This is a project I'm working on for use between people at my university.
The idea is simple, it's a website where people can submit anonymous comments to other people based on a unique identifier, which is just a random number. People sign up with their unique identifier and their phone number, which would be saved together. Other people hop on the website and submit a comment with the unique identifier, which is sent via SMS to the corresponding phone number.
Conceptually I feel like this should be easy, the website just searches a table for the identifier and then uses an SMS API to send a message to the associated phone number. Also dynamically adds new lines to the table as people register.
I am real new to web development (if you couldn't tell), but I'm not afraid of a little code so I'm figuring it out. My problem is I have no idea big-picture-wise what building blocks I need to connect together. I think I found a good service called Twilio for the SMS API. I think I need to pay for web hosting, but do I need to rent server time? It's a real simple operation but the data also needs somewhere to live. I want it to be a long-term installation so I don't want to host it myself.
I would be very grateful if someone could real quick make a shopping list of the components I need to make this happen, or just any other tips if you've got 'em
Related
Ruby on rails dev here.
This question has been asked before. Here, here and here.
The problem is that they did not make the right question or the solution given was somewhat shallow.
I ´ll be as specific as I can.
The Goal
I want get the user´s contact e-mail and not the account e-mail. Two different things. :)
Some users leave their email on the contact button. It´s public.
My goal is to make a software that can extract e-mails, but for now, only extracting one e-mail from one single account will be more than enough to have my MVP going.
here is an example below on how instagram let users share their e-mail.
The Problem
It only shows in app :( If it were to be shown on the browser as well, it would be a walk in the park. The contact button that has the e-mail and phone number does not show in the browser.
**The Good Part*
There is some solutions to it.
This guy has a figured it out using the API, but I don´t quite understand how he did it. The downside is that all solution wants to sell you a product.
The focus of this company lies on extracting instagram e-mails and it seems legit.
Last but not least, this dude is using appium to extract those juicy e-mails. The third won´t really work for me because it seems too messy. Having to use a android emulator will be my last resort.
Thanks for helping and happy new year.
Set up mitmproxy on your machine.
Set up the certificates on your phone and use your machine as the gateway.
Analyze the traffic.
Reverse engineer the API (to log in and get info about user profiles) and then use it in your Ruby/Python/whatever code.
I use intuit merchant services - customers pay me with credit card after I send them an email with a link to pay, and everything works with no problem. However, my problem is that the link webpage structure is very outdated and some customers have told me that it doesn't look trustworthy, which I have to agree.
Is there any solution to this, like creating a user interface or a app that I can actually have developed to make this links a little bit more to look like my website so customers don't feel they ever left my website?
Thanks.
You should be careful with this idea. I am not a legal professional and am in no way attempting to give legal advice, but doing what you are suggesting can be illegal in some cases. Some sites disguise their payment screens in a similar way for malicious purposes in a manner called phishing, and there may be little legal differentiation between doing so with good or ill intent.
I don't think this is possible but here is what you actually can do:
Ask your Payment-Website about an API, then you might be able to change the layout.
Inform your customers about the situation and that they will be redirected of whatever you do.
Get a SSL-Cert for your website.
Find another way to receive payments in a trustworthy way
I am developing a user-generated content site. The goal is that users are rewarded if their content is viewed by a certain number of people. Whereas a user account is required to post content, an account is not required to view content.
I am currently developing the algorithm to count the number of valid views, and I am concerned about the possibility that users create bots to falsely increase their number of views. I would exclude views from the content generator’s IP, but I do not want to exclude valid views from other users with the same external IP address. The same external IP address could in fact account for a large amount of valid views in a college campus or corporate setting.
The site is implemented in python, and hosted on apache servers. The question is more theoretical in nature, as how can I establish whether or not traffic from the same IP is legitimate or not. I can’t find any content management systems that do this, and was just going to implement it myself.
You cannot reliably do this. Any method you create can be automated.
That said, you can raise the bar. For instance every page viewed can have a random number encoded into a piece of JavaScript that will submit an AJAX request. Any view where you have that corresponding AJAX request is probably a real browser, and is likely to be a real human since few bots handle JavaScript correctly. But absolutely nothing stops someone from having an automatic script to drive a real browser.
Well... you can make them login (through facebook or google id etc, if you don't want to create your own infrastructure). This way it is much easier to track ratings.
I am new to webOS development. I have one app in the app store and in the next update to the app I would like to be able to identify the age of users, their location, how long they use the app, which features they use the most/least and then store that data in a database. How do I do this? Many thanks in advance for your help.
Well, that's a pretty big question. Here's an outline of what to do, with some notes.
First, you're probably not going to be able to get age unless you ask the user directly and they tell you. Also, you're only going to get location if the application is location-aware and the user permits you to collect that data (when you install a location-aware application, it asks the user if they're okay with the fact that the application will be able to get their location).
As for how long they use the app and which features they use, that's easier. Depending on the granularity you need/want to capture, you can just record time stamps when a user starts and stops using a particular feature, such as when scene activate and deactivate methods fire. As long as you store feature name and timestamp, that should give you what you're looking for.
