A MarketPlace of Ideas

DefCon – Auto Entering Contests on Twitter – 20 Thousand Free Items

Published by Fudgy McFarlen on May 8, 2017May 8, 2017

Research Links

  • Prize List
  • How I won 4 Twitter contests a day (every day for 9 months straight)

Show Transcript…
 

how many people like free stuff let's learn how to get free stuff with Twitter and Python let's give let's give an XP or a big hand so if you guys have ever had an idea that you tried and it worked like a hundred times better than you possibly could have hoped this is one of those ideas if I had to summarize this talk in one slide it would be this this is from the movie real genius if you've never seen it val kilmer so good so my name is hunter I'm a computer engineer and I work for a startup in Silicon Valley that you've never heard of so this started when i was on twitter and saw that there was a bunch of contests and all you have to do to enter them is retweet them i was like well i can write a script to do that so I'm sure you guys have all seen this comic it's the xkcd where he writes a script to buy something on ebay every day for one dollar with free shipping the idea is that like you get all these packages showing up at your house and you don't know what's in them and that's super fun and it kind of backfires on him because at the end he gets put on an FBI watch list because it buys all this really suspicious stuff so this is kind of what I was going for and it basically worked because it was actually better because I didn't have to pay any money and as far as I know I didn't end up on any watch list because of this particular project but I'm you know you can never be sure so here's the Twitter account that i set up you'll see that i really didn't try to be selfie at all this is a default picture for windows because i was too lazy to google for anything else and it turns out you don't have to be stealthy and this seems to work anyway which is kind of interesting so how hard could it possibly be you look for contests and then you retweet them and then you're done so I started with the terms you might expect variants of retweet to win and I was using the Twitter API just tweet pea and Python unfortunately the Twitter API has a bunch of rate limits in it so this is kind of lame because it means you have to add a bunch of delays which means you can't enter as many as you otherwise would be able to so the first thing I did to get around was rather than use the API to search I just scraped the Twitter search results page and this works because you don't have to be signed in to use the search page all you got to do is make your request of whatever search time you want as fast as you want and then I used beautifulsoup to go through and pull out all of the tweets that look like contests and then I stored their unique tweet ID so I didn't have to check later to see if I had already retweeted that because there's a lot of overlap between search results as you start doing this you'll notice that there's a lot of contests that require you to be following the person to win so this is a pretty easy modification to make you just reg ex against it and see if they ask you to follow and if they do then you follow them the problem comes when you start following about person number two thousand because twitter has a limit that if you don't have any followers or you have an under a threshold number that you have to you can't follow more than 2,000 people so okay I need more followers so what's the easiest way to get more followers by them this is this is fiver and this here is actually a bad deal 500 followers for five dollars I paid five dollars i got about four thousand followers also i can guarantee you that they are not real twitter followers this like so this works ok I mean they 4,000 people did actually show up which was nice unfortunately it's pretty easy to tell that they're not real people some of them still had like the egg as their profile picture and if you went into neither profiles it was clear they're not real people and I'm sure if you did any kind of network analysis you would find that they were all highly connected to each other so at this point this is the output of the script basically I'm just I've extended the number of search terms now so I've quite a few and by the end of this I'm fairly confident that I was covering almost every single contest that was launched on Twitter so this was a pretty long list of search terms you know you just kind of guess and check to see what people use when they're trying to launch a contest so you go through the search results looping through each time and see okay is this or the contest if it does have we already entered it if not then enter it do we need to follow them are we all to be following them if we're not then follow them so to get around the follower problem I just built a FIFO which is a pretty obvious solution it's 2,000 people long and so whenever we need to follow someone new we kick out the very last person and pop on the new first person and this had a couple well I got lucky in a couple ways here first of all it turns out that the length of a contest is shorter than how long it takes one name to propagate all the way down to the bottom of the list which means I basically was never unfollowing someone to early their contest had already ended the other way I got lucky was the total number of contests that were launched on Twitter it was low enough that I was able to enter every single one of them without hitting up any rate limits once i implemented a few of these tricks here and there was a side effect here which is that I guess it's some people when you follow them they automatically follow you back there's a lot of bot activity on Twitter and scripts and services and things I didn't realize how much there was until I started interacting with like thousands of these things but um the way works is like you'll follow them and they'll say oh great thanks it'll automatically follow you back but then when you unfollow them later they don't unfollow you back so my follower count started increasing with like increasingly legitimate looking accounts companies and people and stuff that were running these