A kind move that turns massive bug
Twitter’s kind move on new users turns out biggest bug on their history.
Okey, what was it ?
When you sign-up Twitter, they encourage you to follow people for warm-up. And they let you to follow 30–40 person with one click.
It’s nice right ? yeessss
The warm-up and follow people page when you signed-up : https://twitter.com/i/start/follow_interests
Let’s look how this mechanism work
When you click follow button, it sends POST request a service.
But the problem is the service’s itself. We all know there is some limits on aggresive following behaviour on Twitter but this service doesn’t have any rules and restrictions and this is a big vulnerability.
And yes, you can abuse it.
Post data :
user_ids = user_id that we want to follow ( array merge )
Okey, now i need active user’s ids.
Why active ? Because i want them follow me back fast, so i thought; if i use streaming api in legal ways, i can collect that data easily.
After 2 hours of running, i had 1.5 million user id’s in my redis memory.
Ok, lets follow em !
And it worked so smooth, i followed almost 2.5k user per minute.
Thanks for reading, that’s my first English blog post.
You can follow me on Twitter