Unusually High Number of Entries (+16,312.7%) in the Final Hours — March 2023 Giveaway — Legion 7 Slim

I took screenshots to record my entries.  By doing that, I also captured the total entries for the giveaway.  Over 7 days, the average hourly entries were +46.58.

But, over the final 15 hoursthe average hourly entries jumped to +7,644.35a +16,312.7% increase (164×"Normal").

Can anyone explain this, please?

Here are my data and calculations:

UID Date-Time Screenshot Total Entries ΔEntries ΔTime Avg Entries/Hour
1 2023-04-01 18:06:29  37,901 0 00:00:00 N/A
2 2023-04-02 05:35:37  38,617 +716 +11:29:08 +62.26
3 2023-04-03 21:27:42  40,710 +2,093 +39:52:05 +52.50
4 2023-04-05 10:43:49  42,739 +2,029 +37:16:07 +54.44
5 2023-04-06 02:18:14  43,755 +1,016 +15:34:25 +65.27
6 2023-04-07 12:47:41  45,448 +1,693 +34:29:27 +40.07
7 2023-04-08 03:55:54  46,227 +779 +15:08:13 +51.49
8 2023-04-09 13:29:43  47,989 +1,762 +33:33:49 +52.49
9 2023-04-10 04:28:35  162,824 +114,835 +14:58:52 +7,644.35
Parents
  • I appreciate the transparency in your answer Ben.  M0rn, I think your concerns about fraud control are valid, but Ben is just an end user of Gleam, in the end he's got a limited set of tools to check against fraud and the quality check for content is a good one.  Hopefully Ben has been in touch with Gleam about this and their devs can examine the issue and the underlying data in order to deploy an improved version of the platform that better protects against these types of attacks.

  • I read your reply 10 days ago.  At that time, I looked up both Gleam and the random number service they use, Random.org.

    After inspecting the Giveaway page, I found that the entry-system is embedded in an HTML iframe element.  Unfortunately, I have not found a way to insert that code here: Insert➔Code + paste + OK results in no action or "Access denied", even if I comment out the code.

    Here are my questions:

    1. If the contest is handled entirely by a 3rd-party, how does  "thoroughly vet the winner"?  The winner may be both "a real contestant" and part of the attempt to corrupt the results; i.e. although the winner won on "legitimate" entries, the winner attempted to cheat.
      1. if a contestant attempts to cheat, but fails, can they still win??? 
      2. how does Ben compare:
        1. the winner's transaction logs —
          1. to the transaction logs of those accounts making over 100,000 fraudulent entries?
    2. The Legion Community accounts are not handled by a 3rd-party
      1. what efforts are made to investigate — and eliminate — the fraudulent (bot) accounts?
        1. how can this be done, without access to 3rd-party data?
Reply
  • I read your reply 10 days ago.  At that time, I looked up both Gleam and the random number service they use, Random.org.

    After inspecting the Giveaway page, I found that the entry-system is embedded in an HTML iframe element.  Unfortunately, I have not found a way to insert that code here: Insert➔Code + paste + OK results in no action or "Access denied", even if I comment out the code.

    Here are my questions:

    1. If the contest is handled entirely by a 3rd-party, how does  "thoroughly vet the winner"?  The winner may be both "a real contestant" and part of the attempt to corrupt the results; i.e. although the winner won on "legitimate" entries, the winner attempted to cheat.
      1. if a contestant attempts to cheat, but fails, can they still win??? 
      2. how does Ben compare:
        1. the winner's transaction logs —
          1. to the transaction logs of those accounts making over 100,000 fraudulent entries?
    2. The Legion Community accounts are not handled by a 3rd-party
      1. what efforts are made to investigate — and eliminate — the fraudulent (bot) accounts?
        1. how can this be done, without access to 3rd-party data?
Children
  • 1a.  If someone attempts to cheat, and fails, then they haven't cheated.  

    1b. Ben said above that he relies on Gleam to vet entries to make sure they're not spam/bots/cheaters

    2a.  If they told everyone, that'd be like saying "here's how we do security, now knowing that find ways around it". There's a reason that security cameras are sometimes obvious, and sometimes not. 

    That said, I agree with you that the ongoing April contest and the past March contest have shown concerning patterns of rapidly increasing number of entries over a very short amount of time.  I appreciate your keen eye on this.

    I think one easy way around this, since I still think Ben is limited in what he can do with what Gleam provides, is to require a post on the forum first(that's high quality) and then attach the non social interaction entries(following legion on Twitter for example) to that post.  That way no one can spam the non social posts.