things so I kind of got a bonus there that I was the total number of people that I was able to follow kept going up as I did this so then I try to figure out how I could paralyze this and run multiple accounts at the same time I should say that the majority of the time that was running this I was actually only using a single account but if you want to make multiple this is what I try to do so to use the Twitter API you need a developer account which means a new to phone number and so I need to get another phone number okay i can use google voice well to activate google voice you need a phone number okay so i can use twilio to make a phone number to activate google voice account to activate twitter you can't use twilio to activate twitter because twitter somehow knows you're using a twilio number and now I think even google voice knows if you're using a trillion number I don't know how that works so if you know how they're able to tell that let me know because it really curious how that works over the course of doing this of course I had a lot of interesting interactions with the great Twitter public this was one that I got busted on because this was when I was running to bots and I had different Twitter user names but I forgot to change the display name so person was running an account running a contest and they were picking multiple winners and I won multiple of the winds so yeah I got busted here and ditched to this one another really great thing that I liked about this was some of the false positives I got some things look like contest but they're not so this guy says retweet for a chance to win these Tupperware lids that have been warped in the dishwasher must be following so dutifully my script followed them and retweeted them and it actually won the guy DNB was like hey man you won those warp Tupperware it Liz yes it was really disappointing though because he never actually mailed them to me I was really hoping he would mail unto me that I never did you get a lot of weird interaction between other BOTS when you do this kind of stuff so this is an example where someone is running some kind of service that at the end of the week on Friday they tweet out the top five people who retweeted you so when you don't have that many people who retweet you but you do have a bot following you that's retweeting everything that you tweet about your contest and your script is not checking to see if those people are the same then you get all five slots so my breasts retweets came from me and me and me and me and me you also get asked for really weird stuff so the top one was someone I don't know if this was a script or if it was like a person copying and pasting but it was some like teenage girl who was trying to get people to retweet to get the attention of some like pop star she want to ask on a date or something so the fact that i was sent this makes me think that I don't know maybe she I like to think that it's some like 14 year old girls slinging code somewhere like trying to get a date with this guy but I don't know the middle one like super weird I don't understand what this is can you make it to my party April 27th 7pm where snow forts comma sleet like I don't know if this is they seem like they're be some kind of spam or social engineering I don't know what these are but they're almost certainly all not real people another than the bottom one there is someone who is promoting my account I have no clue why anyone be motivated to do that this is a DM I got that I thought initially oh someone something like some rot 13 or something but no this is just how the kids are talking now so and this was a really good one this is someone who's contest the prize was an autograph by me what so I don't understand first of all how they expected to pull this off I've no clue who this person is and I don't understand why anyone would be motivated to win an autographed by what is very clearly a like account that is only sending out contests so I couldn't figure out what the motivation behind this one is either but it was surprising to run across sometimes my bot was accidentally a jerk like in this case this is because of the fifo this person doesn't have a lot of followers and they ran a contest so I entered because I found it and then I didn't win so they got pushed off the bottom later they ran another one so I followed them again and like if you're a big company you don't notice this kinda stuff but if you're just like a person they're like oh man hey Polly this person is only in it for the contest so sorry man well who you are but this is another one of my favorites it looks exactly like a contest except for you went absolutely nothing so yeah I enter that one too only entry here's one more false positive I couldn't figure out why my bot entered this it's a list of people's like favorite cereals and what i figured out i think it's because of those were lucky here even though I wasn't actually looking for just the word lucky for some reason it picked it up the reason I was showing you these false positives because I was not trying to like hone in on any particular contest or any particular prize anything because I was able to enter everything that I could find like why not you don't make your filter wide open you can't lose a contest that doesn't exist but you can lose a contest that you don't find so here is a list of stuff that actually got shipped to my house I should point out that this is the stuff that managed to ship which means it's not the huge list of stuff that wasn't physical and it's not the list of stuff that they wouldn't ship because I lived in United States and I had won the prize in some other country so some of the some items to point out here the top thing there is a an album it's a vinyl Papa Roach pretty great a bunch of books and CDs most of which were signed which is cool t-shirts a lot of like stuff you would kind of get at like a career fair you know glasses and pens and stuff like that twelve bottles of cherry juice a calendar of 316 t5 cats and my favorite physical thing that I got was that cowboy hat over there because that is a cowboy hat that is signed by the stars of a Mexican soap opera that I have never heard of