This is a follow up post to my original story here.
So what did Sony do about it?
Not a lot. Just enough to stop the scripts.
The page now loads a new main js file at http://ps20.software.eu.playstation.com/index.dart.js?v=2
But the original remained live to throw people off the scent.
The original URL source was kept active and the data inside the HTML file remained.
The original URL source was also tweaked to respond to any code. Presumably this was to trick people into thinking they still had a working exploit.
The only way to get it to return the real url was to change the query string parameter name from “sp” to “k” and add the correct Referer header:
What about people sharing links?
The game website doesn’t appear to submit anything differently whether you arrive legitimately via http://ps20.software.eu.playstation.com/ or directly.
So basically, people who used the link without participating properly will probably still be counted.
I may have missed something here so perhaps Sony or Game can reassure us that they have actually added something to prevent these entries? I’m not holding my breath for any kind of official acknowledgement or an explanation however…