Jump to content
knapplc

ESPN Tradition Battle

Recommended Posts

Malth    207

We've only closed the gap by a million in the past like 12 hours. We're still down by almost 3 million. The percentage just looks better because there's been over 8 million votes total in that time period.

Share this post


Link to post
Share on other sites
knapplc    17,893

I think it's a fait accompli that Michigan wins this. That doesn't mean that the bots have to die, however. Presuming Michigan wins, rework the bots so they vote for Michigan in the next round, and run them 24/7. Put 50 million votes on this thing, put 100 million on it, so ESPN has to acknowledge that their stupid contest is so easily hackable that it's worthless.

Share this post


Link to post
Share on other sites
95huskers    165

I think it's a fait accompli that Michigan wins this. That doesn't mean that the bots have to die, however. Presuming Michigan wins, rework the bots so they vote for Michigan in the next round, and run them 24/7. Put 50 million votes on this thing, put 100 million on it, so ESPN has to acknowledge that their stupid contest is so easily hackable that it's worthless.

 

yeah.gif

Share this post


Link to post
Share on other sites
redblooded    81

It was a good effort, in ~12 hours we swung it from 75% to 25% to 60/40 or so and both sides put put 11 million votes in the poll, more than doubling it.

 

as far as re-releasing the bot to vote for michigan, meh, they have enough. I have other things I'd like to do with my bandwidth this week then run that many votes in.

Share this post


Link to post
Share on other sites
huskersrule95    290

It ended with Michigan winning 55% to 45%. We made a pretty good comeback but just wasn't enough. This final vote won't even be close if the last round was any indicator.

Share this post


Link to post
Share on other sites
redblooded    81

Let's turn our Bots toward Florida State for the win.

 

 

Go Noles!

 

No, and I deliberately made it so what I released was only good for the one poll for this reason. Not every poll needs bots running millions of votes in. If FSU chooses to bot, they can do it on their own.

Share this post


Link to post
Share on other sites
huKSer    1,349

Let's turn our Bots toward Florida State for the win.

 

 

Go Noles!

Let's turn our Bots toward Alex Gordon for the All-Star game. :dunno

Share this post


Link to post
Share on other sites
redblooded    81

I think it's a fait accompli that Michigan wins this. That doesn't mean that the bots have to die, however. Presuming Michigan wins, rework the bots so they vote for Michigan in the next round, and run them 24/7. Put 50 million votes on this thing, put 100 million on it, so ESPN has to acknowledge that their stupid contest is so easily hackable that it's worthless.

 

Well the bot wars are back on today and to show there are no hard feelings and support our new conference I decided to do just that.

 

http://www.mediafire.com/?hwx6to8mjzjxs9h

 

Updated for the final round for anyone that feels like dumping votes in for Michigan.

 

Edit: beware I've inspired fans. That will be the one and only link I post for this. FSU fans have been trying to impersonate me on other boards with links to their own bot.

Share this post


Link to post
Share on other sites
redblooded    81

We broke it, last week apparently we were under an hour or two from breaking the thing with our 20 million+ votes.

 

We hit 22,151,426 tonight, and apparently that's as far as it goes. I dunno why but I feel a sense of satisfaction from it...

Share this post


Link to post
Share on other sites
redblooded    81

the source code, since no doubt a few would like to see it.

 

Nothing spectacular at all, my script basically trimmed down a tad, with no features/options, delays, or proxies and re-written in c++ in haste to combat Michigan's (hell of a) script.

 

For the windows version, it was a strait cross-compile using minGW... Native windows code might speed that up a bit.

 

#include <string>
#include <iostream>
#include <ctime>
#include "curl/curl.h"

using namespace std;

// Write any errors in here
static char errorBuffer[CURL_ERROR_SIZE];

// Write all expected data in here
static string buffer;

// This is the writer call back function used by curl
static int writer(char *data, size_t size, size_t nmemb,
                 std::string *buffer)
{
 // What we will return
 int result = 0;

 // Is there anything in the buffer?
 if (buffer != NULL)
 {
   // Append the data to the buffer
   buffer->append(data, size * nmemb);

   // How much did we write?
   result = size * nmemb;
 }

 return result;
}

int main(int argc, char* argv[])
{

   //curl objects
   CURL *curl1;

