You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The end point are unauthenticated, even a non-instapy user can upload his postid via curl or browser. Solution:
i) Authenticate each instapypods user.
The instapypod users can upload their post without engaging with others post. Solution:
i) Authenticated user(1.i) should have same username as that of their instagram username. if there was "login with instagram" it would have been simpler. But seems we have to do email auth and save first login username(ie self.username variable of instapy) as the corresponding instagram username.
ii) Every postid should be tracker against uploader username in firestore db.
iii) We should write a weekly/monthly job to for a selected sample of posts,crawl instagram and find likers and commenters for those, filter out instapypod users and update their counter in DB. Ideally this job should be at server but since freetier a/c doesn't let access to 3rd party url, this has to be a script run by any admin/editor access user from his PC and push the end results to firebase.
iv) Modify the server functions to restrict activities according to scores as updated above.
v) Block user if he/she tries to post ids from other/multiple instagram account using one login.
vi) Modify InstaPy project according to the above changes.
vii)Make sure you don't unfollow fellow pod members form your topic.
Few minor function refactoring required:
i) There are separate get requests to delete each of the topics, merge them.
ii) Remove instapost function, settings.js file.
iii) Add documentation for InstaPyPodsServer
iv) validate self.comments list size and type of comments
v) fix timestampsInSnapshots warning while delete
vi) check invalid postid format
vii) add more topics : 'photography', 'gaming', 'nature', 'pets', 'wildlife', 'kids', 'cooking', 'cars', 'comedy'
Since most of the above code changes will have to be either on this server or on a separate project so I am tracking it here rather than the selenium project.
The text was updated successfully, but these errors were encountered:
ishandutta2007
changed the title
Address Vulnerabilities for InstaPyPods
Address rating and priviledges for InstaPyPods users
Feb 26, 2019
ishandutta2007
changed the title
Address rating and priviledges for InstaPyPods users
Address rating and privileges for InstaPyPods users
Feb 26, 2019
ishandutta2007
changed the title
Address rating and privileges for InstaPyPods users
Create rating and privileges control of InstaPyPods users
Feb 26, 2019
ishandutta2007
changed the title
Create rating and privileges control of InstaPyPods users
Create Rating system and Privilege Controls of InstaPyPods users
Feb 26, 2019
@timgrossmann was reading an article about engagement pods, couple of things which instagram have taken note of to counteact pods is
If too many engagement comes from people who are not already followed, then it might be fishy . So 2(vii) becomes very important. Some suggested they even have a way to track what all surfaced in which people news feeds and if he is engaging with something outside of that frequently then there might be something fishy.
If some post receive lots of engagement and some almost none then there fraud detection algo gets triggered, so we need to make sure once you start running with pods enable, you need to continue doing so.
These are followup enhancements to the beta release here: https://github.com/timgrossmann/InstaPy/pull/4054
For the issue discussed here: https://github.com/timgrossmann/InstaPy/issues/3868
The end point are unauthenticated, even a non-instapy user can upload his postid via curl or browser.
Solution:
i) Authenticate each instapypods user.
The instapypod users can upload their post without engaging with others post.
Solution:
i) Authenticated user(1.i) should have same username as that of their instagram username. if there was "login with instagram" it would have been simpler. But seems we have to do email auth and save first login username(ie
self.username
variable of instapy) as the corresponding instagram username.ii) Every postid should be tracker against uploader username in firestore db.
iii) We should write a weekly/monthly job to for a selected sample of posts,crawl instagram and find likers and commenters for those, filter out instapypod users and update their counter in DB. Ideally this job should be at server but since freetier a/c doesn't let access to 3rd party url, this has to be a script run by any admin/editor access user from his PC and push the end results to firebase.
iv) Modify the server functions to restrict activities according to scores as updated above.
v) Block user if he/she tries to post ids from other/multiple instagram account using one login.
vi) Modify InstaPy project according to the above changes.
vii)Make sure you don't unfollow fellow pod members form your topic.
Few minor function refactoring required:
i) There are separate get requests to delete each of the topics, merge them.
ii) Remove instapost function, settings.js file.
iii) Add documentation for InstaPyPodsServer
iv) validate self.comments list size and type of comments
v) fix
timestampsInSnapshots
warning while deletevi) check invalid postid format
vii) add more topics : 'photography', 'gaming', 'nature', 'pets', 'wildlife', 'kids', 'cooking', 'cars', 'comedy'
Since most of the above code changes will have to be either on this server or on a separate project so I am tracking it here rather than the selenium project.
The text was updated successfully, but these errors were encountered: