For those we lost, We will not forget 09/11/2001 “We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.”
— The Continental Congress, July 4, 1776

“The task of statesmanship has always been the re-definition of these rights in terms of a changing and growing social order.”
— Franklin D. Roosevelt (Commonwealth Club Address, 1932)

“Roosevelt was wrong! The principles laid down in the Declaration of Independence are the principles of individual liberty. Our unalienable rights, given to us by God are given to us as individuals. Our rights do not come from society or the government, and they cannot be redefined by politicians. The nature of these rights carries with it the implication of individual responsibility, without which we surrender them.”
— Perri Nelson, November 6, 2008

 

The things people will do...

Published Tue, Nov 13 2007 9:37 AM
Technorati Tags: Computers and Internet, Software Development, Annoyances

Things at work have begun to get interesting again. We landed a new project that will take me a couple of weeks to finish, and it's fundamentally different from most of the other projects we've done in the past. Not that it's something we don't know how to do, but we will have to write all of the code for this one pretty much from scratch.

There are a lot of similarities at the same time though. The gating mechanism is similar to a mechanism we use occasionally, but site visitors will be coming from a completely different location, We get to use the same concepts, but the execution will be different.

Security requirements for this site are a lot tougher than they've been for most of our other sites too. Most of the sites we create for our clients simply collect user contact information for our clients and give a way a trial product or a CD that helps users to get more out of a product they already have. Occasionally though we have to collect sensitive information for contests that our clients are running.

This might include things such as customer social security numbers when the client is giving away prizes that are large enough that tax information needs to be supplied to the IRS. When we collect information like that, we have to encrypt it securely, store it separately from our other systems, and destroy it once it has been used to minimize the possibility that it can get into the wrong hands.

This time, we aren't going to be collecting any information of that type, but we have similar security requirements. The product being offered on the site is valuable and expensive, so we have to make sure that not only do we only give out one per authorized customer, but we have to securely encrypt the product keys to prevent anyone from being able to use them if they somehow manage to get access to the server where we're storing them, which will be behind two firewalls.

You'd think that all of this might not be necessary for a site that's only going to be available for a short time. You'd be surprised.

A couple of years ago we produced a pair of sites where users could visit to obtain a trial copy of Microsoft Office 2003, and a product activation key that would allow the user to use the software for 180 days. The only requirement was that the customer had to provide contact information that Microsoft could use for marketing purposes, and the user had to come through one of our gating points.

The site was wildly popular. There were tens of thousands of legitimate visitors to the site every day for a while. Soon though we started to notice a few problems.

One of the things that we build into all of our websites is an error trap. If something fails on the site, say a database connection can't be made or whatever, the site will send a detailed message to the development team letting us know exactly what the error was, and all of the context that is available.

This includes things like the user's IP address, browser type, the HTTP headers, the FORM fields, the query strings, session variables and server variables, and a call stack for where the error occurred. That's a lot of information and it's amazing what you can figure out about an error from it. I use a similar mechanism on this website to let me know when things fail.

Interestingly enough, they did fail on this website this morning. From about 8:47 AM to 8:55 AM PST this morning my site was unavailable. This appeared odd, since I haven't updated the code lately, and that's usually when things go south. This time it turns out that someone had shut down the SQL Server service and re-started it. At least that's what my error message emails told me.

Anyway, back to the Office Download sites… We noticed that we were getting an unusually high volume of error message emails. Within a few days there were several hundred of them an hour. Within a few weeks there were forty to fifty of them a minute!

I was tasked with figuring out what was going on. It didn't take too long but I had to wade through a bunch of those error messages to do it.

Have I told you on this site before that I hate spam? Have I written about the inane things that people try to spew out to get people to buy their products? Of course I have. I've written about the problems with automated filters. I've ridiculed the spammers and whined about the work I have to go through to rescue legitimate comments on my site (it's worth it though).

Well, one of my least favorite forms of e-mail spam are the ones that offer you "free" or "reduced price" software. Second to those are the ones that advertise for "warez" sites.

Apparently that's what had happened to our Office Download site. Some "bright" individual had decided to take advantage of our site that way. He (or she, after all, greed knows no gender) had captured the URL of the site's confirmation page and posted it on a "warez" site. And naturally, greedy and gullible people were flocking to that site in droves, clicking on the link to "free Office Software" and landing on our site's confirmation page. That's the page that presents the user with the product activation key.

The only problem was, the site absolutely required that the user go through the gating mechanism for session data to be set up correctly. It also absolutely required that the user provide the contact information for an order to be set up. Any user that landed on the confirmation page without having gone through that wasn't going to see a product activation key. They were going to see a message indicating that an error had occurred, and that the development team had been notified.

Other people were sending the link around in email to their friends. The HTTP_REFERRER in the error emails told us that. After all, when the referring URL is a yahoo or hotmail mailbox, it's clear what happened. And naturally, those people weren't getting the product key either.

So what's the point of all of this? I guess it's that people are greedy beyond belief. The product we were offering on our site was essentially free, the only real requirement was that the person taking advantage of the offer had to provide contact information. They even had the opportunity to opt out of future contact.

Even so, hundreds of thousands of people wanted something for even less than that, and so they tried to obtain the product without even giving our client the contact information. The Office Download site has been offline now for more than a year, and yet it still receives hits from people trying to get something for nothing.

The fundamental dishonesty of people never ceases to amaze me.

This linkfest is for the 13th of November, 2007.

If you have something interesting you'd like to share, feel free to link it here and leave a trackback.

Just remember the trackback policy.

Get the code for this blogroll Open Trackback Alliance

For the best exposure, go to the blogger's oasis and use the linkfest chooser to choose the posts you'd like to hook up with.

Linkfest Haven, the Blogger's Oasis

Comments (1) | Trackbacks (20)
Conservative Cat trackbacked with "It's All My Fault, and I'm Sorry"
Big Dogs Weblog trackbacked with "Why is the Media Good to Hillary?"
CommonSenseAmerica trackbacked with "State of Georgia turns to God"
universityupdate.com trackbacked with "The things people will do..."
Public Domain Clip Art trackbacked with "A Christmas Carol Charles Dickens"
Pirate's Cove trackbacked with "Those Wacky Iranians Get Their Gay On"
Planck's Constant trackbacked with "The Arab Contribution to Civilization: Nothing Lately"
123beta trackbacked with "Feel Good Story Of The Week"
Right Voices trackbacked with "U.S. prosecutors: Illegal immigrant worked for FBI, CIA, stole info"
Planck's Constant trackbacked with "The Difference Between Jews and Muslims"
Blue Star Chronicles trackbacked with "Now I Know Why I'm So Smart!!!!"
Blue Star Chronicles trackbacked with "George Clooney Says Liberals Would Have Saved Sale"
Woman Honor Thyself trackbacked with "SaY NO to ThanksGivinG!"
THE MIDNIGHT SUN trackbacked with "DR EHRENFELD FIGHTS FOR 2ND AMENDMENT RIGHTS TOMORROW"
THE MIDNIGHT SUN trackbacked with "INTERNET COMPANIES TARGET ANTI-JIHAD BLOG"
Pirate's Cove trackbacked with "WTW: The War On Christmas Has Started Begins Early"
Big Dogs Weblog trackbacked with "The Unreported Crime of Illegal Immigration"
Right Truth trackbacked with "Race to the Moon, Again."
Leaning Straight Up trackbacked with "2 post Veteran’s day stories"
Adam's Blog trackbacked with "A Sneak Preview of Socialism"
View Perri Nelson's profile on LinkedIn I'm a proud friend of Israel! Are you? Republican National Committee