This is a guest post from Paul Madden (aka @seoidiot – and one of the nominees for most influential) further to the fun and games from last weeks automated voting. These weren’t done particularly well, so as a result we thought we would get in the experts for next time ….
Some of you may know that I have a slightly dodgy past as far as spam goes so it was no great surprise when people blamed me for gaming the poll. I find that offensive and I am saddened that you would think that of me. So did I game it?
Well yes of course I did, Pete wouldn’t have expected any less. The difference with me is I wont do it in a way that causes your server problems and I wont do it to win, I did it simply to point out the vulnerability of the voting method used. So I have been asked to share with you the thought process and code that allowed the poll to be gamed so you too can game polls, sorry I mean so you too can avoid being gamed on your own polls.
As soon as I saw Pete had a poll running I took a look at the source of the page and heres what I found: -
So Pete is using WP-Polls to run his poll. OK well lets have a look at how that system prevents vote rigging…
Just a note, always prevent me from browsing to your plugins directories to confirm the plugin is in place – http://www.holisticsearch.co.uk/wp-content/plugins/wp-polls/
(If you add ‘Options All -Indexes’ to your .htaccess file you will stop me doing this easily)
It appears that it simply places a cookie on your machine and prevents posting from the same IP again and again. Here is the handy cookie view in Chrome (Preferences > content settings > show cookies and other site data)
Nice how Google help you spam things sometimes isn’t it
So what we need is a method to hold a cookie and a way of using lots of IP’s
Step forward cURL and PHP once again!
So with cURL you can set all sorts of things like the user_agent and accept cookies and spoof pi’s. Ideal for us. Now it would have taken about half an hour to code up something to do the task for us but in our case there was already a script I had that does the job. You can find it here:
OK so all we need now is to tell this script what the poll id is (`name=”poll_id” value=”52″` from the source of the page) and who we want to vote for (65 was my option in the vote, again found in the source). Then we will upload this script to one of our servers and get ready to play. Normally you could use proxies to do this (Tor or a service like http://www.yourprivateproxy.com/ would work well) but as we are ‘blind posting’ we don’t need a proxy at all.
What? How does that work?
OK so if you are posting and getting back information with cURL you have to use a proxy as if you spoof an ip the information will get returned to that fake IP. If we are simply posting to a form though we can do that with a fake IP.
One note of warning, the real IP will still be there if you look at the raw log files I think. We are simply telling the server that we are forwarding from a fake IP using the line: -
So now we have all we need to spam the vote, we simply do it in little bursts of votes over an extended period (http://www.seoidiot.co.uk/projected-cron-jobs/) and if we wanted to we could quickly extend this script to check who was winning the vote before voting itself and then make sure we always stayed just above them. In this case I would worry that Mr Naylor might also have done that and it would become an arms race pretty quickly..
Some notes on doing this in a way that doesn’t hurt the site in question. Don’t post 1000 votes at a time (one or two have done this -> editor;), don’t just vote for yourself (couple of people have done that -> editor), don’t write a follow up post explaining how to do it (Whoops)
Disclaimer – Following Paul’s advise above is done so at your own risk. Holistic Search and Paul do not accept any responsibility for any actions you may take as a result of reading the above post