关于投票
作者:英雄无敌 日期:2006-03-23
上周六LP的领导给她一个任务每天给某地十佳青年评选的某美人投三票,因为一个IP一天只能投三票。我给LP用js简单写了个随机生成身份证号并且自动提交的东西,刷三下她就完成任务了,结果LP为了邀功就不停的拨号、断开给投了30票,第二天领导说,不错啊效率真高,这样吧你就一天投100票吧。LP回来说这么多人作弊,一天涨1k多票的,咱们送佛送到西天,也想办法给作弊得了。我就开始琢磨了。
这个投票程序写的也不咋的,IP限制一天投三票,身份证限制一个只能一票,其他没有任何限制,连流行的验证码都没有用。POST或者GET方式都能提交数据。想到了三个办法来作弊。
一、能不能挂个东西在我们的网站上让我们网站的访问者访问时不知不觉就提交了数据,当然只能用客户端的JS代码,不然IP永远是我们服务器的,提交代码已经有了,但是如何解决提交成功或者失败时出现的这个对话框呢,就是JS生成的alert('投票成功'),总不能让人访问我们网站的时候出现这个吧,想了一下没有想出办法来。结果LP的一个朋友给想出了办法,好办法http://asdfasdf/XXX/vote.asp?cid=XXXXXX&vid=XXXXXX">,这样同样的向那边服务器提交了数据,返回的alert还不会被执行,我怎么就没想到呢。
二、原来单位有个刷流量的软件,看看能否用上,琢磨了一下,除非有这个软件的源码,我能修改才行,因为身份证号必须随机产生。哦,这个软件其实就是代理服务器,从代理服务器表里找能用的发送请求。虽然能用的代理不多,但是一天也可以多个上百票。那个朋友刚好手头有代理的源码,改把改把也能用上了。
三、网上不是有投票软件吗。我搜索了一下,能用的都是卖的,卖得还是需要定制的,遇到有IP限制的好像也没有太多的办法。就是需要把拨号程序断开再自动连接。伪造IP的事情好像没有一个人走,伪造IP还是上面的代理,而且IP还必须是代理服务器。其实想想其他都好说,这个投票软件的主要地方就在自动拨号了,还是自己写一个吧,找了相关资料,调用windows的远程访问服务(RAS)的API就能完成,正在研究中发现了有老外写的调用的代码,嘿嘿,好东西,copy上来共享一下吧,稍微改把改把就能用上。
using System;
using System.Runtime.InteropServices;
using System.Text;
namespace Dailup.RAS
{
internal enum RasFieldSizeConstants
{
RAS_MaxDeviceType =16,
RAS_MaxPhoneNumber =128,
RAS_MaxIpAddress =15,
RAS_MaxIpxAddress =21,
#if WINVER4
RAS_MaxEntryName =256,
RAS_MaxDeviceName =128,
RAS_MaxCallbackNumber =RAS_MaxPhoneNumber,
#else
RAS_MaxEntryName =20,
RAS_MaxDeviceName =32,
RAS_MaxCallbackNumber =48,
#endif
RAS_MaxAreaCode =10,
RAS_MaxPadType =32,
RAS_MaxX25Address =200,
RAS_MaxFacilities =200,
RAS_MaxUserData =200,
RAS_MaxReplyMessage =1024,
RAS_MaxDnsSuffix =256,
UNLEN =256,
PWLEN =256,
DNLEN =15
}
[StructLayout(LayoutKind.Sequential,CharSet=CharSet.Auto)]
public struct GUID
{
public uint Data1;
public ushort Data2;
public ushort Data3;
[MarshalAs(UnmanagedType.ByValArray,SizeConst=8)]
public byte[] Data4;
}
[StructLayout(LayoutKind.Sequential,CharSet=CharSet.Auto)]
internal struct RASCONN
{
public int dwSize;
public IntPtr hrasconn;
[MarshalAs(UnmanagedType.ByValTStr,SizeConst=(int)RasFieldSizeConstants.RAS_MaxEntryName+1)]
public string szEntryName;
[MarshalAs(UnmanagedType.ByValTStr,SizeConst=(int)RasFieldSizeConstants.RAS_MaxDeviceType+1)]
public string szDeviceType;
[MarshalAs(UnmanagedType.ByValTStr,SizeConst=(int)RasFieldSizeConstants.RAS_MaxDeviceName+1)]
public string szDeviceName;
[MarshalAs(UnmanagedType.ByValTStr,SizeConst=260)]//MAX_PAPTH=260
public string szPhonebook;
public int dwSubEntry;
public GUID guidEntry;
#if (WINVER501)
int dwFlags;
public LUID luid;
#endif
}
[StructLayout(LayoutKind.Sequential,CharSet=CharSet.Auto)]
internal struct LUID
{
int LowPart;
int HighPart;
}
[StructLayout(LayoutKind.Sequential,CharSet=CharSet.Auto)]
public struct RasEntryName
{
public int dwSize;
[MarshalAs(UnmanagedType.ByValTStr,SizeConst=(int)RasFieldSizeConstants.RAS_MaxEntryName + 1)]
public string szEntryName;
#if WINVER5
public int dwFlags;
[MarshalAs(UnmanagedType.ByValTStr,SizeConst=260+1)]
public string szPhonebookPath;
#endif
}
[StructLayout(LayoutKind.Sequential,CharSet=CharSet.Auto)]
