Hacker News new | past | comments | ask | show | jobs | submit login

tldr: I wrote a JavaScript "virus" for our school's (unofficial) message board. I was banned for years. In a thread about that webcam, I made the above facetious apology.

Longer version: premium users of The Wolf Web were granted full html/javascript abilities. I probably never would have bothered to become premium, except every year the site hosted an Egg Hunt, which involves staying online as long as you can during a 24 hour period to claim "eggs" that are randomly assigned to you. The person who gets the most eggs wins premium status for a year. Two friends and I decided to win the competition by working in shifts and we indeed won. The fact that there were veteran users, some with over 50k posts, and we won with a new alias just added insult to injury.

While playing around with my newfound html abilities, I realized that I could write an auto-submitting form; I decided to write a virus. It was totally ugly; for technical reasons related to the payload, I wrote the entire thing on one line, used the shortest variable names possible, and it was pretty much untested. The way it worked is, when a premium user clicked on a thread with the payload, they would automatically submit a new thread with the payload included. I'm still proud of one feature: it would pull recent thread titles, so they would appear to be legitimate threads that had been bumped. I call it a virus, but it didn't do much besides spread for a few days before they disabled it. Anyway, all of my accounts were promptly banned. Somehow, I used some social engineering to convince an admin who had been away to unban me. It worked, but I never used the account.

Scheming, virus writing, social engineering. Definitely one of my finer moments. I documented some of the events here: http://www.facebook.com/media/set/?set=a.511920914339.213059...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: