Amazon Excludes Adult Material - Or Does It?

| 14 Apr 2009 13:00

Over Easter weekend, much of the gay and lesbian literature on Amazon took a nosedive in their popularity. Was it a glitch? Was it a ban? One man says it was just ten lines of code.

A web troll, who shall remain nameless, really had had enough of user rating systems on places like Amazon. His "perfectly normal" requests for doing drugs with women had been marked down by a community that didn't do the same for doing drugs with the same sex. (One thing you learn about the web, never be surprised by anything.)

His revenge? Ten lines of code.

The first 7 lines of code created a simple loop to grab all the relevant links to LGB books. (Easily done thanks to Amazon's wonderful search engine.) The eighth line grabs the IDs from all of those URLs.

Now comes the science part: Amazon is very vulnerable to a phenomenon known as "Cross-site request forgery". In other words, if you send someone the URL of a complaint, it will trigger the complaint again if they are logged in.

Having a friend with a very high traffic website, said user chatted with him and for the "lulz", they put it into an invisible iframe on the site. This started the collapse of the ratings.

Not entirely finished though, said user hired a bunch of hackers to create a bunch of accounts. Each of these accounts sent him a bunch of cookies containing a logged-on profile.

The last two lines of code looped through these cookies to create automated-reports on all the books.

Result? The entire rating system of LGB books collapsed and Amazon had to take it down. The problem the site now faced was explaining the removal of the ratings system without exposing its susceptibility to exploit.

The solution?

In consideration of our entire customer base, we exclude "adult" material from appearing in some searches and best seller lists. Since these lists are generated using sales ranks, adult materials must also be excluded from that feature.

Of course, as this is only a troll's word for what happened, we don't know what really happened, but the Amazon report is very much confirmed, and if you think the Spore debacle was bad, watch this space.

