Seduction101 – how NOT to run an online competition

8
Posted on 17 June 2008 Personal Rants

Update: I had a chat to MNet about the voting, and they have implemented stricter control over the voting and have also removed the votes that were not supposed to be counted. Here’s to hopefully a successful end to the competition!

Seduction101The past 2 weeks or so saw the launch of Seduction101.co.za – a site to submit and vote for pick-up lines and seduction tips. I know some details about seduction101 from behind the scenes and posted a few pick-up lines that did pretty well early on as they got to the top rated list pretty easily. (I was actually just testing the service out in the beginning…)

Then, after a prize of an iPod Touch was announced for the top rated pick-up line by the 14th of July, I gave it a real shot by posting to my Twitter and Plurk streams to garner a few votes from my friends and followers.

Then the mess.

The site runs off cookies and no user registration is necessary to vote up or vote down pick-up lines. You can also vote once an hour.

So by clearing your cookies, using multiple browsers and voting up your pick-up lines, and voting down others, you can imagine the mayhem. I chatted to Wezzo on GTalk about the down voting, and MNet New Media (developers of the site) removed the down voting. That’s half a step in the right direction, except for 1 small thing I came across after all of this – the parameters are being passed via the URL.

http://www.seduction101.co.za/wap/Vote.aspx?d=1&t=60

Change the d to 100, or even -100 and select your pick-up line with t, and you have full control of the site. ;-(

That coupled with the cookie clearing and multiple browser hacks as well, means you could sort of do as you please.

And, I’ll admit it. I did all of that. But, by doing that, I also caught okes cheating just as much as I did – Al, Saiyuuki, Sorceror and Nathan (not 100% of Nathan, but anyone on the top rated list at the moment are cheaters).

I had good intentions of trying to win legitimately (blogging about the competition, Twitter, Plurk and I even wanted to start a Facebook group), but after seeing other cheaters go at it, I stooped to their level and joined in. :-(.

I’m disqualifying myself, but in doing so I want to offer my help. MNet, you can fix this competition and here are my suggestions.

The Long Way

  • Users have to register to submit tips
  • You have to login to the site to be able to vote

The above method will take a while to code, test and get up and running. It will also spoil some of the hard work that has gone into getting the current pick-up lines submitted etc. But, their is another way of solving this…

The Easy Way

Change the rules of winning the prize!

  • a random pick-up line wins an iPod Touch on the 14th of July
  • You are able to submit multiple pick-up lines, but it only constitutes 1 vote in the draw

I’d just like to apologise to the guys running the site – MNet and Wezzo in particular – for my cheating. I have to admit, it was somewhat fun being able to manipulate a competition in such a way and cause some of the other cheaters to think I am some sort of god, but, it will go down in my books as one of the stupidest things I’ve done, and I’m apologising for that.

It was a great concept, but totally flawed from the beginning and I hope we can sort it out as soon as possible!

Tags: , , ,
  • http://blog.mycee.net Re@PeR

    Haha, exploiting badly designed websites is a lot of fun, glad you offered help, leaving a major flaw like that open is just nasty.
    I’ve seen worse; a login script that runs of JavaScript with the password visible in the JavaScript, have mailed the site owner several times with no response so far :(

  • http://wezzo.tumblr.com Wezz

    Hi Jason, we picked up on the flaw and have removed all the incorrect and or cheating votes. Give me a shout on GTalk if you need more info.

    Wez

  • http://www.tristanowen.co.za Tristan

    Nice little diagnosis Jason, I think its cool that you’ve brought it to the right people’s attention. Now, how about a (legitimate) vote for my entry: Your hands are so soft and gentle, like toilet paper :)

  • graemecumming

    Point taken Jason – thanks for the feedback.
    Just a bit of context – when Wes and I first chatted about this site, our initial instinct was to put the voting behind a login of sorts – but we decided against it mainly because we thought that it was more of a “fun” site. The intention was to get people talking about it, sharing tips, and forwarding to mates. To some degree, it has worked quite well without a login – which we felt would hamper the ability to rate tips (since you would have to login each time – or go through ‘another’ registration process).
    However, the fact that there is a prize involved is where the “trust” breaks down I guess.
    So yes, we have begun a process of manually trawling through our database, removing all invalid votes, and will put the voting behind a login within the next day or so.
    Don’t be alarmed if you drop from first position – but please do keep up your efforts on twitter in getting your mates to vote for you (legitimately :-)
    gc

  • http://www.jasonbagley.com Jason

    Thanks for the feedback Graeme.

    I guess it became a free for all once there was a prize on offer. Glad to see you are pro-actively trying to keep things above board.

    And I’ll definitely keep things legit and see how long I can stay at the top! Only 26 days to go!

