Dec 5, 2010

Fake Logins

Fake Logins, Spammers & Extractors

Ok the Concept is Fairly Simple.

It's about a web page or pages that look like a Yahoo Sign In page but when people sign into this page its sends the ID and Password to your Email account when they submit it. 

We will call these ID's and Passwords "Fake Login Returns" in the rest of this tutorial.

At first glance this may seem like its not a very efficient way to collect ID's. 

The Idea with the Spammers is to get your Fake Login Links "Spammed" to large quantities of people so that you will have Large numbers of People Signing into your pages and sending your their ID's & Passwords to your Email.

The Beauty behind the  Buddy Spammer Concept is that you load a list of ID's and Password's into the Spammer (name - password on each line, in the Accounts.txt) and it Signs Each ID into Yahoo and Spams their Buddies Lists with your Fake Login Links.

Some ID's might have 65 to 100 Buddies on their list.

People are very prone to trusting Links sent by people on their buddies list as opposed to even accepting a pm at all from a perfect stranger.

After you Receive a bunch of these "Fake Login Returns" to your email, you will need a more automated way to retrieve them. The format that they come in is like this in an email message:
login = someonesid
passwd = somepassword

Thats where you will need either a Yahoo Email Extractor or a Gmail Fakie Parser depending on the Email account type you wish to work with.
 Both of these programs you can find on in the Opcode Programs Section. I recommend using Gmail but you will need someone to send you a GMail invite to sign up with them.
The Extractor and Parser both take the ID's and Passwords (Your "Fake Login Returns") and put them in format that can be used to continue on to spam your next set, such as:

someonesid - somepassword
someonesid - somepassword
someonesid - somepassword

Doing this manually is very time consuming so you will want to automate it using the tools I've described. You take those ID's and Passwords that are extracted/parsed into this (name - password) format and paste them into your Spammers Accounts.txt and load them into the Spammer to spam.

Continuing with the concept. The Idea is to process as many id's as you can in the shortest time thereby increasing your Chances of Running into "Illegal ID's" (Explained Below)

99% of the ID's that come to you, will never be bother with, except to Spam and move to the next set of Returns.

Why Do it at All? 
Most do it to hunt for Illegal ID's. Having an Illegal ID is a bit of a status symbol on yahoo as you can no longer make them it makes them "Rare" or "Unique"

Some Do it to get at their Adversaries by taking their id's if they can fool them into signing in.


What are Illegal ID's? 
ID's that contain characters or formats not allowed by Yahoo when Creating an ID.
Heres Yahoo's current specification:
Id's may consist of a-z, 0-9, underscores, and a single dot (.)
Id's can't start with a Number. Id's can't begin or end with and underscore.
Id's can't have consecutive underscores in them.
Some Examples of Illegal Id's might be:

What Spammer is the Best?

Buddy Spammer Pro is the best it has special packets that reach offlines where others don't. (Requires a 25 dollar donation to the site) You get 1 Illy, 3 Fake Login Pages already made. 350 Yahoo Bots for your Booters. Starter ID's to Spam. Site bux and a Special Donator Status Image by your Site name.

A Free Spammer that that doesn't Reach Offlines is the "You've got Fakie" public and only allows you to load 50 ID's at a time. (Opcode Programs Download Section)

You need a starter list of ID's to work with to load into your Spammer. You can get these from some sites when donating. You can find them free in forums or you can crack some id's to get your started.

You need some Fake Login pages Made to load into your Spammer. They are placed 1 link on each line in your Messages.txt  (See the Tutorial with this on Making Geocities Fake Logins, Scripts are included with this tutorial)

How Many Fake Logins Should I use?

You would be hard pressed to make much good use of a single Fake Login Link. You will most likely want a good 5 to 7 Fake logins. 

Fake Login pages are often De-Activated when spotted by GeoCities and the Page says Not Availible and the Yahoo ID associated with it begins to say wrong password. 

Thats why I recommend using GMail because you don't want to loose the Returns along with the Fake Login Page. 

At the very least even if you choose Yahoo Mail, make the Email address something other then one of the Yahoo Fake Login ID's.

(See the Tutorial with this on Making Geocities Fake Logins, Scripts are included with this tutorial)


Making Fake Logins on Geocities For you Spammer

1. Create the Fake Login ID that will be used to make the Geocities Page.
You can do this by visiting and clicking the Link "Sign up for Yahoo! Chat!"
Fill out all the information that it requests. Pick a catchy name as the Name will be part of your Geocities Spam Link.

