Wednesday, February 14, 2007

Exposing a Script Kiddie

I'm not a huge myspace fan. I had a profile for awhile, but recently bailed on the whole thing. A few days ago I was checking out the myspace page for Radio Discon and I noticed that a comment had just been made from a friend of the station that obviously was not real.



"Oh, my fault I must have gave you the wrong link then. The people I use to
make make money should be just go here (click here).
Well I hope it works for you this time, remember that
if the site is not up they are not excepting anyone else. I told you I'm making
about $900 a week and it's consistent. Just make sure that you take taxes into
consideration, it's a little different than that job your always complaining
about.LOL anyways that is funny about Laura, what else did
she say about it? I'm not even going to worry about it ya know? Oh well,
call me later or I'll catch you on here, see ya. "




My curiosity set in and I decided to do a little research on the nature of this beast. The click here link directed you to game-blast.net/paidetc.php. Before clicking on the link I headed over to the root of the domain. game-blast.net/. It was an Apache server directory listing;









By navigating to the admin folder, game-blast/admin you end up at at jumbled up web page that will happily generate errors for you when clicking on some of the different links. At this point I went ahead and clicked on one of the PHP pages. game-blast.net/scout2.php. The page redirects you to some online money making scam. Not bad, considering it does not appear to be infecting you with malware or anything of the sort. I checked out a couple of the other pages from directory listing, including the original link that came in the myspace comment. What really got this scavenger hunt going was when I noticed the affiliate account being passed in plain text in the address bar of the scout2.php redirect.




Now I had someone to look for, Ksruckman. I started off with a simple Google search. Within 20 minutes I felt like I knew ksruckman, or Ralph Ruckman as he's known to Uncle Sam. After seeing that his PHP scripts were nothing but redirects to cheesy money making sites, I began the profile of ksruckman as a low end Internet scammer, or to be nice, marketeer. Most of my initial information came from forum posts. For example, on one site in the fall of 2006 he had some serious issues with premissions on his wordress blog. Someone kindly explained to him the CHMOD command and he was back on track. This lead me to believe that he likely knows very little about the back ends of websites, html, and/ or FTP. At this point I had pretty much pinned him as a script kiddie. As I read through various forum posts and searched popular photo sharing sites my profile became more in depth. On one set of forums he boasted on recent earnings of a Craiglist scam and then about his earning mantra of three dollars per site within the first five days. It really makes me wonder how different the Internet would be with out all the junk sites. Who's to judge though I guess? Moving along, just a few pages in to the Google search I stumbled across another huge piece of the puzzle, Ralph's eBay profile. For the most part he was purchasing Xbox live cards and the like. One auction in particular brought the search full circle:






Yes that's right, he bought the script off EBay. For less than $20 none the less. I'd imagine that he probably made a pretty good little stash of cash off the exploit. At this point, I'm feeling pretty satisfied, although I do still have a few questions about the specific exploit.







!EDIT!
I decided enough was enough, your name has been removed. Google should be clear of it soon.
Sorry Bro It Had to Be Done.

8 comments:

paperghost said...

Nice work ;)

Anonymous said...

Hi Ruck Here,

First I would like to address that I am not a scammer. That is not a script that was running on my server. It was a very basic PHP redirect file, and nothing more.

Second, The myspace exploit file was purchased because I had been phished on myspace 4 times. When I read the auction I thought I was purchasing a report on how to stop it, and not how to make it possible. The report does not even exist on my drive.

Third, Everyone on myspace has multiple profiles, including myself. Yes those were comments sent from me, from people who accepted my friend reuqests or I accepted theirs. Therefore there is an option to disable comments for people who do not want them.

Fourth, As I have explained myself here, I would appreciate you taking down the post or talk to me personally. There are no scripts running on my domains or anything like that. If you refuse to talk to me that is fine. I will contact my lawyer and get the paperwork ready for us on basis of you exposing one of my email addresses publicly (invasion of privacy), I have since received many spam and spoof emails in my inbox that I have documented at this very instant.