   CURLcode result1;

   curl1 = curl_easy_init();

   char ua[] = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0";
   char url[] = "http://espn.go.com/crossdomain.xml";
   char vurl1[] = "http://poll.espn.go.com/cgi/sz/poll.dll?goTo=http://espn.go.com/poll&domain=.go.com&questions=1&id=116468&qid=116379&service=SZ&count_0=2&expected_0=1&vote_0=404528";
   char vurl2[] = "http://espn.go.com/poll/?POLL454=8000000000000000000000000000000000000000000000000000000000000";
   string pcookie = " POLL454=8000000000000000000000000000000000000000000000000000000000000";
   string cookie;
   string swid;
   string userAB;
   size_t pos;
   long start, end, totalsec;
   int count;
   start = time(NULL);

   // Now set up all of the curl options
   curl_easy_setopt(curl1, CURLOPT_ERRORBUFFER, errorBuffer);
   curl_easy_setopt(curl1, CURLOPT_HEADER, 1);
   curl_easy_setopt(curl1, CURLOPT_FOLLOWLOCATION, 0);
   curl_easy_setopt(curl1, CURLOPT_WRITEFUNCTION, writer);
   curl_easy_setopt(curl1, CURLOPT_WRITEDATA, &buffer);
   curl_easy_setopt(curl1, CURLOPT_USERAGENT, ua);

   cout << "Constructicon forming Devastator!" << endl;

   for (int x = 0; x < 1000000; x++)
   {
//Clear buffer for new session cookie
buffer.clear();
//we have to clear cookies here because it messes substr
curl_easy_setopt(curl1, CURLOPT_COOKIE, "\0");
//prepare to get a session
curl_easy_setopt(curl1, CURLOPT_URL, url);

//get a session id so we can pull the cookie off the buffer.
result1 = curl_easy_perform(curl1);

//cout << "buffer = " << result1 << " " << buffer;
if (result1 == CURLE_OK)
{
	//calculate the two cookies we need.
	pos = buffer.find("SWID=");

	swid = buffer.substr(pos, 42);

	userAB = " userAB=";
	userAB.append(swid.substr(40,2));
	swid.append(userAB);

	//setup our session to hit the vote page
	curl_easy_setopt(curl1, CURLOPT_COOKIE, swid.c_str());
	curl_easy_setopt(curl1, CURLOPT_URL, vurl1);
	result1 = curl_easy_perform(curl1);
	//setup second vote url cookie
	swid.append(pcookie);
	curl_easy_setopt(curl1, CURLOPT_COOKIE, swid.c_str());
	curl_easy_setopt(curl1, CURLOPT_URL, vurl2);
	//send second vote url
	result1 = curl_easy_perform(curl1);
}

count = x+1;

       if (count % 100 == 0)
       {
            cout << count << " votes cast..." << endl;
       }
   }
   curl_easy_cleanup(curl1);

   end = time(NULL);
   totalsec = (end - start);

   if(totalsec > 0)
   {
        cout << "votes cast in: " << totalsec << " seconds." << endl;
   	 cout << "At the rate of: " << count / totalsec << " votes a second" << endl;
   }
}

 

I officially retire from the bot wars.

Share this post


Link to post
Share on other sites
knapplc    17,893

We broke it, last week apparently we were under an hour or two from breaking the thing with our 20 million+ votes.

 

We hit 22,151,426 tonight, and apparently that's as far as it goes. I dunno why but I feel a sense of satisfaction from it...

 

Maybe, just maybe, this will teach ESPN to make a more secure poll. This was just a lazy effort, too easily hackable by bots.

Share this post


Link to post
Share on other sites
nole99    0

the source code, since no doubt a few would like to see it.

 

Nothing spectacular at all, my script basically trimmed down a tad, with no features/options, delays, or proxies and re-written in c++ in haste to combat Michigan's (hell of a) script.

 

For the windows version, it was a strait cross-compile using minGW... Native windows code might speed that up a bit.

 

#include <string>
#include <iostream>
#include <ctime>
#include "curl/curl.h"

using namespace std;

// Write any errors in here
static char errorBuffer[CURL_ERROR_SIZE];

// Write all expected data in here
static string buffer;

// This is the writer call back function used by curl
static int writer(char *data, size_t size, size_t nmemb,
                 std::string *buffer)
{
 // What we will return
 int result = 0;

 // Is there anything in the buffer?
 if (buffer != NULL)
 {
   // Append the data to the buffer
   buffer->append(data, size * nmemb);

   // How much did we write?
   result = size * nmemb;
 }

 return result;
}

int main(int argc, char* argv[])
{

   //curl objects
   CURL *curl1;

