Facebook Spam Blocking System Bypassed

Hi all,

Here I’m going to explain about the Facebook bug which can bypass spamming protection.


https://lookaside.facebook.com is vulnerable and doesn’t having spamming protection in all endpoints including sharing something randomly. There are many operations which are blocked by Facebook; if they are misused.

After weeks of reporting they fixed the bug and provided a nice bounty by considering the impact  of this vulnerability.

Reproduction Instructions / Proof of Concept:

On of the example scenario:


Already I’am Temporarily blocked by the Facebook. lets verify the block.

And now i show you how i bypassed this.

2. Go to


Post the status, and bypassed the spamming protection.


POC Video:


Spamming over the Facebook and also helps to misuse the features provided by them


All timestamps are in India Standard Time. I omitted a few unimportant interactions.

  • 01 April 2016 at 00:08 : Initial report
  • 02 April 2016 at 01:08 : Provided more details about the POC
  • 20 May 2016 at 13:00 : Issue fixed & Bounty of $5,000 awarded.

Screen Shot 2016-11-23 at 8.23.42 PM