Tue, 24 Aug 2010
Spammers and their inventiveness
This fragment of code was extracted from a direct-to-MX PHP spam cannon installed on a customer server. Yes, it contains a real DNS stub resolver written in PHP (which abuses the promiscuous cache of a local large ISP).
function dns_get_list($dns,$domains,$type=1)
{
$sockets=array();
foreach ($domains as $d=>$domain)
{
$dns_packet = chr(0).chr($d).
chr(1).chr(0).
chr(0).chr(1).
chr(0).chr(0).
chr(0).chr(0).
chr(0).chr(0);
$dns_packet_len=12;
list($qname_len,$qname)=make_QNAME($domain);
$dns_packet .= $qname.
chr(0).chr($type).
chr(0).chr(1);
$dns_packet_len+=$qname_len+4;
$sockets[$d]=fsockopen("udp://$dns", 53);
fwrite($sockets[$d],$dns_packet,$dns_packet_len);
}
foreach ($domains as $d=>$domain) socket_set_timeout($sockets[$d],3);
$result=array();
foreach ($domains as $d=>$domain)
{
[...]