Some of my latest work has been in chasing cheaters or “Vista ate my homework” claims. Some background: I work for a project that hosts online classes for 32 of the 35 universities in our system. We have about 125,000 users who have performed at least 100 actions this term. We have had about 50 million hits this semester (over in a couple weeks).
- Chat cheater? An instructor for a class was told by a student someone asked him a question while he was taking the final exam. So the instructor wanted the log of the chat which the application doesn’t have (it does for another chat, but that chat is part of the class this other chat isn’t part of the class). So I spent about 11 hours of work time digging through logs and running SQL to determine that out of about 1,000 active users, no one else on the site was working on an exam AND saw hits for certain images associated with the chat client. He did, but no one else. I then determined that another 2 hours to determine that a classmate in another class was using chat at that time period. So I am reasonably certain there wasn’t any cheating happening.
- Vulnerability There is a documented vulnerability in which someone can get the answers to an assessment (quiz, test, exam) by some creative use of URLs. Our vendor kindly provided a Perl script to scan our logs for this. I wrote a script to automate running this daily. Only the script hits our systems so hard it causes at least one of the 50 nodes to go unresponsive (just before 7am). I need to make it “nice”.
- Deleted File A campus opened a ticket because they were concerned a file disappeared from the current class and was also missing from the Fall version of that class. After about 9 hours of digging, I did find that the person who opened the ticket deleted the file in August of last year (about 4 days after the start of their Fall term). Doh!