I started the website with my brother, Richard, back in 1997. Sadly, my brother past from cancer only 2 years in to the project and never got to see a completed product.
The last 4 years have been spent securing the server, completing the mobile first re-design and a basic implementation of the internal messaging system. All of this while taking on a new role as a senior developer at a start-up. It was insane!
January, 2021, marks the point where I can finally say I’ve completed the MVP or Minimum Viable Product of Findit Classifieds. At this point, it is time to scale the application and see what comes next. Build it to run and compete on the open market or sell out to investors or competitors?
Now that we have the MVP, I can show you how to register and submit free advertisements on one of the most secure classified advertising systems ever built.
The Metro Area Interface
The Metro Area interface is a custom framework I designed just for Findit Classifieds. It is based on public vs private information and levels of trust around what you share and with who with a focus on selling items and services locally.
The Metro interface has two implementations. Public URLs via subdomains. A good example of a public metro area is houston.finditclassifieds.com.
All advertisements in the Houston, Texas Metro area are publicly available to search engines and people via the public Metro area subdomain.
However, logging in to the secure version, https://www.finditclassifieds.com, users can see information reserved for registered users only in addition to the public data.
For instance, if you only wanted to share your phone number with registered users in your Metro Area, you would enter it in the contact info field which is reserved for registered users.
Step 1: Register / Verify Your Email Address
There is not much to registration other than verifying your email address and selecting a “Metro Area” you live in.
Registration is simple and straight forward. Email address, name, Metro Area, City are all you need to complete registration. Once, you submit your information, an email validation link is sent to you.
Click on the link to verify you email and you are ready to start posting free advertisements.
First, and sorry, there is no built in sleep method in classic ASP. Probably for good reason though. Keep reading for background on why and I’ll offer some possible alternatives.
VBScript Sleep Function Code Example
Normally, when I think of a sleep function, I think of the built-in VBScript Sleep Function where we can set a delay in seconds to pause some code in a function.
WScript.Sleep(5000)
WScript.Echo("5 seconds have passed.")
What is Classic ASP?
Classic ASP is VBScript interpreted rather than compiled on the IIS web server then converted into 100% HTML before it is delivered to the client / web browser in a HTTP call.
I’ll emphasize, with Classic ASP, the client never sees the underlying VBScript, only rendered HTML.
The Refresh Meta Tag / Wait vs. Sleep
An alterative to “Sleep” might be delay or wait. We can use the Meta Tag, “Refresh”, if you just need a web page to wait for a number of seconds before refreshing which includes redirecting the page on refresh to another URL.
You would include the meta refresh tag inside the web page’s head tags as shown in the code example below.
As a prerequisite, I can’t imagine why you would want to delay a Classic ASP page from being served to a user’s web browser for 10 seconds. That’s a long time to make a user wait but you can do anything with code.
I will warn you, if you cause the HTTP Response to delay for a User Agent like Google bot, Google will probably exclude your website from their search indexes so I typically would not do this in practice on a website that needed any kind of Search Engine Optimization (SEO) friendliness.
DIY Classic ASP Sleep Function?
With Classic ASP, since we don’t have a native sleep or delay method, we can just build our own. By default, I’m going to stay with a delay of specific number of seconds as our end goal.
I’m sure we can come up with a few ways to solve for this but this solution is mine.
Building the Sleep Function from Scratch
We will set some variables for a start time and a current time.
Then start a While Loop that watches for # of seconds we’ve chosen.
We update the current time at each iteration of the loop and check it at start of each loop iteration.
Once current time increments by 10 seconds, loop completes giving you a delay of specified seconds.
Classic ASP Sleep Function Code
<%
Sub Delay(intSeconds)
StartTime = Now()
CurrentTime = Now()
While DateDiff("s",StartTime,CurrentTime) < intSeconds
CurrentTime = Now()
Wend
End Sub
Response.Write("Something<br>")
call Delay(10)
Response.Write("Something 10 seconds later")
%>
Another reason I would not recommend this approach is that we are tying up the CPU while running this loop waiting for the time to change. Making this more of a weapon than a tool.
From a bad guy perspective, if you could get this code loaded and running on multiple pages with lots of traffic you could really degrade the performance of the server.
I hope this helps you if you were looking for a simple Classic ASP HTTP Response delay function but be careful how you use it.
Hope this helps you in your search for a VBScript Sleep Function.
First things first. We all need an email address in order to do anything meaningful on the the web. You do and the bad guys do too! I would go as far to say that an email address closest thing we have to a driver’s license on the internet today. Without an email address, you are on a read only version of the internet with no way to interact with with world.
