Some of my latest work has been in chasing cheaters or “Vista ate my homework” claims. Some background: I work for a project that hosts online classes for 32 of the 35 universities in our system. We have about 125,000 users who have performed at least 100 actions this term. We have had about 50 million hits this semester (over in a couple weeks).

  1. Chat cheater? An instructor for a class was told by a student someone asked him a question while he was taking the final exam. So the instructor wanted the log of the chat which the application doesn’t have (it does for another chat, but that chat is part of the class this other chat isn’t part of the class). So I spent about 11 hours of work time digging through logs and running SQL to determine that out of about 1,000 active users, no one else on the site was working on an exam AND saw hits for certain images associated with the chat client. He did, but no one else. I then determined that another 2 hours to determine that a classmate in another class was using chat at that time period. So I am reasonably certain there wasn’t any cheating happening.
  2. Vulnerability There is a documented vulnerability in which someone can get the answers to an assessment (quiz, test, exam) by some creative use of URLs. Our vendor kindly provided a Perl script to scan our logs for this. I wrote a script to automate running this daily. Only the script hits our systems so hard it causes at least one of the 50 nodes to go unresponsive (just before 7am). I need to make it “nice”.
  3. Deleted File A campus opened a ticket because they were concerned a file disappeared from the current class and was also missing from the Fall version of that class. After about 9 hours of digging, I did find that the person who opened the ticket deleted the file in August of last year (about 4 days after the start of their Fall term). Doh!
  4. Framing the frame A computer lab on a campus is having issues with our system in that when the students go there to take a quiz, a portion of the window, the part which tells them how much time is left is blank. No, they can see the questions and which one s they have answered. Its only the little JavaScript which counts how much time they have that is missing. So, I spent about 7 hours digging through LiveHTTPHeaders and logs to show that their computers correctly requested the data from our servers and received our servers’ response. It works on the same quiz in other computers on their campus, so its something with how that lab is configured. However, the people running the lab are resistant to changing or troubleshooting the problem.