Text Bombed

image

This afternoon a “hacker” decided to text bomb my phone with about 1000 text messages asking me to paypal him $100 to stop.

A couple of things:

  1. I don’t negotiate with terrorists. (I always wanted to say that.). 
  2. Part of the text bomb gave me information on how it was happening.

After getting a couple of messages I noticed they were all coming from onlinetextmessage.com.  After looking at their web page I noticed that you could block messages from their site to your phone.

Once I blocked the attack I was interested in how they did it and started to do a little bit of research. 

I am about to give you a link to a script that can do bad things. Please dont do bad things.

With a few well placed Google searches (onlinetextmessage.com sms bomb) I found this pastebin with a two year old perl script in it. I am “researching” here so I had to test out the script myself (against my own phone) and surprisingly it works really well. 

After looking at a couple of other online SMS sending website it appears the reason that onlinetextmessage.com is vulnerable to this abuse is because they dont ask for a capatcha before sending the message.  This would seem to be a pretty easy addition to their code to stop this from happening.  I have sent them a nice email asking this to make these changes. I doubt I ever hear from them.

Site Footer