public class RasStats
{
public int dwSize=Marshal.SizeOf(typeof(RasStats));
public int dwBytesXmited;
public int dwBytesRcved;
public int dwFramesXmited;
public int dwFramesRcved;
public int dwCrcErr;
public int dwTimeoutErr;
public int dwAlignmentErr;
public int dwHardwareOverrunErr;
public int dwFramingErr;
public int dwBufferOverrunErr;
public int dwCompressionRatioIn;
public int dwCompressionRatioOut;
public int dwBps;
public int dwConnectDuration;
}
public class RAS
{
[DllImport("Rasapi32.dll", EntryPoint="RasEnumConnectionsA",
SetLastError=true)]
internal static extern int RasEnumConnections
(
ref RASCONN lprasconn, // buffer to receive connections data
ref int lpcb, // size in bytes of buffer
ref int lpcConnections // number of connections written to buffer
);
[DllImport("rasapi32.dll",CharSet=CharSet.Auto)]
internal static extern uint RasGetConnectionStatistics(
IntPtr hRasConn, // handle to the connection
[In,Out]RasStats lpStatistics // buffer to receive statistics
);
[DllImport("rasapi32.dll",CharSet=CharSet.Auto)]
public extern static uint RasHangUp(
IntPtr hrasconn // handle to the RAS connection to hang up
);
[DllImport("rasapi32.dll",CharSet=CharSet.Auto)]
public extern static uint RasEnumEntries (
string reserved, // reserved, must be NULL
string lpszPhonebook, // pointer to full path and
// file name of phone-book file
[In,Out]RasEntryName[] lprasentryname, // buffer to receive
// phone-book entries
ref int lpcb, // size in bytes of buffer
out int lpcEntries // number of entries written
// to buffer
);
[DllImport("wininet.dll",CharSet=CharSet.Auto)]
public extern static int InternetDial(
IntPtr hwnd,
[In]string lpszConnectoid,
uint dwFlags,
ref int lpdwConnection,
uint dwReserved
);
public RAS()
{
}
}
public class RASDisplay
{
private string m_duration;
private string m_ConnectionName;
private string[] m_ConnectionNames;
private double m_TX;
private double m_RX;
private bool m_connected;
private IntPtr m_ConnectedRasHandle;
public RASDisplay()
{
m_connected = true;
RAS lpras = new RAS();
RASCONN lprasConn = new RASCONN();
lprasConn.dwSize = Marshal.SizeOf(typeof(RASCONN));
lprasConn.hrasconn = IntPtr.Zero;
int lpcb = 0;
int lpcConnections = 0;
int nRet = 0;
lpcb = Marshal.SizeOf(typeof(RASCONN));
nRet = RAS.RasEnumConnections(ref lprasConn, ref lpcb, ref
lpcConnections);
if(nRet != 0)
{
m_connected = false;
return;
}
if(lpcConnections > 0)
{
//for (int i = 0; i < lpcConnections; i++)
//{
RasStats stats = new RasStats();
m_ConnectedRasHandle = lprasConn.hrasconn;
RAS.RasGetConnectionStatistics(lprasConn.hrasconn, stats);
m_ConnectionName = lprasConn.szEntryName;
int Hours = 0;
int Minutes = 0;
int Seconds = 0;
Hours = ((stats.dwConnectDuration /1000) /3600);
Minutes = ((stats.dwConnectDuration /1000) /60) - (Hours * 60);
Seconds = ((stats.dwConnectDuration /1000)) - (Minutes * 60) - (Hours * 3600);
m_duration = Hours + " hours " + Minutes + " minutes " + Seconds + " secs";
m_TX = stats.dwBytesXmited;
