I am using POST direct_messages/new for inviting twitter friends for my website.
About a month ago, my application could send direct messages, but now the API is returning this error:
"This request looks like it might be automated. To protect our users from spam and other malicious activity, we can't complete this action right now. Please try again later."
How can I fix this error to continue sending direct messages from my application??
Thanks in advance.
According to Twitter's developer site you have to file a ticket if you get the message: This request looks like it might be automated. To protect our users from spam and other malicious activity, we can’t complete this action right now.
We constantly monitor and adjust our filters to block spam and
malicious activity on the Twitter platform. These systems are tuned in
real-time. If you get this response our systems have flagged the Tweet
or DM as possibly fitting this profile. If you feel that the Tweet or
DM you attempted to create was flagged in error, please report the
details around that to us by filing a ticket at
https://support.twitter.com/forms/platform.
From Twitter Developers Error Codes & Responses (the error codes list, error code 226)
Related
I need to send message to my facebooks friends which should include:
- default text message
- url
- my custom message
and I need to know to whom this message was sent.
Please advise how this can be done
Have a look at https://developers.facebook.com/docs/sharing/reference/send-dialog
This states that
Facebook messages are a channel for person-to-person communication, and not for apps to send messages, or encourage people to spam their friends. In general, games on Facebook.com should use requests when communicating in game status (its your turn), inviting people to use an application, or sending messages to multiple people. You should offer the Send Dialog in situations when someone might otherwise send an email.
So I doubt that what you want to do adheres to Facebook's policies, and therefore will likely trigger a deactivation of your app.
recently I helped some friends ship an invite system in their website that works like this: A user creates an account, we send a verification email and when he verifies the e-mail he gets one free credit to spend on the website. In addition to that, he has personalized links he can share on social networks or via e-mail and when people register using this link (e-mail verified accounts again) he gets one credit per invite. Much like the invite system on thefancy.com or any other reward driven invite system on the web.
Lately we see elevated rates of fake user account which probably are automated. The registration page features a CAPTCHA but we're aware this can be bypassed. We also see elevated rates of users creating disposable email addresses to create accounts following specific invite links thus crediting one legit users that onwards uses the free credits he earns.
I am looking for an automated way to prevent such kind of abuse. I currently investigating putting rate limits on invites/registrations that come from the same ip address but this system itself has it own flaws.
Any other production tested ideas?
Thank you
Edit:
I've also proposed 2 factor registration via SMS but was turned down due to budget shortage.
It seems you need to require more than just a verified email address before a user can send invites, ideally something that shows the user has participated in your site in some way. Without knowing what your site is it's hard to give specifics, but the StackOverflow equivalent would be requiring users to have at least X reputation before they can invite others. If you're running a forum you could require that they've made at least X posts.
I'd also suggest a small time limit before new accounts can invite - e.g. they have to have been a member for at least X days. This complicates automated invites somewhat.
An extremely simple method that I have used before is to have an additional input in the registration form that is hidden using CSS (i.e. has display:none). Most form bots will fill this field in whereas humans will not (because it is not visible). In your server-side code you can then just reject any POST with the input populated.
Simple, but I've found it to be very effective!
A few ideas:
Ban use of emails like 'mailinator'.
Place a delay on the referral reward, allowing you to extend fraud detection time period, giving you more time to detect bogus accounts and respond accordingly.
Require the referred user to create a revenue generating transaction before you give out any referral rewards (I know that might not be a shift you can make) - possibly in turn increasing the reward to account for the inconvenience to the referrer (you should be saving money through decreased fraud so not a hard sell).
Machine learning. Ongoing observations and tuning with your fraud detection. The more data you have the better you will be able to identify these cases. (IP addresses as you mention.) Shipping / billing info even more telling if it applies - beware adjacent PO boxes.
Add a CAPTCHA test to the confirmation page. I would be wondering if your CAPTCHA is sturdy enough if it is getting bypassed somehow. You might consider using the (hateful) reCaptcha which seems popular. A CAPTCHA on the confirmation page would reduce the risk that a 'bot is submitting the confirmation page. In other words, it would implement the idea of client interaction with the site after registration. A similar method would be to ask for the registrant's password.
I have a page with a comments social plugin, I would like to know if it's possible to notify users who have already commented on the form.
I can subscribe to the comment.create function, but how do I send notifications?
I know actual notifications are now impossible, but is there another way? (Sending a message from the user perhaps?). With the format of my page, they will want to know when someone has posted.
I haven't tried that, it's just an idea.
https://developers.facebook.com/docs/reference/plugins/comments/ - look at the section describing way of getting comments via Graph API.
E-mail way:
You can ask each user who logs into your site to allow you to get his e-mail address. Then, you would subscribe to this event, list users who commented an article and send them an e-mail.
Message way:
You need a Facebook page for your site. Then you would receive a token for this page (manage_pages permission), get publish_stream permission in behalf of this page and publish message to streams of users who commented.
It may be also possible to send user a message on behalf of a page using Graph API, however I haven't seen anything like that in docs
This is not allowed by facebook, the attempt will result something like this:
{
"error": {
"message": "An unknown error has occurred.",
"type": "OAuthException"
}
}
This is because the social plugins do not "live" inside facebook, they are being distributed to 3rd party sites, and to prevent bad content posted from bots/apps to display in 3rd party websites, facebook has disabled this option.
Search for WordPress Plugin called Ultimate Facebook Comments Email Notify. I hope it will solve your problem...and you can also take some idea from his script which he is using in the plugin....hope this helps :)
It's been a mystery how does Cell Minute Tracker manage to fetch AT&T users data.
Maybe someone here has the long waited answer.
I'm really curious rather they got a confirmation to scrape user’s cellular report
And how they can fire up multiple requests to AT&T site without being banned?
I'm waiting for someone who could shed some light on this mystery
Thanks
link: http://www.uquery.com/apps/311637771-cell-minute-tracker-for-att
From what I can tell the application is running locally on a iPhone, it is using the user created login account, so it is just like the user going to the site, thus no issues.
Internally it would be scraping the site to get the information to display to the user.
Now, given your question who knows if they got confirmation, but the second part of your question in regards to multiple requests is moot, since it is each device contacting, not their server.
It is impossible to know exactly how they're doing it, however my guess is they're requesting your balance and minute usage and just parsing the text message you receive back with that information.
// for at&t
*BAL# for balance on your account
*DATA# for data usage
The text message is free.
How do they do it for Rogers in Canada?
Does Rogers provide a text message with the current SMS and minutes balance?
I need to add an invite users functionality to my social networking application so users can invite contacts from their hotmail or yahoo accounts. How do I do this and are there any free open source libraries that do this?
Depending on the service you wish to get the contact information from they might already provide a published API for you.
For example, Yahoo has a contact list API you could use: http://developer.yahoo.com/social/rest_api_guide/contact_api.html
Google also has one: http://code.google.com/apis/contacts/
And so does Windows Live: http://msdn.microsoft.com/en-us/library/bb463974.aspx
If you need something to work with a service without an API then you might have to ask that user for his username and password, use it temporarily to log into his account, download the contact information and then discard the login details. There are obvious privacy and security issues with this approach, however. Nevertheless, it is used quite frequently by many social networking sites.
The same approach can also be used to retrieve buddy information from instant messaging services. You log in (perhaps using an open source IM API) and get their buddy list and contact details.
Just in case anyone was interested - I would like to share this neat piece of code I found off the web. Its free and very easy to setup and integrate. http://openinviter.com is php based and you can extract email contacts from just about any address book there is.
You just need to have curl set up for this.