   CURLcode result1;

   curl1 = curl_easy_init();

   char ua[] = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0";
   char url[] = "http://espn.go.com/crossdomain.xml";
   char vurl1[] = "http://poll.espn.go.com/cgi/sz/poll.dll?goTo=http://espn.go.com/poll&domain=.go.com&questions=1&id=116468&qid=116379&service=SZ&count_0=2&expected_0=1&vote_0=404528";
   char vurl2[] = "http://espn.go.com/poll/?POLL454=8000000000000000000000000000000000000000000000000000000000000";
   string pcookie = " POLL454=8000000000000000000000000000000000000000000000000000000000000";
   string cookie;
   string swid;
   string userAB;
   size_t pos;
   long start, end, totalsec;
   int count;
   start = time(NULL);

   // Now set up all of the curl options
   curl_easy_setopt(curl1, CURLOPT_ERRORBUFFER, errorBuffer);
   curl_easy_setopt(curl1, CURLOPT_HEADER, 1);
   curl_easy_setopt(curl1, CURLOPT_FOLLOWLOCATION, 0);
   curl_easy_setopt(curl1, CURLOPT_WRITEFUNCTION, writer);
   curl_easy_setopt(curl1, CURLOPT_WRITEDATA, &buffer);
   curl_easy_setopt(curl1, CURLOPT_USERAGENT, ua);

   cout << "Constructicon forming Devastator!" << endl;

   for (int x = 0; x < 1000000; x++)
   {
//Clear buffer for new session cookie
buffer.clear();
//we have to clear cookies here because it messes substr
curl_easy_setopt(curl1, CURLOPT_COOKIE, "\0");
//prepare to get a session
curl_easy_setopt(curl1, CURLOPT_URL, url);

//get a session id so we can pull the cookie off the buffer.
result1 = curl_easy_perform(curl1);

//cout << "buffer = " << result1 << " " << buffer;
if (result1 == CURLE_OK)
{
	//calculate the two cookies we need.
	pos = buffer.find("SWID=");

	swid = buffer.substr(pos, 42);

	userAB = " userAB=";
	userAB.append(swid.substr(40,2));
	swid.append(userAB);

	//setup our session to hit the vote page
	curl_easy_setopt(curl1, CURLOPT_COOKIE, swid.c_str());
	curl_easy_setopt(curl1, CURLOPT_URL, vurl1);
	result1 = curl_easy_perform(curl1);
	//setup second vote url cookie
	swid.append(pcookie);
	curl_easy_setopt(curl1, CURLOPT_COOKIE, swid.c_str());
	curl_easy_setopt(curl1, CURLOPT_URL, vurl2);
	//send second vote url
	result1 = curl_easy_perform(curl1);
}

count = x+1;

       if (count % 100 == 0)
       {
            cout << count << " votes cast..." << endl;
       }
   }
   curl_easy_cleanup(curl1);

   end = time(NULL);
   totalsec = (end - start);

   if(totalsec > 0)
   {
        cout << "votes cast in: " << totalsec << " seconds." << endl;
   	 cout << "At the rate of: " << count / totalsec << " votes a second" << endl;
   }
}

 

I officially retire from the bot wars.

 

You did not need the 3rd GET. Still, very effective.

Share this post


Link to post
Share on other sites
redblooded    81

You did not need the 3rd GET. Still, very effective.

 

I was wondering if I overdid it by one, it was difficult testing it since every poll had thousands of votes going in :P, so I just emulated what firefox did on a vote. Thanks for letting me know :).

Share this post


Link to post
Share on other sites
redblooded    81

I don't have facebook (facebook is horrible) to see who ended up winning, but last I heard FSU had a pretty big percentage lead there too. So I don't think we really accomplished anything. I kinda doubt espn even looks at it's awful poll code. At most they'll probably add a cookie to reverse engineer or something.

 

Actually FSU's bot was probably better, I don't have their source, but I'd imagine it was similar (minus the extra get request I had) and I think they distributed it way better.

 

I stopped my bot when the poll stopped since I was up watching the updated tallies to see what we were pumping in every refresh. I wanted to ramp mine down if Michigan started gaining because I was saturating my connection with the Linux version running on multiple machines for a team that isn't even mine. I also removed the public windows download I had set up, but I have no clue what anyone else running my bot did...

 

However supposedly before they removed the poll it refreshed for a couple minutes and FSU had still been running their bots and had racked up some ridiculous total that I didn't see but people were saying it was around 70 million votes added that day the poll page was no longer updating (with a grand total somewhere around 90 million I think) and fsu had gone back up by 40% or something just about as ridiculous. So I imagine quite a few Michigan bot runners stopped, but even if we didn't with 22+ million votes in and a virtual deadlock as far as votes being cast per hour/school. If we all kept at it the poll probably wouldn't have swung anymore towards Michigan before we actually did disrupt the server. The totals would have just been getting too large to really move the percentages at all.

