• Twitter spamming: Some pointers

    Twitter has now become the undeniable darling of marketing enthusiasts, as this medium of communication has augured millions of dedicated users. This has also led to a lot of the bad guys looking at this medium to spread bile.

    I am going to provide some links based on which some “twitspam” tool-kits are developed. I am not going to discuss how XSS/malware injection is used to spam users, but will look into developing a twitter bot.

    The basic concepts are pretty well established: bots. Used on nearly every software communication channel known, from IRC to what not. A whole list of bots for twitter is available at twitter.pbworks.com. In fact you can even create you own bot at www.botomatic.com.

    If you are a pythonista, this might be of interest to you. It logs into your email server to retrieve and analyze tweets and take appropriate action.

    from imaplib import *
    from email.Parser import Parser
    import datetime, time, email, email.Utils
    import re
    # Connect to email server
    server = IMAP4("__EMAIL_SERVER.COM__")
    server.login("__EMAIL_ACCOUNT_NAME__", "__EMAIL_PASSWORD__")
    r = server.select("INBOX")
    # Find only new mail (i.e. new direct messages)
    r, data = server.search(None, "(NEW)")
    # If there are new direct messages:
    if len(data[0]) > 0:
    	p = Parser()
    	# Loop through new emails
    	for num in data[0].split():
    		# Who email is from (Should be one line, broken for display only)
    		r, data = server.fetch(num, '(BODY[HEADER.FIELDS
    			(DATE SUBJECT FROM X-TwitterEmailType X-TwitterSenderScreenName
    			X-TwitterCreatedAt X-TwitterRecipientScreenName)])')
    		msg = p.parsestr(data[0][1])
    		who = msg.__getitem__('From')
    		matchemail = re.compile(r'[\w\-][\w\-\.]+@[\w\-][\w\-\.]+[a-zA-Z]{1,4}')
    		email_addy = matchemail.findall(who)[0]
    		# Twitter username
    		twitter_un = msg.__getitem__('X-TwitterSenderScreenName')
    		# If the email is a direct message sent from Twitter
    		if msg.__getitem__('X-TwitterEmailType') == 'direct_message':
    		# When direct message sent, convert to epoch seconds
    			twitter_time = msg.__getitem__('X-TwitterCreatedAt').strip()
    			time_tuple = email.Utils.parsedate(twitter_time)
    			epoch_seconds = time.mktime(time_tuple)
    			# Get body of email sent by Twitter
    			r, data = server.fetch(num, '(RFC822.TEXT)')
    			body = data[0][1]
    			twitter_dm = body.split("\r\n\r\n")[0].strip()
    			# Do something with the twitter direct message...
    			# Parse it...
    			# Store it in a database?...
    # Logout of email server

    There’s a five minute version in PHP too!

        mysql_connect("localhost", "USERNAME", "PASSWORD") or die('Could not connect to database');
        mysql_select_db("DATABASE") or die('Could not select database');
        $result = mysql_query ("SELECT * FROM tweets ORDER BY RAND() LIMIT 1");
        while($row = mysql_fetch_array($result)){
            $tweet = "$row[tweet]";
        function sendTweet($msg){
            $username = 'TWITTER-USER-NAME';
            $password = 'TWITTER-PASS';
            $url = 'http://twitter.com/statuses/update.xml';
            $curl_handle = curl_init();
            curl_setopt($curl_handle, CURLOPT_URL, "$url");
            curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 2);
            curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($curl_handle, CURLOPT_POST, 1);
            curl_setopt($curl_handle, CURLOPT_POSTFIELDS, "status=$msg");
            curl_setopt($curl_handle, CURLOPT_USERPWD, "$username:$password");
            $buffer = curl_exec($curl_handle);
            if (empty($buffer)) {
                echo 'fail';
            } else {
                echo 'success';