This afternoon a “hacker” decided to text bomb my phone with about 1000 text messages asking me to paypal him $100 to stop.
A couple of things:
- I don’t negotiate with terrorists. (I always wanted to say that.).
- Part of the text bomb gave me information on how it was happening.
After getting a couple of messages I noticed they were all coming from onlinetextmessage.com. After looking at their web page I noticed that you could block messages from their site to your phone.
Once I blocked the attack I was interested in how they did it and started to do a little bit of research.
I am about to give you a link to a script that can do bad things. Please dont do bad things.
With a few well placed Google searches (onlinetextmessage.com sms bomb) I found this pastebin with a two year old perl script in it. I am “researching” here so I had to test out the script myself (against my own phone) and surprisingly it works really well.
After looking at a couple of other online SMS sending website it appears the reason that onlinetextmessage.com is vulnerable to this abuse is because they dont ask for a capatcha before sending the message. This would seem to be a pretty easy addition to their code to stop this from happening. I have sent them a nice email asking this to make these changes. I doubt I ever hear from them.