2. Sign up For a Free Geocities Web Page & Making the Fake Login Page.
You can do this by visiting and clicking the Link "Sign Up Now".  It will take you to a Login Page. Sign In with the Yahoo ID that you created in Step 1.

 It takes you to a page to fill in some info about where you Heard of Geocites. Check any information you wish then type in the Security Code at the bottom that it asks for. You must Click "Submit" and not press enter for it to accept the code.

Next it tells you that it sent a confirmation Email and shows you your link to your new site. Make a note of this information. It looks simular to the following:

Your Yahoo! ID and Home Page Information   
Your Yahoo! ID is: mmaa31   
Your home page URL shortcut is:  
Build your web site now!
The Link is what you will use in your Messages.txt with your Spammer Program. One link per line.
Next click the Link "Build your web site Now!". 
It takes you to a page To manage your new Site called the Geocities Control Panel with these options:
GeoCities Control Panel 
Home Create & Update Manage Promote Help Index 
Click on the Manage Link.
Then it shows you some File Management tools like this:
File Management Tools 
Blog Manager
Start a basic blog or administer the blog you already created. 
Easy Upload
Copy images and other files to your web site easily with this online tool. 
File Manager
Upload and organize files, work with folders, and create and edit web pages.

Click the "File Manager Choice". 
It opens a new page "Create & Update" that  Looks like this:
Create & Update > File Manager 
Maintain and modify files and subdirectories with this versatile tool. Access the Advanced Editor to edit and create HTML files. 

 Show:  html  gif  jpg  other 
List files which begin with:   
 Manually enter filenames   

Click the "Open File Manager" Link.
On this Next Page:
Look for this Line and Put a Check Mark in the Box beside "index.htm".
New   Edit   Copy   Rename   Delete
 [ ] index.htm View Jun 12 08:27pm Stats 3

New   Edit   Copy   Rename   Delete

Then Click the Edit Button that you See above or Below it.

Editing and Pasting in your Fake Login Script:

This Takes you to a Page that shows the Source Code inside of the "index.htm"

Very Important:
Delete all of the Information in inside the box, Before you paste in the new script.

Once you are completly sure that you have all of the information Cleared out of the index.htm box then we will do a quick minor edit on one of our scripts and paste it into this box.

Leave this page Open we will Return to it.
Open either of the US_Script1.txt or the US_Script2.txt inside of Notepad. Then Click on Edit on the Top Menu and choose Find. In the Find box type in "mail_to" and you should see a line like this:

 NAME="Mail_To" VALUE=""> <INPUT TYPE="hidden" NAME="Mail_Subject" VALUE="Yahoo id">

Change Number 1:
Now Change the to be the Email Address that you want to Receive the Fake Logins Returns. You can use a Yahoo Email or a Gmail or any email you want really. I recommend GMail personally. 

Keep in Mind Email accounts and Fake Login Pages are often Deleted by Yahoo, Geocites and GMail if they catch on to your activity so don't use any important Email Address associated with this.
Change Number 2:

Case: Yahoo Mail
If you use Opcode's  Automated Yahoo Email Extractor you must leave the subject Value as "Yahoo id" for it to extract properly. Make no Change.

Case: GMail
If you use GMail, I recommend that you change the VALUE="Yahoo id" to something else, something that won't turn up on automated searches by them like:
VALUE="Requested Info" for the Mail_Subject.
You can use Opcodes GMail Fakie Parser v1.1 to Parse your Returns. Read the Documentation that it comes with on usage.

Now that you have made those 1 or 2 Simple Changes choose (Edit, Select All) then (Edit and Copy) while everythings highlighted. Now the Script is in your Windows Clipboard ready to be pasted.
Returning back to our Geocites Page Still open:
Click anywhere inside the Large Empty box that you cleared out. Right Click and choose Paste. You should see the box fill up with your Script that you pasted in.

Once this is done just Click the "Save and Continue" button. Then At the Very top of the page next to Welcome, "Yourid" click "Sign out".

Thats it for Creating Fake Logins...

Its Recommended that you now Pop your link into your webrowser and type in some phoney id and password and see that you do in fact receive it sent to your Email Address

Additional notes, if you use Yahoo Mail to receive your Fake Login Returns be sure to enter your newly created mail box and Click on Options and Turn Spam Guard off. Spam Guard will cause the Returns to show up in the Bulk folder.

If you use Gmail starting out some of the Returns May turn up as spam but just select them and tell it that its not spam and move them to your inbox.

To open a GMail you will need someone already using Gmail to send you an Invite to any existing email account that you may have and click the invite link and sign up.