More manipulation of OctoPrint's anonymous usage stats
I work full time on OctoPrint and can only continue thanks to funding by people like you. Give the button a click and learn how you can help!
It has barely been a week since I discovered that someone had been manipulating OctoPrint’s anonymous usage stats in OctoEverywhere’s favor, and now I had to discover that Obico has also been doing the same. 😡
Since I found out about the manipulation last week I’ve been busy with further investigation and deploying mitigation strategies, and over the course of that I stumbled over a few more irregularities in the data. I spotted a single client that was sending a suspiciously high number of tracking events. However, the traffic looked organic, and on first glance like it was coming from real OctoPrint instances, although with a strong bias for having Obico installed: two third of all of these instances were reporting to have Obico installed, and the rest was a mix of 309 other plugins from the repo, with a clear focus on plugins that are known to be popular.
Some details of the observed requests didn’t add up (version discrepancies), but on first look this could have been some automated testing or similar development related activity with some weird enviornment, just as well as anything sinister. In any case, I blocked the IP address of the client in question and promptly moved on to clean-up all of the 15000 instances it had created the past 30 days.
