My closest friends know how much I don’t like popularity contests. They seem to pop up all over the Internet, they waste a lot of time, and they aren’t too productive. C’mon – Ashton Kutcher has one of the biggest followings on Twitter. The only thing I remember him doing (besides Demi Moore) is “Dude, Where’s my Car?”.
PS: The Kutcher’s recent social media campaign to eliminate child slavery is a great one, though!
So – when a new popularity contest popped up and I was nominated for it, I decided I was going to win… at all costs. The Hullabaloo 2010 was started by local CRM company, Address Two (developer of a great CRM tool for small business). I didn’t mean to pick on them… but I just couldn’t help myself.
Address Two put up a page that has some voting links on it so that people could vote for how they believe are really making a noise in the Indianapolis community. The page is somewhat protected… it tracks your IP address and only let’s you vote 3 times.
I hesitate to say that I rigged the contest… I’d rather say that I leveraged technology to exploit the opportunity to publicize myself.
Ok… I cheated.
And… I suckered Scott Wise (of Scotty’s Brewhouse fame) into betting dinner and $100 donation to Race for a Cure… right before my votes started to really take off. Evil? Yes… yes it was.
How to Cheat an Online Voting Contest:
- Don’t copy the link to the page and solicit your social network. Instead, copy the actual voting link and distribute it. That way, anyone that clicks the link actually winds up voting for you without knowing it.
- Pay a service like Blazing Traffic or Buy Hits Cheap to hit your voting link. For about 20 bucks, you can get thousands of unique hits. Thems a lotta votes!
- If you don’t like spending money, you can always generate your own 1 pixel by 1 pixel iframe with JavaScript in a website page that’s traffic’d heavily. Since you can vote 3 times, I made the iframe three times.
Here’s the code:
<script language="JavaScript" type="text/javascript">
function makeFrame() {
ifrm = document.createElement("IFRAME");
ifrm.setAttribute("src", "http://site.com/vote.asp?ID=5&name=Doug+Karr&tname=douglaskarr");
ifrm.style.width = 1+"px";
ifrm.style.height = 1+"px";
document.body.appendChild(ifrm);
}
makeFrame();makeFrame();makeFrame();</script> Whew… that was fun! I hope I didn’t hurt anyone’s feelings – and I’m guessing that this might cause one heck of a hullabaloo here in Indianapolis. I just couldn’t help myself when I found the big, gaping hole in the voting logic.
Scott doesn’t have to buy my dinner and I’m going to donate the $100 to Race for a Cure either way. I believe about 20,000 votes are going to be rolling in for me over the next month with all the services I paid for… I’m over 2,000 votes ahead now. (Scott smelled a rat when I got about 500 votes in an hour).
There were no terms of service with the contest, but if my punishment is to be stricken from the contest I will gladly oblige. Good luck to all those who did it the honest way!
At the very least, this is why voting forms should require a captcha or preferably some sort of login or registration. Doug, you’re evil (in a good way).
This reminds me of my blog post from last year about all of the other social media contests happening:
http://www.robbyslaughter.com/blog/?2009-10-26
I wasn’t nominated. I’m pretty sure that blog post had nothing to do with it. 🙂
Robby – yes thoughts of those contests rang through my head as I proceeded to exploit this one! 🙂
Interesting, I never thought of a CAPTCHA – that could have done the trick! (Although there are CAPTCHA OCR scripts nowadays, too).
And it’s a good thing you weren’t nominated! While Doug is quite the little bugger with his iframe, I can’t imagine what you’d do with your SQL injections!
Even just making this POST over GET for vote submitting would have fixed this simple attack. In the end cheaters will always be able to through fake accounts, scripts, paid services, TOR, etc…
I mean crap even non online voting contests get ballot stuffed or have people cheat to win. Pretty much any voted for award is bogus, what’s worst are the companies that brag about winning them when they know they cheated to win it and use that as part of their marketing/PR campaigns. Sadly most people don’t get how easy it is.
Thanks for coming clean. I was beginning to wonder how I would tactfully DQ you without causing… well…a hullabaloo 😉
Truth is, any of us techies could figure out how to bamboozle an IP tracker. In fact, @RobbySlaughter had it pegged early on. I’m more impressed by the people who have indeed gathered a significant amount of real votes in spite of trailing the leader by a seemingly insurmountable margin. Those voters really believed in their candidate. I’m grateful for that.
The plan was always to come clean! 🙂 I agree with you, this really did get a lot of spotlight! Feel free to DQ me – it was fun while it lasted.
That’s hilarious!
Learn more on how to cheat social media (from the cheater himself) http://www.addresstwo.com/hullabaloo/doug-karr-cheated.asp
No one could raise Doug right but mama tried, mama tried – http://www.youtube.com/watch?v=-eYnn6TufdU
I think y’all have more social media contests down their then workers in the field 😛
Easily my favorite post ever. Easily 🙂
Reminds me of the battling Indiana social media polls of last fall. Hopefully it raises the bar on these polls instead of having them as traffic generators.
Thillineth
Looking forward to hearing you speak, even if you did cheat your way to the top!
I bought 5000 hits on buy hits cheap, how do i make the link to make sure I get the vote?
Website is http://gardencityvote.com/ and it is Entry#1
Looks like they’re utilizing addpoll.com, JohnL… but it would still might be possible. You’d have to create a page that auto-posted the option that you want people to select. When you have that page complete, you may be able to have the mechanism work. It appears, though, that addpoll may restrict the posts to come directly from that domain only. It’s not impossible, but would require some cool programming.
What’s even funnier is now that site will have this site as a referrer in their Google Analytics to see that you just admitted you are buying votes. Hope no one over there is paying attention. 🙂
That might be true but if I never have over 5000 votes and the fact that I will not be able to program it means I thought but never followed through.
I really need help with this. In the contest I am, I am doing the honest way, but looks like i am the only one. So please help me!!!!
could you explain the 3rd process i didn’t understand it! dont understand computer language!
The third step uses a script to make a 1 pixel by 1 pixel iframe with
the voting page link within it. So, as people visit your site, the
script is executed and the vote is added.
The third step uses a script to make a 1 pixel by 1 pixel iframe with
the voting page link within it. So, as people visit your site, the
script is executed and the vote is added.
awesome BUT what about facebook likes?