pages with a large number of elements, preferably generated by scripts, etc.) and start draining traffic to them. BUT, if you just stupidly pour a frame, then it will turn out to be not profitable at all, because you will have to really fork out for such a flow.
Task:
- We need to somehow use traffic more productively
- It is necessary to increase the quality of the iframe in relation to our task
Solution:
So the first thing that comes to my mind is a stupid parallelization of one iframe stream into dozens of such streams, which allows you to get from 1k iframe traffic about 10–20k real visits to the victim’s site.
Everything is simple, but we will go further, for this we will use the iframe tag method as onLoad in addition to parallelization of streams.
Let’s write such a simple script:
<iframe src="victim.html" onload="this.src='victim.html'"></iframe>It allows the victim to reload the page again after it finishes loading, and so on until you get tired of it.
Well, now we have a page on the freehost containing such frames, set on the resource-intensive scripts of the victim. That’s it! We can start draining traffic and rejoice at the site lying down.
But let’s not rush and save the money. Now we will try to get the maximum return on the money spent. So, I think it is obvious that the longer the victim’s site pages are reloaded, the more loaded their server will be with the same purchased iframe stream. There is a concept of “traffic lifetime” or “surfer session duration” which determine the time until the tab/window with the frame on our page is open. Believe me, we can significantly increase this time, though with a rather crude method.
Let’s look at the code below:
<html>
<body onunload="alert_block()">
<script>
function alert_block() {
while (1) {
alert('Warning! A critical update is in progress! You cannot close the browser at this time.');
}
}
</script>
<iframe src="victim.html" onload="this.src='victim.html'"></iframe>
</body>
</html>As you have already noticed, in addition to the hellish frame, additional scripts have appeared that use the onUnLoad event for the <body> tag. They allow us to display message boxes to the user with information that at the moment they cannot close the browser because it is being updated.
With all this, 80% of users will not be able to do anything with the browser, because native methods of working with it will be reduced to stupidly poking at the “OK” button. It will be easier to open another copy of the browser and at least forget about this one, which is what we need!
So today I told you about the potential opportunity to “take down” the ill-wisher’s site with your own hands and not spend much money. This is where the lab work comes to an end, everything else is being finished with a file at home, and I am waiting for the lab reports in the form of posts.
P.S. Anything evil you are going to do after reading this article remains on your conscience (and don’t forget about your karma :crazy:) I just showed another opportunity to have fun online.
Good luck!