Twitter spamming: Some pointers
Twitter has now become the undeniable darling of marketing enthusiasts, as this medium of communication has augured millions of dedicated users. This has also led to a lot of the bad guys looking at this medium to spread bile.
I am going to provide some links based on which some “twitspam” tool-kits are developed. I am not going to discuss how XSS/malware injection is used to spam users, but will look into developing a twitter bot.
The basic concepts are pretty well established: bots. Used on nearly every software communication channel known, from IRC to what not. A whole list of bots for twitter is available at twitter.pbworks.com. In fact you can even create you own bot at www.botomatic.com.
If you are a pythonista, this might be of interest to you. It logs into your email server to retrieve and analyze tweets and take appropriate action.
from imaplib import *
from email.Parser import Parser
import datetime, time, email, email.Utils
import re
# Connect to email server
server = IMAP4("__EMAIL_SERVER.COM__")
server.login("__EMAIL_ACCOUNT_NAME__", "__EMAIL_PASSWORD__")
r = server.select("INBOX")
# Find only new mail (i.e. new direct messages)
r, data = server.search(None, "(NEW)")
# If there are new direct messages:
if len(data[0]) > 0:
p = Parser()
# Loop through new emails
for num in data[0].split():
# Who email is from (Should be one line, broken for display only)
r, data = server.fetch(num, '(BODY[HEADER.FIELDS
(DATE SUBJECT FROM X-TwitterEmailType X-TwitterSenderScreenName
X-TwitterCreatedAt X-TwitterRecipientScreenName)])')
msg = p.parsestr(data[0][1])
who = msg.__getitem__('From')
matchemail = re.compile(r'[\w\-][\w\-\.]+@[\w\-][\w\-\.]+[a-zA-Z]{1,4}')
email_addy = matchemail.findall(who)[0]
# Twitter username
twitter_un = msg.__getitem__('X-TwitterSenderScreenName')
# If the email is a direct message sent from Twitter
if msg.__getitem__('X-TwitterEmailType') == 'direct_message':
# When direct message sent, convert to epoch seconds
twitter_time = msg.__getitem__('X-TwitterCreatedAt').strip()
time_tuple = email.Utils.parsedate(twitter_time)
epoch_seconds = time.mktime(time_tuple)
# Get body of email sent by Twitter
r, data = server.fetch(num, '(RFC822.TEXT)')
body = data[0][1]
twitter_dm = body.split("\r\n\r\n")[0].strip()
# Do something with the twitter direct message...
# Parse it...
# Store it in a database?...
# Logout of email server
server.logout()
There’s a five minute version in PHP too!
<?php
mysql_connect("localhost", "USERNAME", "PASSWORD") or die('Could not connect to database');
mysql_select_db("DATABASE") or die('Could not select database');
$result = mysql_query ("SELECT * FROM tweets ORDER BY RAND() LIMIT 1");
while($row = mysql_fetch_array($result)){
$tweet = "$row[tweet]";
sendTweet($tweet);
}
function sendTweet($msg){
$username = 'TWITTER-USER-NAME';
$password = 'TWITTER-PASS';
$url = 'http://twitter.com/statuses/update.xml';
$curl_handle = curl_init();
curl_setopt($curl_handle, CURLOPT_URL, "$url");
curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl_handle, CURLOPT_POST, 1);
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, "status=$msg");
curl_setopt($curl_handle, CURLOPT_USERPWD, "$username:$password");
$buffer = curl_exec($curl_handle);
curl_close($curl_handle);
if (empty($buffer)) {
echo 'fail';
} else {
echo 'success';
}
}
?>