Then comes to question of collection. However you store it in the app, you have a couple of choices for how to get it out of the app. Unless you can get your users to just email the data to you, probably the easiest thing to do would be to create a web app (possibly with no user facing output, since you're just using it to collect data) using something like Google App Engine that gives you a URL you can send a POST request to using an HTTP request. Depending on how you set it up, it could do the request every time you collect a timestamp (bad for battery use, though), just occasionally, or only when the app is doing cleanup (possibly a problem if you don't get the request off in time).
I'd recommend taking a look online at how people do this type of thing in iPhone apps to get a good sense of how to do this type of thing. If you hit problems getting particular things to work, you can of course come here to StackOverflow with specific coding questions.
I employ email validation to grant people full use of the site. The trouble is, sometimes these emails get spam-boxed, or never arrive, so I get many people complaining that they cannot confirm their account.
Was wondering if there are other (creative) ways to offer secondary validation option to users who didnt get the validation. Its a free site, so I dont want to ask for credit cards, or mobile #s.
The purpose of this is to make abuse of the site less rampant, since we ban a lot of people, and they come back with dozens of accounts to prove something. Spam/robot registrations are not an issue (right now).
What we started doing recently was letting members send us an email to a special email address. We give them a hash code, and all they have to do is put that code somewhere in the subject or the body of the email, and send it to us. We have a cron job running in the background that gets those emails, parses the subject/body looking for the hash, and if found activates the account.
It doesn't work 100%, because some ISPs also block their users from sending us emails, but no solution would work 100%.
Based on your comment in Rob S.' answer, it sounds more like you want to identify situations where the same browser is creating multiple accounts rather than confirm that what's at the other end is human.
Dropping a cookie in the user's browser can be very helpful in finding the repeat offenders, especially those not savvy enough to clear their cookies or visit while in private mode. Some forum software like vBulletin does this and can notify the administrators when it happens.
Another alternative might be browser fingerprinting, which is where you use a bunch of the information provided in the HTTP exchange. An example of this is the EFF's Panopticlick.
Just got a "fun" new way to annoy your banned people a bit.
once you ban them (I guess you close the account and ban the IP). Then log their browser agent string with their IP and screen resolution.
If there is a match when showing the website to them. Just remove the registration link/page. Dont even show the link to the page, as it might piss them off. Dont explain why its gone. Just keep it gone, eg. for 3 weeks or 2 month.
That way they dont have a cookie on the browser to remove, they cant find the registration so they cant know WHY they cant make a new account.
Secondly, if on a school or something (dont know how old they are), the other existing users will still be able to login to their accounts as its ONLY registration that has been removed. Not login.
How about that? is that clever enough?
Basically what you're looking to do is separate the humans from the robots. There are two primary ways to do this:
1) Require users signing up to check boxes and type a word spelled out in an image captcha. These are usually very difficult tasks for a computer to complete.
2) Allow users to sign-up using their account from a different site such as OpenID or Google assuming that anyone who has one of these accounts is a real person.
I recommend combining both methodologies.
Good luck!
There are unlimited ways of doing this.
You mention mobiles and free, but if you have access to a SMS-gateway, you can receive SMS-messages for free (but might need to pay some sort of monthly subscription though). But show a dynamically generated code the the current user. Store this code in "his session" and do an ajax check each 15-30 sec to see if the sms-code was received by the gateway. If so, accept the account and let them registrate. This would requiere the gateway + your users to have a personal mobile. Enough about mobiles...
Make a question or more that is randomly generated. Use pictures/tokens instad of tekst so that the user has to press the correct image in correct order to perform some sort of answer.
Could be like a jackpot-machine with 3 cells where the images are randomly placed and generated inside dynamic named files, so that robots cant analyse the names to guess the right answer.
You mention e-mails to be easy to spoof. Yes indeed, but what if the emails would come lets say each week containing some sort of "important info" that the user would need to read/use on the website to continue. Once the account hasnt been used for a certain time (lets say 3 month, kill it)... and you could also say to have a "free account" you must accept that we send you 1 mail pr. month that you need to activate within 1 week. If you dont, we are free to close/delete your account details.
... and many more
I dont know what you want to "protect", but if its for gaming, then dont let the gamers have "extra levels/weapons" until they have provided a certain amount of these codes OR paid for access OR validated by phone or something.
Thats my first 3 ideas, I think the possibilities are unlimited. The main issue here is, make it too hard to validate yourself and the users go away unless your site is REALLY worth it.
You might think of the much used "Free forever (but limited)" approach way of selling stuff these days on the net. The users can make as many accounts they want, but the licens is still only "single/small/basic". Once you get more experienced, you get more features or you might just upgrade by paying... at this time you know WHO is real and WHO isnt.
My point is, dont over protect. Just design with the mind of spammers will always find a way in, no matter how good you protect it. Those giving up first are your real users/customers.
I would rather spend time on making this product/website/game so great that EVERYONE wants to pay for an account after a while.
Lastly from real life... there are COMPANIES in China with kids employeed to play World of Warcraft with one purpose. Harvest virtual gold and sell it on Ebay to other western players who pays with real dollars. Its not allowed according to the gamelicens and their accounts/gameslicenses are constantly getting banned. But it gives them so much income so they have calculated with this and they just buy new licences and continue.
So if EVEN Blizard(WoW creators)
doesnt have enough power/money to keep
fakes out of the game, how do you
expect to do much better? :o)
Usefull answer?