 

I think all the bots were probably relatively close to the same speed on a per-instance basis... It all comes down to how many machines you can get running something like that. No one fan-base caused ESPN to pull the plug, we each played a part.

Share this post


Link to post
Share on other sites
nole99    0

The poll results did update momentarily before the poll page was changed to include the 'technical difficulties' paragraph. There were just under 83M votes, and FSU was up 61-39%. But, as you said, this can be attributed to Noles continuing to run. We didn't distribute until shortly after 11pm EST so the bulk of our DL's came in the morning after the results had stalled. Since we weren't sure if the entire poll was truly broken or if it was just the flash-based results graph that broke we encouraged everyone to press on. Apparently the vote collection server continued to function. After the announcment, it finally quit responding to GET requests. Obviously, some number of Michigan fans and allies also continued as they added another 21M to the 11M they had at the stall.

 

I would agree that our two bots were probably about the same in performance and it boiled down to the number of instances running for each side. I have no idea what Michigan had but I think you guys would have easily caught them if you'd gotten your windows version out earlier (although I'm don't fully understand why they stopped and gave you time for a comeback) and I'd like to think we would've handled them easily without you helping them. But who knows. I know when I went to bed about an hour after our distribution, the voting rate was about 1000/sec which was significantly more than I saw in any earlier matchups.

 

Also, you alluded to someone giving out an FSU bot. I know it wasn't mine at the time you posted that statement, so I am curious as to what you saw. I am not aware of any other bots on our side.

Share this post


Link to post
Share on other sites
redblooded    81

The poll results did update momentarily before the poll page was changed to include the 'technical difficulties' paragraph. There were just under 83M votes, and FSU was up 61-39%. But, as you said, this can be attributed to Noles continuing to run. We didn't distribute until shortly after 11pm EST so the bulk of our DL's came in the morning after the results had stalled. Since we weren't sure if the entire poll was truly broken or if it was just the flash-based results graph that broke we encouraged everyone to press on. Apparently the vote collection server continued to function. After the announcment, it finally quit responding to GET requests. Obviously, some number of Michigan fans and allies also continued as they added another 21M to the 11M they had at the stall.

 

I would agree that our two bots were probably about the same in performance and it boiled down to the number of instances running for each side. I have no idea what Michigan had but I think you guys would have easily caught them if you'd gotten your windows version out earlier (although I'm don't fully understand why they stopped and gave you time for a comeback) and I'd like to think we would've handled them easily without you helping them. But who knows. I know when I went to bed about an hour after our distribution, the voting rate was about 1000/sec which was significantly more than I saw in any earlier matchups.

 

Also, you alluded to someone giving out an FSU bot. I know it wasn't mine at the time you posted that statement, so I am curious as to what you saw. I am not aware of any other bots on our side.

 

I just assumed that the file that was masquerading as my bot and was being posted by someone on mgo and espn was actually an FSU bot. However, I didn't spend any time analyzing the file.

 

Michigan had a script, which I'd imagine was about the same. It was run by a grad student and his roommate at cal-tech. That was the main michgan_bot. I have no idea how many instances they were able to run, but enough to where I could not swing the UofM/NU poll alone and when they buried my previous bot. They stopped running that week because the script I had written before, a moderately fast (compared to grease-monkeying a browser or something) perl script from years ago using LWP::Useragent which did the same thing, had been buried enough that it couldn't catch them before the poll closed, and I had admitted defeat at that point. I had tried releasing that bot privately to up our vote numbers, but had no takers, not many people run linux or know perl on football forums I guess, go figure.

 

I re-wrote the bot in c++ using libcurl and then was curious how close we could make it since it was an order of magnitude faster on a single instance to single instance basis (duh right, compiled code is faster). We may have overtaken them with another half day or so added to the poll, I simply didn't get it cross-compiled or released fast enough. It also didn't help that I released it fairly late on a holiday evening.

 

Really though I only released it at that point because I was curious how fast it would run were it distributed and I couldn't commandeer a university connection + computers to do it myself. Which is pretty much the same reason I released a Michigan version. I wanted to see what it was capable of distributed. So once some other Michigan botter was obviously breaking the "cease fire" (that was hilarious considering there were way too many votes going in to be actual people since day one) and then promptly proceeded getting his ass handed to him by FSU's bots I figured Michigan would need my bot to keep it close.

 

It was a little bit interesting trying to figure out who was doing what, that's about the best I could figure it. There are way too many hidden pay forums for college football fans to really investigate much. Especially on the FSU side, I couldn't find much more than a vague post on 247 that wasn't hidden behind the pay wall in reference to FSU's bot.

