Winter Carnival Poll Hijacked by Bots

February 12, 2018

The Picador hosted a competition that would earn the winning dorm 50 extra Winter Carnival points, but what was intended to be a light and friendly contest, ended up snowballing into an all out war of bots.  But how?


The average student may visit The Picador, vote in a poll, and then not be able to vote anymore. This is due to cookies left on your computer. However, some students may have noticed that when in incognito mode they could vote as many times as they wanted by simply refreshing the page. When in incognito mode the server can’t tell that you have already voted, allowing some people to vote as many times as they wanted.  


This way of voting will only get you so far, and, as some students found out, there were better tools that they could use. These tools consisted of Applescript and a program called Selenium. Applescript is on almost every Mac, and it can easily create a program that will automatically move the mouse around as directed. All you have to do is tell it where to move the mouse, vote, reload the page, and then repeat. Similarly, Selenium is a program that will allow the user to automatically control the browser’s actions. Unfortunately, both of these methods are rather inefficient and vote slowly. This was easily averted, as some enterprising student would run the program on all the computers in the computer lab.  


Yet, for some of the more technologically advanced students there were better and more efficient methods of voting. In particular, Andrey Yao and Julila Tran created their own programs through the use of Java and Terminal

Below you can see how Andrey Yao went about creating a program that was able to gather nearly 2 million votes!


 I went to the website & looked at the source. I then googled to find a automation framework in java called Selenium. Selenium allows you to run repeated tasks on your browser with code. My code: First navigate to then I proceed to a loop: First search for the “Rathbun” radioButton, click it. Then, search for the “vote” button, and click it. After that, clear all cookies in the browser (The website sends you cookies to attempt to prevent stuff like this). Finally, refresh the browser and loop again.


Then I was wondering if I could avoid all these redundant steps (Loading images, refusing browsers, etc) So… 1. I set the browser to “headless” 2. I looked into the source code again and found the function that does the voting. Instead of clicking those stupid buttons, I just call these functions. It runs a lot faster. What that (javascript) function does is that it Post an “ajax” request to the picador url, containing data regarding which poll and which option of the poll you are voting for.


I then decided to add some GUI so that other people in the dorm can use it easily just by clicking it.


Below, A picture of part of Andrey Yao’s code to further demonstrate the complexity:


Unfortunately, the excessive voting was the cause of great concern for The Picador’s host, SNOSites.  Once the poll reached 6,000,000 votes, Mr. Herring was contacted that “Our monitoring scripts have detected malicious traffic on the Someone has written scripts that are hammering the site trying to vote and revote and revote on the most recent poll about “What’s the Best Dorm? (Most votes earns 50 Winter Carnival points).” As a result, The Picador’s ability to support polls was temporarily suspended. And, even worse, the points from the competition were never distributed to the dorms, winners listed below. 

Houseman – 3,411,907
Rathbun –   1,657,613

Connell    451
Dahl    19
Day Boys    4014
Day Girls    84
Hoit    21044
Houseman    3411907
Niles    32
Pfenninger    899
Pichette    2054
Rathbun    1657613
Sargent    286
Sheppe    36
The Hill    1949
Webster    59233
Woodward    19
Yellow    284

Should the winning dorms receive Winter Carnival points for their creativity and technological prowess?

View Results

Loading ... Loading ...


1 Comment

One Response to “Winter Carnival Poll Hijacked by Bots”

  1. Nancy Fredrickson on February 13th, 2018 10:03 am

    Sam, your concluding e-vote option was deliciously ironic and delightfully humorous. Thanks for the article and the chuckle!

We welcome your comments -- supportive, critical or otherwise. We do not censor or delete comments unless they contain off-topic statements or links, abusive content, vulgarity, or personal attacks.

If you want a picture to show with your comment, go get a gravatar.

The Picador • Copyright 2019 • FLEX WordPress Theme by SNOLog in