m_RX = stats.dwBytesRcved;
//}
}
else
{
m_connected = false;
}
int lpNames = 1;
int entryNameSize = 0;
int lpSize = 0;
RasEntryName[] names = null;
entryNameSize=Marshal.SizeOf(typeof(RasEntryName));
lpSize=lpNames*entryNameSize;
names=new RasEntryName[lpNames];
names[0].dwSize=entryNameSize;
uint retval = RAS.RasEnumEntries(null,null,names,ref lpSize,out lpNames);
//if we have more than one connection, we need to do it again
if(lpNames > 1)
{
names=new RasEntryName[lpNames];
for(int i=0;i {
names[i].dwSize=entryNameSize;
}
retval = RAS.RasEnumEntries(null,null,names,ref lpSize,out lpNames);
}
m_ConnectionNames = new string[names.Length];
if(lpNames>0)
{
for(int i=0;i {
m_ConnectionNames[i] = names[i].szEntryName;
}
}
}
public string Duration
{
get
{
return m_connected ? m_duration : "";
}
}
public string[] Connections
{
get
{
return m_ConnectionNames;
}
}
public double BytesTransmitted
{
get
{
return m_connected ? m_TX : 0;
}
}
public double BytesReceived
{
get
{
return m_connected ? m_RX : 0;
}
}
public string ConnectionName
{
get
{
return m_connected ? m_ConnectionName : "";
}
}
public bool IsConnected
{
get
{
return m_connected;
}
}
public int Connect(string Connection)
{
int temp = 0;
uint INTERNET_AUTO_DIAL_UNATTENDED = 2;
int retVal = RAS.InternetDial(IntPtr.Zero,Connection,INTERNET_AUTO_DIAL_UNATTENDED,ref temp,0);
return retVal;
}
public void Disconnect()
{
RAS.RasHangUp(m_ConnectedRasHandle);
}
}
}
在disconnect和connect中线程挂起5秒,因为发现如果太快了IP不变。
在投票的循环中,每次投完票,也把线程挂起5秒,如果不这样,那边网站反应不过来,出现网站正在维护中的错误。算上可能遇上的身份证号重复和IP重复,一个小时估计能投100多票。一个晚上能刷出1k的票来。
送佛送到西天了。
这个投票程序写的也不咋的,IP限制一天投三票,身份证限制一个只能一票,其他没有任何限制,连流行的验证码都没有用。POST或者GET方式都能提交数据。想到了三个办法来作弊。
一、能不能挂个东西在我们的网站上让我们网站的访问者访问时不知不觉就提交了数据,当然只能用客户端的JS代码,不然IP永远是我们服务器的,提交代码已经有了,但是如何解决提交成功或者失败时出现的这个对话框呢,就是JS生成的alert('投票成功'),总不能让人访问我们网站的时候出现这个吧,想了一下没有想出办法来。结果LP的一个朋友给想出了办法,好办法http://asdfasdf/XXX/vote.asp?cid=XXXXXX&vid=XXXXXX">,这样同样的向那边服务器提交了数据,返回的alert还不会被执行,我怎么就没想到呢。
二、原来单位有个刷流量的软件,看看能否用上,琢磨了一下,除非有这个软件的源码,我能修改才行,因为身份证号必须随机产生。哦,这个软件其实就是代理服务器,从代理服务器表里找能用的发送请求。虽然能用的代理不多,但是一天也可以多个上百票。那个朋友刚好手头有代理的源码,改把改把也能用上了。
三、网上不是有投票软件吗。我搜索了一下,能用的都是卖的,卖得还是需要定制的,遇到有IP限制的好像也没有太多的办法。就是需要把拨号程序断开再自动连接。伪造IP的事情好像没有一个人走,伪造IP还是上面的代理,而且IP还必须是代理服务器。其实想想其他都好说,这个投票软件的主要地方就在自动拨号了,还是自己写一个吧,找了相关资料,调用windows的远程访问服务(RAS)的API就能完成,正在研究中发现了有老外写的调用的代码,嘿嘿,好东西,copy上来共享一下吧,稍微改把改把就能用上。
using System;
using System.Runtime.InteropServices;
using System.Text;
namespace Dailup.RAS
{
internal enum RasFieldSizeConstants
{
RAS_MaxDeviceType =16,
RAS_MaxPhoneNumber =128,
RAS_MaxIpAddress =15,
RAS_MaxIpxAddress =21,
#if WINVER4
RAS_MaxEntryName =256,
RAS_MaxDeviceName =128,
RAS_MaxCallbackNumber =RAS_MaxPhoneNumber,
#else
RAS_MaxEntryName =20,
RAS_MaxDeviceName =32,
RAS_MaxCallbackNumber =48,
#endif
RAS_MaxAreaCode =10,
RAS_MaxPadType =32,
RAS_MaxX25Address =200,
RAS_MaxFacilities =200,
RAS_MaxUserData =200,
RAS_MaxReplyMessage =1024,
RAS_MaxDnsSuffix =256,
UNLEN =256,
PWLEN =256,
DNLEN =15
}
[StructLayout(LayoutKind.Sequential,CharSet=CharSet.Auto)]
