W3C home > Mailing lists > Public > www-tag@w3.org > December 2003

[whenToUseGet-7] How to Cheat with GET

From: Sean B. Palmer <sean@mysterylights.com>
Date: Sun, 7 Dec 2003 21:52:48 -0000
Message-ID: <001101c3bd0c$76bf1f80$8f540150@sbp>
To: <www-tag@w3.org>

[+BCC to Kevin at wizbang: comments on anywhere that I've
misunderstood the situation would be most welcome indeed.]

A current Weblog Awards online poll had its results fudged because it
allowed the use of HTTP GET to vote. The site owner eventually found
out what was happening--an <img> tag pointing to the vote URI was
embedded in a series of major sites--and stopped the covert voting. I
have a feeling, however, that it was stopped by checked the referrer,
and not by requiring people use POST.

Most entertaining pertinent quote:

[[[
If you think it will help your favorite site by padding votes or
hacking you are wrong. I'll be lopping off the cheaters [sic] votes
and banning addresses. I am watching the vote logs and zapping
cheaters [sic] votes.
]]] - http://wizbangblog.com/archives/001268.php

I'd not thought of HTTP GET as "hacking" (used, I'm sure, in the media
sense) before. I wonder if Googlebot and clients that pre-load links
are really eligible voters?

Originally reported [1] on #rdfig.

Cheers,

[1]
http://www.ilrt.bris.ac.uk/discovery/chatlogs/rdfig/2003-12-07.html#T2
1-30-11

--
Sean B. Palmer, <http://purl.org/net/sbp/>
"phenomicity by the bucketful" - http://miscoranda.com/
Received on Sunday, 7 December 2003 16:52:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:23 GMT