*** Welcome to piglix ***

Votebots


A votebot is a type of Internet bot that aims to vote automatically in online polls, often in a malicious manner. VoteBots attempts to act like a human, but conduct voting in an automated manner in order to impact the result of the poll. A variety of VoteBot programs, targeted different kinds of services from normal websites to web applications, are sold online by individuals and groups. Like Web crawlers, a votebot can be customized to perform tasks in various environment or target different websites. Simple votebots are easy to code and deploy, yet they are often effective against many polls online, as the developer of the poll software must take this kind of attack into account and do extra work to defend against it.

The WWW is built on HTTP protocol to transfer information. To imitate legitimate user behavior, such as voting in an online poll, the attacker sends a HTTP request to particular server hosting the poll.

Analyzing the target, or the voting project, should be done before actually building the votebot. When handling a voting website for example, one needs to do some webpage analysis on the target, extracting the request URL of the voting action as well as some HTTP header settings to cheat the website. There are lots of tools which help people to analyze the web, such as Firebug and httpanalyzer. One can trace the voting process of HTTP packages by these tools and find the right voting target and some simple protecting tricks used by websites, such as referrer verification.

Before sending requests, the attacker must carefully analyze the target and identify potential attack vectors. During analysis, the attacker must determine if HTTP sessions (maintained via cookies) are necessary to consider or not. For example, an online poll could require a session so that only authorized users can vote.

Crafting an HTTP request defines how an actual user would behave based on parameters defined in the request.

In many voting projects, developers try to distinguish the bots from legal users. They may use the strategy talked about below, and the votebots try to bypass their barriers or detecting methods to successfully vote at the website. For example, some websites restrict the number of votes one IP address can make in a time period. Votebots can bypass this rule by proxy its IP address frequently to cheat the website. Another frequently used strategy is to analyze the account created by a votebot to tell any difference from the normal accounts created by human beings, or to analyze the action history of accounts in the system to find out potential votebots creating ones. Votebots, on the other hand, try to simulate human action such as logging in and out as well as sharing some articles in some social network service before voting.


...
Wikipedia

...