FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Home » Hosting » Rigging the DreamHost Site of the Month Contest

by comment

Back in May I wrote about the DreamHost Site of The Month Contest (DHSOTM), which lets DreamHost users submit their websites to be rated. Its a seldom used feature of DreamHost, and I decided to try and win it, which I did for May! But my site was all of a sudden disqualified even though it won by a huge margin with overwhelmingly positive votes. The reason AskApache.com was DQ'd is totally bogus, and this post is an attempt to set the record straight and also to show how a person could cheat DHSOTM. In order to prevent that from happening I have alerted several DreamHost staff who are always helpful, polite, kind, and good-looking!


Here are the stats for the rankings of AskApache.com (To achieve my goal of winning the contest I created a button for DreamHost users to click on to make it easier and more attractive to vote.)

Submitted AskApache.com (on 2007-05-30 13:38:01). # Votes: 31 Total Points: 223 Average Vote: 7.19

As you can see, even though my site wasn't even submitted till the 30th, my Vote button really worked great and I was able to win the contest in a single day! But do you see any smarmy DHOSTM champion gifs anywhere? no.


DreamHost Web Panel - Home : DHSOTM

As is incredibly obvious by this screenshot, my vote link DID NOT automatically enter a vote or comments for my site, all it does is properly send the user to the correct page to vote for my site IF THEY SO CHOOSE.

So in order to get votes I would need to focus my promotion on DreamHost users like myself, because those users would likely be logged into the DreamHost Web Panel thus enabling them to vote for my site IF THEY SO CHOOSE. Besides, I think its widely known that DreamHost customers are the coolest on the net! So anyway I posted the same link that you see above into 2 different forum posts on the DreamHost discussion forum, but mostly I linked to my blog article. I also added the link and the button to my DreamHost wiki userpage.

I actually thought (and I still do) that it was a really clever idea to come up with creating a VOTE button and then going out and winning the contest in a day.. But hey some people are blind to what the rest of us see.



How I could have rigged the DHSOTM

Since I was disqualified and accused of cheating, which is absolutely ridiculous, I decided to go ahead and figure out if what they were accusing me of doing was possible. That's right, I'm going to show YOU how I COULD have rigged the DHSOTM contest to hopefully make the statement that I absolutely did not cheat in any way and I have been unfairly mistreated. (and I'm still waiting for my smarmy gif!)


This is some sweet code, but its definately very wild so DO NOT even think about experimenting with this code or method under any circumstances with DreamHost, try it on your own server far far away from any DreamHost block. You could modify this code to work with any number of other online forms like gmail, youtube, weather.com, discussion forums, etc.

Old tricks are the best tricks

One of the oldest and most commonly used hacking techniques on the web is hacking forms. So the really simple way to rig the DHSOTM contest is to automate the form submission for your site, in this proof of exploit case I will set it up to automatically rank askapache.com a 10, with a comment of "Awesome".

Changing the voting link

Instead of using the vote link that I used, which I think is without a doubt legal, ethical, and creatively cool, a malicious contest cheater could instead just direct users to a php file.

The PHP file

This actually works so DO NOT use this! Who knows, a knee-jerk reaction could lead to the deletion and closing of your entire account! Because doing anything even close to this (sending any data that is for the user to decide not u) is not a cool thing to do and there will most certainly be consequences! It is however very cool code, I absolutely love CURL (php and command-line) and that is why AskApache is an official mirror of CURL at curl.askapache.com.

<?php
$pv = 'tab=home&subtab=dhsotm&command=AddVote&uservote=10&comment=Awesome&current_step=Site&next_step=Site&url=http://www.askapache.com/';
$ch = curl_init('https://panel.dreamhost.com/index.cgi?');
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $pv);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,0);
curl_exec ($ch);
curl_close ($ch);
header('Location:https://panel.dreamhost.com/index.cgi?'.$pv);
?>

Conclusion

AskApache.com won the contest fair and square according to the rules, TOS, etc., everything.. I want what was taken given back! lol

Who wrote this? Help me out DH

DreamHost: "Rock the Vote!"

Tags

Comments Welcome

Information is freedom. Freedom is non-negotiable. So please feel free to modify, copy, republish, sell, or use anything on this site in any way at any time ;)

My Online Tools

Popular Articles
Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two.
-- Richard M. Stallman


It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

+Askapache | htaccess.io | htaccess.guru

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service | @Htaccess

↑ TOPMain