I find this both sad and amazing...
So one of my clients was giving away something free. It was for a coupon for an item which was only good for like a week and it was for a $2.99 food item.
The anti-fraud mechanisms were okay (within the client's tolerance levels and, believe you me, this was discussed at great lengths...) and we were doing just fine.
Then, as I previously mentioned, we got picked up by SlickDeals.net and a bunch of other freebie sites. Overnight, our list just from just above 1,000 subscribers to right under 10,000 subscribers.
Wow...
Well, today, I was putting together an exclusion list from the database to use for a localized AWeber.com e-mail (kinda a pain due to shortcomings of their platform) and I noticed a ton of beautiful "ASCII art" in the e-mail address extract.
As it turns out, 54 people tried exploiting the fact that GMail does not reconize periods to get a free $2.99 item...
2500 times.
It doesn't matter... I think AWeber was smart enough to catch this and, based upon the necessary redemption mechanisms and the relatively low value of the item, no harm was done. It just sorta disturbed me that some one went to such great efforts to break my toy...
If anyone would like to dump these addresses (and any other permutations thereof) in your block list, feel free. I've put them in a (long since past on order to get it off my front page) blog post here.
And, as you're putting together that freebie offer, remember to parse the periods out of the GMail addresses before you do your uniqueness lookup...
- Ray
Subscribe to:
Post Comments (Atom)
3 comments:
Are you trying to get yourself and the company in trouble? Publishing somebody's email address and calling people scammers on the open blog is unbelievable irresponsible and stupid...
Next time, please leave your name so I don't have to reply in an open forum...
Two quick thoughts though. 1. Malicious people forfeit their rights. 2. What's to say that's really the person's e-mail address unless it's yours?
Things like this absolutely should be published to raise the collective knowledge and to thwart the ability of otherwise malicious attackers.
Let me know if you'd like to discuss further.
Nothing malicious was done. Just entering for a coupon with an autohotkey script. No purchase necessary enter as many times as you want right ;)
The program in question to do the "dot" trick is located here http://cheatingnetwork.net/forums/public-bot-exploit-releases/9896-release-gribblemail.html
Yes yes I know this post is 2 years old but I just happened to find my email in your art so I figured I would post =) Which coupon was it if you don't mind my asking?
Post a Comment