The Importance of Captcha & Free Pizza!
During October 2016, Papa Johns held a competition to promote their Papa Rewards system, whereby users could enter an e-mail and potentially win Papa Reward points, or receive a £10 discount.
Rewards
Besides the £10 discount, the actual rewards were:
- 8 points for a free small side
- 12 points for a free large side
- 25 points for a free large pizza
…with no prior orders on an account needed, no need for other items on your order and free delivery. Rewarded at…random?.
Sounds like free dinner for a month! :)
Free Dinner
At first, you could enter a random e-mail without any sort of confirmation and eventually players would win the main prize (a large pizza).
After only a week, this was changed, requiring users to confirm their e-mail when entering excessive entries from a single IP address. And using the same Gmail e-mail with a filter added, by appending a suffix to the username e.g. [email protected]
turned into [email protected]
, was also banned, along with many temporary e-mail providers.
But not all temporary e-mail providers. And the process, including the e-mail confirmation page, did not present any form of human verification, such as a captcha, or limit the volume of requests/entries.
And as a result, a simple bot, using Selenium, could mine for a specific number of large pizzas instead:
…theoretically :D.
Source code: https://github.com/limpygnome/papa-rewards-bot
Nom nom nom…
Legal disclaimer: this post only presents what could be possible, and is not an admission of guilt, or/and actions, nor does it condone such behaviour. And any photos are artistic in nature, and this article was written and exists only for the purposes of entertainment and education.
Comments