public struct GUID
{
public uint Data1;
public ushort Data2;
public ushort Data3;
[MarshalAs(UnmanagedType.ByValArray,SizeConst=8)]
public byte[] Data4;
}
[StructLayout(LayoutKind.Sequential,CharSet=CharSet.Auto)]
internal struct RASCONN
{
public int dwSize;
public IntPtr hrasconn;
[MarshalAs(UnmanagedType.ByValTStr,SizeConst=(int)RasFieldSizeConstants.RAS_MaxEntryName+1)]
public string szEntryName;
[MarshalAs(UnmanagedType.ByValTStr,SizeConst=(int)RasFieldSizeConstants.RAS_MaxDeviceType+1)]
public string szDeviceType;
[MarshalAs(UnmanagedType.ByValTStr,SizeConst=(int)RasFieldSizeConstants.RAS_MaxDeviceName+1)]
public string szDeviceName;
[MarshalAs(UnmanagedType.ByValTStr,SizeConst=260)]//MAX_PAPTH=260
public string szPhonebook;
public int dwSubEntry;
public GUID guidEntry;
#if (WINVER501)
int dwFlags;
public LUID luid;
#endif
}
[StructLayout(LayoutKind.Sequential,CharSet=CharSet.Auto)]
internal struct LUID
{
int LowPart;
int HighPart;
}
[StructLayout(LayoutKind.Sequential,CharSet=CharSet.Auto)]
public struct RasEntryName
{
public int dwSize;
[MarshalAs(UnmanagedType.ByValTStr,SizeConst=(int)RasFieldSizeConstants.RAS_MaxEntryName + 1)]
public string szEntryName;
#if WINVER5
public int dwFlags;
[MarshalAs(UnmanagedType.ByValTStr,SizeConst=260+1)]
public string szPhonebookPath;
#endif
}
[StructLayout(LayoutKind.Sequential,CharSet=CharSet.Auto)]
public class RasStats
{
public int dwSize=Marshal.SizeOf(typeof(RasStats));
public int dwBytesXmited;
public int dwBytesRcved;
public int dwFramesXmited;
public int dwFramesRcved;
public int dwCrcErr;
public int dwTimeoutErr;
public int dwAlignmentErr;
public int dwHardwareOverrunErr;
public int dwFramingErr;
public int dwBufferOverrunErr;
public int dwCompressionRatioIn;
public int dwCompressionRatioOut;
public int dwBps;
public int dwConnectDuration;
}
public class RAS
{
[DllImport("Rasapi32.dll", EntryPoint="RasEnumConnectionsA",
SetLastError=true)]
internal static extern int RasEnumConnections
(
ref RASCONN lprasconn, // buffer to receive connections data
ref int lpcb, // size in bytes of buffer
ref int lpcConnections // number of connections written to buffer
);
[DllImport("rasapi32.dll",CharSet=CharSet.Auto)]
internal static extern uint RasGetConnectionStatistics(
IntPtr hRasConn, // handle to the connection
[In,Out]RasStats lpStatistics // buffer to receive statistics
);
[DllImport("rasapi32.dll",CharSet=CharSet.Auto)]
public extern static uint RasHangUp(
IntPtr hrasconn // handle to the RAS connection to hang up
);
[DllImport("rasapi32.dll",CharSet=CharSet.Auto)]
public extern static uint RasEnumEntries (
string reserved, // reserved, must be NULL
string lpszPhonebook, // pointer to full path and
// file name of phone-book file
[In,Out]RasEntryName[] lprasentryname, // buffer to receive
// phone-book entries
ref int lpcb, // size in bytes of buffer
out int lpcEntries // number of entries written
// to buffer
);
[DllImport("wininet.dll",CharSet=CharSet.Auto)]