I am also going to have to contact my lawyer with a possible 2nd lawsuit on the basis of public slander. I have all the proof that I do not have scripts running on my server, furthermore of more proof on people electing to receive comments from their friends, more proof that those companies are members of prestigous affiliate networks, and more proof that you have publicly exposed my home address which cause many problems.

Ball is in your court. I will give you ample time to respond to me at ruckmanfromkansas@yahoo.com, if I do not here from you in 2 days, I am notifying blogger and Google of this blog, the lawsuits I am setting into motion, and the paperwork will be on its way.

Awaiting your response, Ralph Ruckman.

projektd said...

Ruck,

So its been 9 days since your response, and I'm guessing narcing me out to google/blogger did not work? Also, I just checked the mail and no sign of any paperwork? With that being said, I will share a few things with you.


"First I would like to address that I am not a scammer. That is not a script that was running on my server. It was a very basic PHP redirect file, and nothing more."

My opinions on the nature of your business are just that, my opinions. I really don't care, or have time to argue about what constitutes a scammer. I merely gave my opinion, and I completely respect the fact that you disagree.


"Second, The myspace exploit file was purchased because I had been phished on myspace 4 times. When I read the auction I thought I was purchasing a report on how to stop it, and not how to make it possible. The report does not even exist on my drive."


Ok, I could recommend a few sites that could help you out with your security settings if your profile had truly been Phished 4 times, but I recognize this detail as a necessary crutch of your alibi. As far as the exploit (NOT report) existing on your hard drive; I don't even know what to say about that. Whatever.


"Third, Everyone on myspace has multiple profiles, including myself. Yes those were comments sent from me, from people who accepted my friend reuqests or I accepted theirs. Therefore there is an option to disable comments for people who do not want them."

Ok, I get it, your trying to cover your tracks, but come on do you think that anyone reading this believes your story? Honestly? The comment that I originally posted was made from someones profile that YOU phished, not from your profile. With that clarification your shady alibi doesn't hold much ground.

"Fourth, As I have explained myself here, I would appreciate you taking down the post or talk to me personally."

Its a shame you did not leave it at that. With a simple request to take down the information I would have. I'm honestly surprised that you even found this blog at all. Although at some point I did plan on sending you an email with a link.

"There are no scripts running on my domains or anything like that. If you refuse to talk to me that is fine. I will contact my lawyer and get the paperwork ready for us on basis of you exposing one of my email addresses publicly (invasion of privacy)"

Hows that paperwork coming? I'm waiting, and for the record, I got your email address from a public website in the first place.

"I have since received many spam and spoof emails in my inbox that I have documented at this very instant."

This made me laugh out loud. In fact it pretty much made my day. Let me get this straight: You phish someones myspace profile, use it to generate affiliate revenue and then after being exposed get upset about getting spam! Thats just funny. On a side note, if you could prove that spam you have received recently came directly from your email being posted here, I'd like to see it. In fact you could probably quit scamming altogether, write that program and sell if for some good loot. Since its kind of my idea, I'd like to get at least a small cut of the revenue though.

"I am also going to have to contact my lawyer with a possible 2nd lawsuit on the basis of public slander."

Still waiting...

"I have all the proof that I do not have scripts running on my server, furthermore of more proof on people electing to receive comments from their friends, more proof that those companies are members of prestigous affiliate networks, and more proof that you have publicly exposed my home address which cause many problems."

Blah Blah Blah, now you are just boring me. The only point of any relevance here is that of the home address and I will get to that in a second when I skillfully send the ball back into your court.

"Ball is in your court. I will give you ample time to respond to me at ruckmanfromkansas@yahoo.com, if I do not here from you in 2 days, I am notifying blogger and Google of this blog, the lawsuits I am setting into motion, and the paperwork will be on its way."

