code hacking
Facebook Page Invite-All-Friends Hack Warning!
So I just got this odd suggestion from a Facebook friend to “like” a Facebook page called “This Guy Took A Picture Of His Face Every Day For 8 Years on Facebook”. I’m not linking to it because of the obvious screwed up tactics.
The process to view this page involved:
- Liking or “Like”-ing the page
- Copy-pasting shady javascript into your browser
I’ve worked with clients in building Facebook App and Pages who want # 1. But # 2… ooo, that’s some shadiness. You can do all sorts of fun things with Javscript in a browserbar, especially when already logged into Facebook.
Here’s what I did to decrypt the javascript:
- Setup an easy html page that unencodes and escapes the characters
- Put in this shady page’s javascript
- Decode and map the variables
You can check out the descrambled script here:
My Decoder Page with his Shady Code Inside
Then I came to my senses and found the same process on StackOverflow
Looks like the script selects your entire friend-list, and auto-submits a “suggested like” of the page to them.
Shady sir. But hey, he’s got 100k+ likes now (and a 1+ “spam report” from me).
To bad ethics bars us from spamming a “report as spam” suggestion e-mail.
