Reddit Hacking For Votes And Profit

Looks like someone figured out how to game the Reddit system. This probably has been done before, but as far as we know nobody’s actually shared the methods in detail. [Esrun] wrote some scripts that allow him to register multiple accounts and use them to up-vote stories.

The hack goes something like this. A script registers a group of accounts. Each uses a different IP and the only part that requires intervention is typing in the Captcha. This doesn’t take long. You can see the script interface above as well as a demonstration video after the break.

Once the accounts have been acquired a story is submitted and the new accounts vote on it. They’re not all up-votes though, as having both up and down votes puts the article into the controversial section of Reddit (which is desirable), and doesn’t rouse as much suspicion from the moderators. He ran a few tests that he shares and it seems that as long as the article is interesting, this can be quite successful.

Great, more spam with our social media please.

[youtube=http://www.youtube.com/watch?v=1c3SboR4uco]

[Thanks Joseph via Reddit]

36 thoughts on “Reddit Hacking For Votes And Profit

  1. Yeah, thanks HAD. Was three paragraphs really necessary for this drivel? This isn’t even exciting: Man creates program to register 100+ accounts on a popular social media site, and proceeds to vote up/down any post he chooses.

    Great, more spam with our hacks please.

  2. @dawg,

    This still is a hack when you look at it as Information Systems perspective. IT Security folks already know that these type of hacks exist. When you look at it as a social media perspective to promote a product you might not see its significance.

    What if someone created bunch of accounts that is associated with a particular region, and start sending updates for example saying that they’ve been attacked by zombies?

    I am glad HAD is bringing this up and giving perspective to more people may or may not aware of these type of hacks.

  3. “it seems that as long as the article is interesting, this can be quite successful.”

    Isn’t that the entire point of Reddit? More interesting articles are closer to the top? Doesn’t seem like he needed all those accounts or scripts to make interesting articles rise.

  4. @JD
    I think a less-interesting article that gets pushed to the top is more likely to be read than a very interesting article that doesn’t get read because it was piled under ‘hacked’ articles.

    @HaD
    This is not really that cool. I’m all for hacking things together, breaking security, and generally causing chaos… but when you are just scripting votes? That’s just cheating.

  5. This is a hack, but not one that belongs on HaD. The thread that usually ties the articles on HaD together is that the articles make the reader say, “that’s really clever” or “I would like to try that.” This may be a little clever, but I don’t think most people here would want to try it. I think HaD readers do the things they do for a sense of accomplishment, and doing this would certainly make most of us feel the opposite.
    This belongs either on a vulnerability disclosure site, or in the mailbox of the Reddit administrators.
    Still <3 you tho.

  6. I hope that the scripts are released. Reddit seems to be the same as Digg – unless you have enough friends to give your story the initial push, it won’t go anywhere… regardless of how good it is!

  7. Although this isn’t a hardware hack, I don’t mind seeing some more software hacks on here. We had wep cracking the other day and as a big user of Reddit, I’m actually interested to see how people are gaming it. Although I may not agree with what this guy is doing, at least he’s showing roughly how it’s done.

  8. @dawg
    its a hack your using something to do something that its not intentionally designed to do
    this interests a fair amount of people and if oyu dont like it shut the fuck up and dont fucking click on it you are still getting your hack-a-day now every one gets at least something they like

    @HaD good job you are finally reaching all audiences keep it up

  9. It felt a bit ironic reading a story on Reddit about reddit being gamed, wondering if it had been gamed itself to be there. At least Reddit will hopefully tighten up protocols now. I always submit cool stuff which gets downvoted into hell and then I see the most stupid stuff hitting the homepage. Now I know why.

  10. This isn’t a Hack ! Traditionally back in the 80’s when the terms were truly defined and before hacking entered the conciousness of the electronics hobbyists a hacker was some one who kludged or hacked code together for the likes of demo’s.

    This is more in the realm of the Cracker who traditionally broke security on software for piracy reasons, hackers ended up being mistook for crackers and got a bad name that even now is
    still perceived as a bit dodgey.

    Unless we are having Crack-a-day id say this post is not only irrelevant but also detrimental to the hacking community

    @Concino
    This is a crack , by definition he is cracking (by breaking or bypassing) the sites security for nefarious reasons.

    this sort of confusion is what gives hackers a bad rep

  11. Yeah I found this post interesting too. All you “pure” PIC programmers go and read the posts that interest you and quit spewing your shit all over the comments whenever a project doesnt fit into your tiny niche, or has the “absolute gall” to use an arduino. No one does indignant quite like you guys.

    Don’t bother replying, I lost interest in what you had to say a long time ago. But I’m getting real sick of wading through the crap while searching for comments that have any relevance to the article.

  12. Has the guy paid for this post to get some publicity?

    Maybe someone hasn’t shared their exact method of gaming this one website but the technical method is extremely generic, used by all kinds of spam programs.

  13. If you have control of hundreds of IP’s this is trivial, but who has that? Botnet guys and companies but not the ordinary man, unless maybe you are IPv6’ed?
    Anyway you see the same on youtube and such places too, it’s all a bit pathetic, if you cheat at least use your pals, maybe from a forum like 4chan or something, so at least real people are doing it not a lame script.

  14. We’ve known it can be done for a while, and the comments that were posted here:

    http://www.reddit.com/r/reddit.com/comments/djxhq/gaming_the_reddit_voting_system_twitter_is_just/c10r83k

    are much more interesting from a technical standpoint.

    I pm’ed back and forth with the author for a while, and after showing that I had no malicious intentions, he showed me some of the source code.

    It was much more advanced than what this guy is doing, not only in scale but in anti-detection counter measures.

  15. @Mav, stop laming about with hacker/cracker talk.

    A hacker deals with networks, he/she may be black or white hat. (group example: Chaos Computer Club)

    A cracker is a person cracking copyright protected software for fame &/ money. (group example: Core, Phrozen Crew)

  16. what is the incentive for voting up/down the stories?

    2 reasons i can think of.

    1. stories in the top stories list on the front page (like slyck does) are in order of replies in their forum last replied.

    so if you dont like a certain story because the headline contains some sexually or racially offensive word you may want to vote up the other articles to push the offending post to the bottom and off the list (slyck.com only shows the top 8 discussions).

    2. like above you can also vote down a post so lets say you get a bunch of accounts and vote down the sexually or racially offensive posting until it falls below and off the top rated list

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.