By Federal law, you’re not allowed to have an email address until you’re at least 13 years old. This is specified in the FCC’s Children’s Internet Protection Act (CIPA). I often have to advise my clients on these types of issues when deciding who can legally register on a website.
An email address allows you to register on websites by validating your email address. An email address / IP address combo is the easiest and most cost effective way to provide a first pass at knowing who your customers are online.
At least we are supposed to expect that they are at least 13 years old because Google and Yahoo must check this for every email account, right? LOL! This will be important to the story below.
Next, I will be hiding identity of the suspected scammer while disclosing enough details to be helpful in the analysis of the individual and the patterns observed.
The data I’m sharing comes from anti-fraud systems I’ve designed that are working in production on what I’m hoping will eventually become a popular website for local classified advertising. Maybe I’ll reveal the name of the site at the end of this article.
Blue French Bulldog Puppies for Sale
Pic of Puppies uploaded by the Scammer
On 11/30/2020 a suspected Puppy Ad Scammer created four (4) accounts in four (4) different cities in a very short period of time.
Three of the accounts came from one ComCast Cable IP in Salem Oregon which matched one of the advertisements which did not raise a red flag initially.
They kept creating new accounts for various cities and creating a single ad for the same dog breed for each account. They targeted Salem Oregon, Kalamazoo, Boston and Lansing.
Then they posted again but IP switched from Oregon Comcast to Verizon Fios in Virginia but anti-fraud tools I built help me see it is indeed the same person registering again from same browser even though the IP had changed. I’m not sure if they are using some sort of VPN to shift the IP / Location.
I know it says “Email NOT VERIFIED” in the screenshots below but they are. I had added an email ban to the system and it reflects back on this view as NOT VERIFIED but they were. The email verification process data sits in its own database table. I collect the IP addresses from the user at start and finish of the email validation process.
I can also see the email exchange in the email server logs files which I also check daily. All of this data can be verified by looking at several system logs.
Connecting Accounts Created by Same Person on Earlier Sessions
Going back thru recent account creations I see another account matching one of the scammers email.
Observations & Fraud Patterns
Broken English or poor grammar.
Example: Breath Taken Blue French Bulldog Puppies Ready Now To GO
Notice poor grammar of Breath Taking as Breath Taken there are other examples through out the text
Phone numbers used
240 Maryland Area code in the phone number used and same phone number using in most of the ads.
Phone number was not used on all of the ads posted by this scammer
Unique Account details repeated
Same password was used on all of the accounts!
This is proprietary but yes, all accounts used the same password.
More Analysis
So far this is what I think I have and is subject to change if new data overrides this.
User is probably not native English speaker but may be located physically inside the US.
Has methods to change IP via VPN or access to computers in those cities via nefarious methods (hack) in order to hide their real IP address.
Its is very easy to create email accounts. This person has many email addresses and personas ready to use or creates them easily and often.
Only targeted one breed so far
Raw Data for Analysts
In order to help analysts and law enforcement, below are the actual ad text used in the scam advertisements.
Scam Ad for Puppies #1
Much love we have for them, we are really proud to find them a good pet loving home where they will be spoiled with much love and care. they are home raised, well fed, vet checked, vaccinated and had their first shots, update on shot and dewormed, all in good health and will come with paper we have 240) 242-7140
Suspected Scammer using email address marksmille56@gmail.com for ad posted in Kalamazoo.
Scam Ad for Puppies #2
Akc registered frenchie puppies ready for x-mas ! all shots are up to date. They have already taken flea and tick dose. They have beautiful coatings, are strong,text me (240) 242-7140 for more info
Suspected scammer using email address louisesteel259@gmail.com from ad posted in Boston Mass.
Scam Ad for Puppies #3
We are proud to find a good pet loving home for our cuties. We have lovely, young, pretty healthy males and females available now for a new home. they are home raised, well fed, vet checked, vaccinated and had their first shots, update on shot and dewormed, all in good health and will come with papers. you can contact now for more details
Suspect scammer using email address randyruy71@gmail.com from ad posted in Oregon City, Oregon.
Conclusion
The internet is still the wild wild west and most people don’t understand how it works or how the bad guys use it to take advantage of us.
The above example shows just how hard it is for anyone trying to validate and vet an online user as they create multiple accounts and post data.
I hope the information I’ve provided on this subject is helpful in any research you may be doing on the subject as I expect those would be the only people reading the article down this far.