  • Macca

    Nice pick up Jason. And i will let you in on a secret. I have been monitoring this site for some time, also the site traffic and the form posts, that is how i found out your cheating. In your post up the top you claim that those on the front page are cheaters. I assure you that they are not. I saw your cheating and figured out what was going on. I also saw that the others were climbing up relatively fast as well. But you always putting yourself up top annoyed me so i put you down to the bottom a few times to let you know you were not the only one who knew the cheat. I may have artificially inflated 1 or 2 other votes as well. but 98% of the votes for those on the top are valid votes. Otherwise they would no longer be there after the Admins removed invalid votes. I tried to bring this to the attention of the admins by inserting tips under the name FraudAlert. Alerting them that there was cheating happening. after a day my tips were erased. but the cheating was still happening so i acted accordingly and tried myself to undo the tips from the form post data i had. Unfortunately due to several net outages the data was not complete. So i had to use best guess. The login section they have implemented is a 2 edge knife. Whilst it cuts the cheaters, It also harms those making legitamate posts. Many will not want to register their personal information to simply cast a vote. Unfortunately, there is no other way to make a valid voting system. Even making 1 vote per IP address is not sufficient as a lot of people are getting there work collegues to vote most workplaces have many PC’s under the Same IP address and making it that 1 vote per tip per IP address would thus then prevent work collegues from voting on their collegues tips. To call those currently in the top cheaters is a little unfair. They may have a lot (or had a lot) of friends/collegues Voting for them. and this has proven true. otherwise they would not be where they are now.

    Another thing, Unless i am blind there are no rules posted, no terms and conditions of the competition, no contact details plainly listed for those running the site. The type of Ipod Touch on offer is also not described.. (8, 16, 32 gig???). These are the things that attracted my attention to the site. I like to keep an eye on Fraudulent activities on the net and to inform the Nescessary Anti-Fraud Authorities. All i will say is this the Anti-Freud Authorities in South Africa are monitoring the site.

  • http://www.jasonbagley.com Jason

    @Macca – no matter how much “monitoring” you do on the site, you have no clue who is and who isn’t cheating. I admitted that I cheated and apologised. But as someone that voted a ton for myself and cheated, I know how many votes I added to myself and to have someone jump above me in an hour or 2 is impossible.

    With regards to the competition, anyone can start a competition and do as they please. You don’t need rules and terms and conditions. Also I highly suspect that you have alerted any Anti-Fraud Authorities. What did you tell them? Someone is cheating on a competition on the internet?

  • Macca

    Exactly i have no idea who is and is not cheating except when they use the URL cheat like you were. Which I did not ever see from those listed above.

    The only thing i saw, And i assume it was you as you seemed to benefit from it, was was votes being removed from the above persons and votes being added to you, Most of the time i caught those URL cheat methods i stepped in and corrected it by adding/removing votes where nescesarry. So you see in that regard, It was quite easy for them to Jump ahead of you. I simply added back the votes you subtracted to those people, and subtracted votes from you, Initially i only subtracted all but 1 vote, but when i saw you forcing them to the bottom of the list i decided to do likewise to you.

    Incidentally you have not received many votes, No where near as many as those people. they have received votes from (according to the IP addresses), all over the world Most votes from Australia and the USA, but there have been votes from UK, Hong Kong, Canada, and Germany.

    Also the number of votes they were recieving from the Same IP address where not many. Probably in the order of 10 – 20 / hour over an 8 hour period per day. This could easily be explained as multiple PC’s behind a Broadband IP address like that of an Office. So maybe they had their work collegues voting for them as well. So it is unlikely they were cheating. Although it is possible. But at least they hid it well enough.

    As for Fruadulent activities. Any site that requests personal details in an unsecured (non SSL) Raises flags. Especially with the advent of Mobile spamming and SMSing. Requesting the Cell Number of a person on a non secured (non SSL) method is Dangerous. They also do not disclose what they intend to do with the personal details collected. A lot of malicious sites can uses a person cell number and name as tacit consent to send that person SMS messages at a permium rate or even Ringtones, wallpapers ect, that the customer then pays for on their monthly bill. Thereby the owners of the site have the potential of making a lot of money in a scam like that.

    I have been a victim of a similar type of fraud myself so i am extremely carefull. and i know the warning signs to look for. and the seduction site rated a 8 out of 10 on the warning signs. and that is very high.

    A friend of mine has a tip on that site, he asked me to vote for him and that is how i found out about it. I decided to closely watch the site, whilst asking that friend to watch their phone bill. So far so good he has not recieved any spammed messages or unsolicited data, So i am no longer monitoring the site, especially since the sites traffic barely warrants that action now.. The sites traffic has dramatically dropped since the introduction of registered voting.

Work with me

Would you like a blog like this? Does your brand need a mobile presence? Want to know more about Social Media and how you can benefit from it? Get in touch with me!

All content is mine, so please don't steal, mmkay? :) RSS | Sitemap