Automatic destruction of phishing sites

The Americans are getting worse with their phishing ‘resolutions’; a lot of provider down your server and others implement draconian measures like giving you less than 1 hour to remove the site before they shutdown your equipment. Because we are a small company, we cannot sit behind email 24/7. So we had to be smart instead of hiring more people.

How does it work? Make an ‘abuse’ gmail account, have your mailsystem forward all abuse mails to it. Then run the below program in CRON */5. It’ll basically remove all scamming sites from existence after a complaint.

Ofcourse you need to tweak it for your purpose/host.


#!/usr/bin/php

$mbox = imap_open ("{pop.gmail.com:995/pop3/ssl/novalidate-cert}INBOX",
"xxyyzzaabbccdd@gmail.com", "yourpass");

$msgs=imap_headers($mbox);
foreach ($msgs as $index=>$header) {
$content = imap_body($mbox, $index+1);
$header = imap_fetchheader($mbox, $index+1);
$msg = $content;
$content = $header.$content;

$res = array();

preg_match("/Subject: (.*)/", $content, $res);
$res = $res[1];
if (strpos($res, "Abuse")!==false) {
$res1=array();
preg_match_all("/(.*.yourdomain.com)/", $content, $res1);

foreach($res1 as $r) {
foreach($r as $r1) {
$i = strpos($r1, ".yourdomain.com")-1;
$user= "";
for(;$i>0;$i--) {
if (in_array($r1[$i], array(' ', '/', 'n', 'r'))) break;
$user=$r1[$i].$user;
}
kill_user($user);

mail("abuse@yourhoster.com", "Re: $res",
"Dear,nThis account has been removed.nnThank you,nA Friendnnn$msg",
"From: afriend@yourdomain.comn");
}
}

}

}
imap_expunge($mbox);
imap_close($mbox);
?>

Be the first to leave a comment. Don’t be shy.

Join the Discussion

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>