before the reason I love it is because it's like the perfect example of the totally random stuff that showed up at my door that I would never have expected to get some people like when I wrote about this we're saying hey you know that's kind of lame because maybe there was someone who liked was a huge fan of that Mexican soap opera and like they didn't get that thing and you did and what's wasted on you and like I understand where they're coming from to some extent they're right but i would say that i have exactly the same amount of appreciation if not more for that thing than they do but for a totally different reason so I think that's okay there's a lot of weird intangible stuff I got to there were some restaurant in England that i won reservations to like 30 times in a row couldn't figure out why they weren't getting on to me I also won a there were some like cam girl who had a contest to win she'd write whatever you want it on her body and chocolate sauce and take a picture of and send it to you so i won and so I'm trying to think all right what can I have a right so I try to get to write the maxwell's equations but she didn't do it it's kind of lame if you wanna see the full list of stuff this is it there's a ton of stuff on here that I didn't cover because it's way too long but it's fun to dig through there there's some really random stuff so towards the end I tried to repurpose my bot for good because I noticed that there were some tweets where you would retweet to donate to stuff people say retweet and i'll donate a dollar to some charity i was like well i can add that to the end of the list why not so some people like actually appreciated and they were like hey this is great because i had real followers at this point who were seeing it but even this backfired at the end unfortunately yeah retweet of that one all right so the the stats at the end here I entered about 165,000 contests and on average I 14 KS per day every day for 9 months straight so this works the most valuable thing a tie one was a four thousand dollar trip to Fashion Week in New York City I did not actually regime this prize because first of all they didn't pay for travel and I didn't live in New York second all I wasn't that interested in going to Fashion Week anyway and third of all you have to pay taxes on four thousand dollar prize which I was not psyched about if you're not from the US you may be surprised to learn that you have to pay taxes on contest winnings in the United States and speaking of that yes I paid the taxes on the things that I want I never released the code for this in what may have been a futile attempt to try to stem the flow of twitter contest spam but i wrote about it and people made their own version anyway so there's a whole bunch on github if you want to look at some most of them are fairly naive i still get emails sometimes with people more like hey man i try to make a version of that python script and i got banned immediately it's like well yeah so if you if you look through some of these there there are some things that in this talk that i don't think a lot of them implement that you could probably improve if you wanted to so if you want to keep me from winning contests it's really simple obviously I was not trying to do this stealthily and it turns out that that didn't really matter so if you're trying to prevent this kind of people from winning then all I got to do is check to see if the person looks very obviously like a spam bot if you would have gone to my page you would have seen that it's tweeting contest every 30 seconds without sleeping ever it's probably not a person weirdly there were versions of this that I found I was looking before I started to see if anyone had tried this before and I know there was at least one or two people who were doing an extremely stealthy version of this and because I the only reason i know is because he emailed me and said like hey i tried this too and those it's unlikely you would ever be able to actually catch but i also saw some examples of what looked like I don't know people who were kind of doing this manually they would sit at their computer for like four or five hour stretches and just like literally do the exact same thing go through the search result in just read retweet we treaty so I guess it depends how much you want how insane you want your entrance to be able to be to be able to have their screen a person who spends four hours versus a script you can also try to make it harder to programmatically enter and you can do this by adding a second step like you know asking a question or something this works okay but it's not great because all you have to do because everything on Twitter's public is look to see what everyone else is responding to this question about and then just repeat it so this may stem like some really negative temps and you can also try running it on another platform it seems like it's more difficult to make a legitimate looking fake facebook account than it is a fake Twitter account and it can also be tied to a real identity which twitter account obviously isn't and finally you just have to accept the fact that if you're running a contest people are going to try to game it ever since people have been running contests people have been trying to gain them and that's kind of the way it's always going to be so that's just part of doing it so again here's the list of stuff if you want to look over it and if you want to follow me on Twitter I guarantee it's one hundred percent human generated content then that's my version able thanks you

 

Categories: BusinessComputingFunny

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Categories
DashBoard
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
  • About
  • Book List
  • Brazil
  • China
  • Courses
  • Daily Reads
  • Design Tools
  • Disassembly
  • Ebay
  • Food
  • Informatics
  • Investing
  • Jobs
  • Languages
  • Library
  • Literature
  • Math-Science
  • Music
  • Open Hardware
  • Portals
  • Projects
  • Real Estate
  • RF-Wireless
  • The Freemon Sandlewould Show
  • Tools
  • USA HeadQuarters Research
  • Video
  • Weather
  • References
  • BookMarks
Hestia | Developed by ThemeIsle