Flooders and fake profiles
As the number of Orkut users increased and due to the low reliability and security of the site, there was a rise in the number of fake and clone profiles, something that can be achieved just in a matter of a few minutes. Due to the large number of users and the deactivation of the jail system, the profiles were often left unremoved or, when removed, recreated easily. These profiles are normally created to troll, to spam, to flood or just for fun. It isn't hard to find users owning more than one profile, with some stating they own hundreds.
Later, the clones started to flood communities and scrapbooks by submitting topics or scraps hundreds or thousands of times manually. Shortly thereafter, by simply examining the source code of the page, they found it was possible to create Javascript codes to automatically flood the site. Soon (given that Orkut is a complex social network), flooding wars started to occur frequently between some antagonistic groups. Another new phenomenon is Scrapbook wars, when a group of users are engaged to zero or increase the scrapbook counter of someone.
On January 1, 2005 a Brazilian hacker called VinÃcius K-Max attacked Orkut, stealing community ownership rights, using a XSS vulnerability. Eventually, various phishing sites were developed with the intent of stealing other people's accounts and communities. A couple of months later, invisible profiles, communities and topics started to appear in Orkut. This could be achieved by using HTML escaping codes and 1x1 pixel photos to fool the engine behind the site.
In the August of 2005 a freeware program made in Delphi called Floodtudo ("tudo" in Portuguese means "everything" - this was developed by a Brazilian) was created specifically for flooding Orkut. It quickly spread through the users and was easily downloadable (the most common Floodtudo versions were 1.2, 1.5, 2.0 and 2.2). As this program was massively used by thousands of spammers, a big spam wave struck Orkut in September and October of 2005. However, changes implemented by the developers in November made this program non-functional.
As the flooding of Orkut was getting out of control, the developers implemented some features in order to stop this, such as not allowing two or more verbatim topics or scrapbook entries to be submitted, forcing the user to wait before posting another topic or scrapbook entry, and the usage of captchas. They gave more rights to community moderators as well, so that they can just ban users instead of relying on the developers to remove them, and now community moderators are able to mass-delete posts too.
Other ways of profile and community attacks still exist, like testimonial flooding attacks on scrapbook and member counters, multi-profile floods and social engineering.
source: wikipedia
No comments:
Post a Comment