[tor-talk] An example of scraping and bad behaviour over Tor

128Ko 128ko at protonmail.com
Tue Oct 4 22:43:13 UTC 2016


"Has anyone here had a CAPTCHA on Amazon over Tor, recently? [...]"

Hello !
Yes, since few days, I notice that Amazon ask me for a CAPTCHA code.
Worst than Google, It's a annoying random string :/





-------- Original Message --------
Subject: [tor-talk] An example of scraping and bad behaviour over Tor
Local Time: October 1, 2016 9:27 AM
UTC Time: October 1, 2016 7:27 AM
From: alec.muffett at gmail.com
To: tor-talk at lists.torproject.org

Sharing for context: the article does not clearly say whether this scam was
entirely completed over Tor, or only partially - the "over 200 proxy
servers" sounds like come other proxy network - but it's a fine example of
the sort of thing I have been talking about and what all those CAPTCHAs we
experience are meant to be preventing, in this case: helping scammy hoaxy
e-books on Amazon:

http://www.zdnet.com/article/exclusive-inside-a-million-dollar-amazon-kindle-catfishing-scam/


Moore was just one of hundreds of pseudonyms employed in a sophisticated
> "catfishing" scheme run by Valeriy Shershnyov, whose Vancouver-based
> business hoodwinked Amazon customers into buying low-quality ebooks, which
> were boosted on the online marketplace by an unscrupulous system of bots,
> scripts, and virtual servers.


[...]

These books were associated with a publisher's email account used to
> collect royalties on all the ebook and physical books that were sold.
> (Shershnyov used his own personal email address, along with other
> accounts.) Each account was responsible for publishing hundreds of ebooks.
> If one account was caught or disabled, it wouldn't upend the entire scheme.


These accounts worked together to artificially inflate the number of ebooks
> downloaded, thus raising the ranking of each ebook in Amazon's charts. That
> visibility helped to draw in real readers.


The server hosted a table containing 83,899 fake Amazon accounts (an easy
> feat given that, when we checked, Amazon doesn't verify email accounts). *At
> any given time of the day, dozens of those accounts could be pushed through
> one of over 200 proxy servers -- provided by a third-party internet company
> -- which makes it harder for Amazon to detect the logins.* The server
> installed the Selenium web driver, a browser automation tool, which
> simulates a real person typing in the accounts' usernames and passwords,
> one after the other.


Not all logins will be successful. Some are blocked or banned. If that
> happens, the table would log the the failure, and move on to the next
> account.


[...]

The *downloads would be tunneled over the Tor anonymity network*, masking
> the IP addresses of the server, making it tougher for Amazon's systems to
> spot the fraudulent downloads.


It can take just a few days for an ebook to rise up the charts and increase
> visibility -- these books can easily reach the Top 100 list, particularly
> in niche categories.



Has anyone here had a CAPTCHA on Amazon over Tor, recently? This sort of
thing is why...

-a

--

http://dropsafe.crypticide.com/aboutalecm
--
tor-talk mailing list - tor-talk at lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


More information about the tor-talk mailing list