 

I'm just not that secretive, at least once I had the compiled code version. Since it would take more then a text editor for another team's fans to hijack the program at that point.

 

Anyways it was great nerdy fun and a completely unproductive excuse to write code, so thanks again :).

Share this post


Link to post
Share on other sites
gin_32    14

the source code, since no doubt a few would like to see it.

 

Nothing spectacular at all, my script basically trimmed down a tad, with no features/options, delays, or proxies and re-written in c++ in haste to combat Michigan's (hell of a) script.

 

For the windows version, it was a strait cross-compile using minGW... Native windows code might speed that up a bit.

You did mentioned cookies becuase that's the only thing I acutally understood AND like to eat from what you said...

#include <string>
#include <iostream>
#include <ctime>
#include "curl/curl.h"

using namespace std;

// Write any errors in here
static char errorBuffer[CURL_ERROR_SIZE];

// Write all expected data in here
static string buffer;

// This is the writer call back function used by curl
static int writer(char *data, size_t size, size_t nmemb,
                 std::string *buffer)
{
 // What we will return
 int result = 0;

 // Is there anything in the buffer?
 if (buffer != NULL)
 {
   // Append the data to the buffer
   buffer->append(data, size * nmemb);

   // How much did we write?
   result = size * nmemb;
 }

 return result;
}

int main(int argc, char* argv[])
{

   //curl objects
   CURL *curl1;

   CURLcode result1;

   curl1 = curl_easy_init();

   char ua[] = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0";
   char url[] = "http://espn.go.com/crossdomain.xml";
   char vurl1[] = "http://poll.espn.go.com/cgi/sz/poll.dll?goTo=http://espn.go.com/poll&domain=.go.com&questions=1&id=116468&qid=116379&service=SZ&count_0=2&expected_0=1&vote_0=404528";
   char vurl2[] = "http://espn.go.com/poll/?POLL454=8000000000000000000000000000000000000000000000000000000000000";
   string pcookie = " POLL454=8000000000000000000000000000000000000000000000000000000000000";
   string cookie;
   string swid;
   string userAB;
   size_t pos;
   long start, end, totalsec;
   int count;
   start = time(NULL);

   // Now set up all of the curl options
   curl_easy_setopt(curl1, CURLOPT_ERRORBUFFER, errorBuffer);
   curl_easy_setopt(curl1, CURLOPT_HEADER, 1);
   curl_easy_setopt(curl1, CURLOPT_FOLLOWLOCATION, 0);
   curl_easy_setopt(curl1, CURLOPT_WRITEFUNCTION, writer);
   curl_easy_setopt(curl1, CURLOPT_WRITEDATA, &buffer);
   curl_easy_setopt(curl1, CURLOPT_USERAGENT, ua);

   cout << "Constructicon forming Devastator!" << endl;

   for (int x = 0; x < 1000000; x++)
   {
//Clear buffer for new session cookie
buffer.clear();
//we have to clear cookies here because it messes substr
curl_easy_setopt(curl1, CURLOPT_COOKIE, "\0");
//prepare to get a session
curl_easy_setopt(curl1, CURLOPT_URL, url);

//get a session id so we can pull the cookie off the buffer.
result1 = curl_easy_perform(curl1);

//cout << "buffer = " << result1 << " " << buffer;
if (result1 == CURLE_OK)
{
	//calculate the two cookies we need.
	pos = buffer.find("SWID=");

	swid = buffer.substr(pos, 42);

	userAB = " userAB=";
	userAB.append(swid.substr(40,2));
	swid.append(userAB);

	//setup our session to hit the vote page
	curl_easy_setopt(curl1, CURLOPT_COOKIE, swid.c_str());
	curl_easy_setopt(curl1, CURLOPT_URL, vurl1);
	result1 = curl_easy_perform(curl1);
	//setup second vote url cookie
	swid.append(pcookie);
	curl_easy_setopt(curl1, CURLOPT_COOKIE, swid.c_str());
	curl_easy_setopt(curl1, CURLOPT_URL, vurl2);
	//send second vote url
	result1 = curl_easy_perform(curl1);
}

count = x+1;

       if (count % 100 == 0)
       {
            cout << count << " votes cast..." << endl;
       }
   }
   curl_easy_cleanup(curl1);

   end = time(NULL);
   totalsec = (end - start);

   if(totalsec > 0)
   {
        cout << "votes cast in: " << totalsec << " seconds." << endl;
   	 cout << "At the rate of: " << count / totalsec << " votes a second" << endl;
   }
}

 

I officially retire from the bot wars.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×