Cheating an auto-surf

This is the follow-up of what I was saying in the last post. Since I first saw an auto-surf or paid-to program, I've always tried to cheat them. Shame on me. I actually managed to trick quite a few, but with no real financial income. This is just one of the: It's a nice auto-surf, cute graphical interface and interesting crediting mechanism. You can find more information on their website. So let's get on with it.

First of all, I have a XAMPP package installed on my computer, but you can use any Apache installation and PHP. This one is just easy to use and provides me with everything I need. The cheating script is comprised of 2 files in my case. One is the html file "hack.html" and the other is "hold.php". I don't know why I've named them this way. You can use whatever names you like. Both of them need to be placed in the same folder in your "htdocs" folder and will be accessed like this in your browser "http://localhost/foldername/hack.html". The source was not originally commented, so I did that in a hurry. What you really have to do is replace "your_user_name_here" with, you guessed it, your LinkCrews user name. And it should work. If it doesn't, don't expect any support. Cheating is wrong (damn conscience!). I might tell their support team about this simple method of cheating their system. And one last thought: this works because they don't really have a good anti-cheat system. I don't even know if they have any. So let's get on with it already. The first file is "hack.html" and the source code is:

<!-- refresh page every 15 seconds -->
<META HTTP-EQUIV="refresh" CONTENT="15;URL=http://localhost/hack.html">
<script type="text/javascript">
/*- function that creates a new "special" variable
- if you want more info, do a Google search for AJAX
- I won't comment this one*/
function newXMLHTTP(){
    request = new XMLHttpRequest();
    // Firefox, Opera 8.0+, Safari
    return request;
  catch (e){
   // Internet Explorer
     request = new ActiveXObject("Msxml2.XMLHTTP");
     return request;
   catch (e){
       request = new ActiveXObject("Microsoft.XMLHTTP");
       return request;
     catch (e){
       alert("Your browser does not support AJAX!");
       return false;

// the main function of the script
function fetch_new_link(){
   var XMLHttpRequestObject = newXMLHTTP(); 
   //create that special variable
      XMLHttpRequestObject.async = false;"GET", "hold.php");
      XMLHttpRequestObject.onreadystatechange = function() {
        // if our variable is ok
        // let's get the job done
        if (XMLHttpRequestObject.readyState == 4){
           var linktxt = XMLHttpRequestObject.responseText; 
           // what our php file gave us
           newlink = "" + linktxt + ""; 
           //create the new link; replace your username here
           frames['container'].location.href = newlink; 
           // point the frame to the next link
    // end all the circus
<body onLoad="javascript:fetch_new_link()">
<!-- start the script on the spot -->
<!-- this will hold the new links -->
<iframe name="container" id="container" width="100%"></iframe>
<!-- and that's about it -->

And the second file, "hold.php", is:

// print out errors if any
function print_error(){
global $parser;
die(sprintf("XML Error: %s at line %d",

// use the default xml parsing methods
$parser = xml_parser_create();

// I can't really remember what this does
$data = implode("", file("")); 
// remember put your username here

xml_parse_into_struct($parser,$data,&$d_ar,&$i_ar) or print_error();

// get the availabe links
$values = array();
foreach($d_ar as $key){
if($key['tag'] == 'id'){
$values[] = $key['value'];

xml_parser_free($parser); // destroy the xml parser

$i = rand(0,2); // pick one of the links
echo $values[$i]; // send it to the html file "special" variable

And that's about it. There might be certain errors in the code due to the transcription of the html special characters. If you can't make it work, oh well, maybe it's better this way. I've stopped using it anyway. It's just not worth it for me.

Boy, I'm tired. And now I'm all out of ideas and beer. So I'll come back when everything stops spinning. See ya.

LE: I just noticed that certain longer lines of the code are not visible because the posting area has overflow:hidden. Sorry about that. But if you select from top to bottom and paste them in a text editor it should be OK


N2KMaster said...

Wow is there a way that this can be explained to a total noob. I kinda get what your going at and php isnt one of my strong suits. Minor more explanation required.

N2KMaster said...

I've made the two files, i can see the iframed baner load up, have no idea about that htacess file, i dont know anything about it so im in need of what to change and where to change it and how to change that htaccess file. I love the idea, trying to convert it to possible traffic.

Stelian Andrei said...

Hi there. I'm not sure if this method still works. One of the reasons it did was the fact that didn't have a real anti-cheating mechanism.

But for the theory of it, let's assume it still does. You can probably use it in other places as well. You would first need to install a local http server with php support (I recommend XAMPP) or use your hosting account if you have any. The two files need to have the "?username=" GET variable filled in with your LinkCrews account name. In your case it might look like "?username=n2kmaster". And that's about it. You access the file "hack.html" through you browser and it displays automatically a new page every 15 seconds.

Regarding the htaccess file, I don't exactly understand what you mean. But if you use a hosting account, there might be certain restrictions over cross-domain scripting. I would then suggest to use the local method: install a local http server.

materi dakwah islam dan kultum said...

where I can use in blogspot?

Post a Comment