Amanda supported and maintained a website through which clients managed their own data. Occasionally, she’d read through access logs in search of unwanted scrapers, rogue bots, and hack attempts.
Her diligence paid off when she caught on to a particular IP that was making a huge amount of requests throughout the day. Page after page of results were being requested less than a second after another, as with a typical scraper bot:
?page=1
?page=2
?page=3
But sometimes, the pages were accessed in reverse order:
?page=34
?page=33
?page=32
This sparked Amanda’s interest. Why would the scraper go backwards? Analyzing the requests one by one, it seemed to get the first page, then go to the last page (37) and go backwards until page 29, edit a record …
Wait, what? Edit a record? This was a paying customer, then, not just anonymous access. The sequence was
1, 37, 36, 35, 34, 33, 32, 31, 29, edit, 1, 37, 36 …
It made no sense at all. The increases and decreases seemed arbitrary. Also, the time between requests didn’t suggest a script. They were short, but ‘human’ pauses. Could this really be a person?
With the same logs, it was easy enough for Amanda to figure out which customer was responsible for the odd traffic. She called the manager and explained the situation.
“Are you guys running some sort of script? There’s a weird usage pattern here from your account, and we can’t figure out what’s going on. You guys are going through pages at a time over and over again, making a single action, then repeating it.”
The manager needed almost no time to ponder the issue. “Oh, it’s OK. That’s just Stella.”
“Stella?” Amanda repeated.
“Yeah. She’s updating our records.”
Amanda frowned. “Can I speak to her? There’s gotta be a more efficient way to do what she’s doing. I’d like to—”
“It won’t help,” the manager cut her off.
“What?” Amanda asked.
“You’ll see. Hang on, I’ll transfer you to her extension.”
Amanda only had a few seconds to puzzle over the manager’s remarks before a new voice came over the line. “Hi! This is Stella. You wanted to speak to me?”
“Hi, Stella! This is Amanda from the support team. I noticed that you’re going through pages backwards while editing records. Can you tell me what you’re doing?”
“Oh! Well, the records I’m updating are usually on some high-number page—let’s say page 29, right?” Stella asked. "So I have to go to that page, but then I lose the page I’m on, so I have to do it again.”
Amanda’s jaw dropped as she tried to parse what she’d just heard. “Wait, hang on a minute. Let’s step through this together, OK? I’m gonna open the website here. Can you tell me exactly what you do to edit records?”
“Sure!” Stella said. “First, I open the website. That starts on page 1.”
“OK, got you so far.” Amanda opened the website in a browser on her side.
“So let’s say I want to edit a record on page 29. I go to page 37—”
“Wait, what?” Amanda interrupted. “How are you doing that?”
“At the bottom of the screen. I use the links there,” Stella said.
Amanda glanced down the page, and saw the pagination widget at the bottom:
[1] … [30][31] [32] … [37]
Suddenly, it made sense. Sort of. “Oh, OK. There’s no direct link to 29, so you click 37, then 36, and so on until you reach 29?”
“Right!” Stella said. “Then I edit the record. When I do that, it jumps me to page 30.”
“So then you click 37, 36, all the way back to 29 again?” Amanda semi-reasoned out.
“Not quite,” Stella said. “I close down the browser, reopen it, then I click on 37 and go back to 29,” Stella said.
Amanda frowned at her cubicle wall, perplexed. “You know you can just press the back button in the browser after you edit a record, right?”
“But I’d lose my place in the list and wouldn’t know where I am,” Stella explained. “I prefer doing it this way.”
The manager’s earlier assertion came back to bite Amanda hard. “Well, OK. As long as you’re sure you’re OK with this.”
“Yep!” Stella replied. “Thank you, though!”
Amanda couldn’t help feeling unsatisfied. Before putting the whole thing behind herself, she retooled the pagination widget, just for their account:
[0][1] [2][3] [4][5] [6][7] [8][9] [10][11] [12][13] [14][15] [16][17] [18][19] [20][21] [22][23] [24][25] [26][27] [28][29] [30][31] [32][33] [34][35] [36][37]
The resulting logs looked like this:
?page=1
?page=29
?edit=4022
?page=1
?page=29
?edit=4023