Shouldn't that have been "ruckmanfromkansas at yahoo d0t c0m" or something? Thats your bad not mine. As I said before, had you just asked me nicely and not made threats I would have gladly pulled down the requested info. Unfortunately that was not the case so it gets a little more complicated. You were hoping that you could scare me into taking down the information and I must say I'm not a big fan of that technique. Kind of like how certain political parties use fear as means for compliance and control, but thats a whole different tip and now I'm getting side tracked.

So here it is, I will remove the most sensitive of the personal information including but not limited to address, (email, and snail,) and family info if you will complete either of the following tasks.

A)Write a heart felt letter of apology for phishing that kids myspace account. In case your exploit ran wild and you don't know who or how many accounts were phished, make the apology out to "flavor flav".

B)I'd like to know just how much you made in cash specifically after you turned your exploit loose. This cannot just be a number, I would like a detailed screen shot (PLEASE black out personal information!!) of your earnings back end for ALL affiliate sites connected to your script (don't hold back, I found quite a bit more information about you that I did not reveal)



Ok, so now Ruck the ball is in your court. You will receive extra points if you can complete both tasks A and B!

Dr. Jones said...

Hey Ralph,

I got to tell you that I have ZERO sympathy for you, and especially for your spam email problems! I bet you thought you had written a logical and comprehensive response to what must have been a shocking discovery seeing yourself exposed like this – but really you are just making things worse for yourself. You must have thought you did a good job because otherwise you wouldn’t have posted it, but your response is really lacking, and towards the end you tried to act all manly and threatening but it didn’t work.

A really important thing you need to know is that honesty and integrity go a long way in the world, but it seems you lack both. It is amazing that with all the opportunity in the world you result to scamming people. That is a real shame, and you should do better just so that you can sleep at peace at night. Do it for yourself Ralph, and do it for your kids. Do you want your kids to say “my daddy is a scammer”? Come on man, change your ways, get a real job and use any technical skills you might have towards something good.

To be blunt with you Ralph, your response isn’t just lacking but it doesn’t hold water, and your threats are puny and pathetic – Do you really know who we are? I didn’t think so. I got to say you are pretty bold for a guy who just got exposed as a scammer – and to come back with a lame and threatening response is not only un-cool, it’s stupid! After all, we know everything about you, but you know nothing about us. Think Ralph, think – you’re not in a position to try to argue that you are a hard working honest guy because we see how you make a buck, and if I am wrong, prove it!

Sending the ball your way,

Dr. Jones

Anonymous said...

Hello Projektd,

It is true I have notified blogger about this post in question. The only response I got back was an automated one that said they would investigate the issue. So I imagine, nothing will get done.

As far as getting a lawyer. I cannot really do that, since I cannot trace any of your information on the Net.

And to answer you questions.

A. I did not phish. I had multiple accounts just like most marketers there. So many you probably cannot imagine.

and

B. That is something you will never see.

So yea I'm asking you nicely to take down the post. I imagine you won't though, so that's fine. Nothing I can do really if you hide behind a screenname. So I guess have fun in my business. Good Day. Ruck

Jason said...

Hilarious

projektd said...

"Hello,

We'd like to inform you that we've received a complaint that your blog
bias9.blogspot.com contains confidential information. Please note that our
Terms of Service prohibit posting confidential items on your blog.
Accordingly, we have had to remove the content in question.

Please refer to our Terms of Service for more details:
http://beta.blogger.com/terms.g

Thank you for your understanding.

Sincerely,
The Blogger Team"


Well I guess at this point they win. The funny part is, if you check the google cache (right now anyway) you can see that I had changed the address and it was not even his real address anyways! When I saw that they (blogger) took down his fake address, I put the real one back up. That rode for a few days and it looks like they took it down again. This may warrant some further exploration but who knows.

projektd said...

http://www.convert2media.com/blog/2008/12/03/life-aint-over-when-you-hit-the-bottom/

interesting...