public extern static int InternetDial(
IntPtr hwnd,
[In]string lpszConnectoid,
uint dwFlags,
ref int lpdwConnection,
uint dwReserved
);
public RAS()
{
}
}
public class RASDisplay
{
private string m_duration;
private string m_ConnectionName;
private string[] m_ConnectionNames;
private double m_TX;
private double m_RX;
private bool m_connected;
private IntPtr m_ConnectedRasHandle;
public RASDisplay()
{
m_connected = true;
RAS lpras = new RAS();
RASCONN lprasConn = new RASCONN();
lprasConn.dwSize = Marshal.SizeOf(typeof(RASCONN));
lprasConn.hrasconn = IntPtr.Zero;
int lpcb = 0;
int lpcConnections = 0;
int nRet = 0;
lpcb = Marshal.SizeOf(typeof(RASCONN));
nRet = RAS.RasEnumConnections(ref lprasConn, ref lpcb, ref
lpcConnections);
if(nRet != 0)
{
m_connected = false;
return;
}
if(lpcConnections > 0)
{
//for (int i = 0; i < lpcConnections; i++)
//{
RasStats stats = new RasStats();
m_ConnectedRasHandle = lprasConn.hrasconn;
RAS.RasGetConnectionStatistics(lprasConn.hrasconn, stats);
m_ConnectionName = lprasConn.szEntryName;
int Hours = 0;
int Minutes = 0;
int Seconds = 0;
Hours = ((stats.dwConnectDuration /1000) /3600);
Minutes = ((stats.dwConnectDuration /1000) /60) - (Hours * 60);
Seconds = ((stats.dwConnectDuration /1000)) - (Minutes * 60) - (Hours * 3600);
m_duration = Hours + " hours " + Minutes + " minutes " + Seconds + " secs";
m_TX = stats.dwBytesXmited;
m_RX = stats.dwBytesRcved;
//}
}
else
{
m_connected = false;
}
int lpNames = 1;
int entryNameSize = 0;
int lpSize = 0;
RasEntryName[] names = null;
entryNameSize=Marshal.SizeOf(typeof(RasEntryName));
lpSize=lpNames*entryNameSize;
names=new RasEntryName[lpNames];
names[0].dwSize=entryNameSize;
uint retval = RAS.RasEnumEntries(null,null,names,ref lpSize,out lpNames);
//if we have more than one connection, we need to do it again
if(lpNames > 1)
{
names=new RasEntryName[lpNames];
for(int i=0;i
names[i].dwSize=entryNameSize;
}
retval = RAS.RasEnumEntries(null,null,names,ref lpSize,out lpNames);
}
m_ConnectionNames = new string[names.Length];
if(lpNames>0)
{
for(int i=0;i
m_ConnectionNames[i] = names[i].szEntryName;
}
}
}
public string Duration
{
get
{
return m_connected ? m_duration : "";
}
}
public string[] Connections
{
get
{
return m_ConnectionNames;
}
}
public double BytesTransmitted
{
get
{
return m_connected ? m_TX : 0;
}
}
public double BytesReceived
{
get
{
return m_connected ? m_RX : 0;
}
}
public string ConnectionName
{
get
{
return m_connected ? m_ConnectionName : "";
}
}
public bool IsConnected
{
get
{
return m_connected;
}
}
public int Connect(string Connection)
{
int temp = 0;
uint INTERNET_AUTO_DIAL_UNATTENDED = 2;
int retVal = RAS.InternetDial(IntPtr.Zero,Connection,INTERNET_AUTO_DIAL_UNATTENDED,ref temp,0);
return retVal;
}
public void Disconnect()
{
RAS.RasHangUp(m_ConnectedRasHandle);
}
}
}
在disconnect和connect中线程挂起5秒,因为发现如果太快了IP不变。
在投票的循环中,每次投完票,也把线程挂起5秒,如果不这样,那边网站反应不过来,出现网站正在维护中的错误。算上可能遇上的身份证号重复和IP重复,一个小时估计能投100多票。一个晚上能刷出1k的票来。
送佛送到西天了。
评论: 0 | 引用: 0 | 查看次数: 4886
发表评论