[英]How can I prevent users from voting more than once in 1 hour?
At the moment I have a script with CAPTCHA, which on submit logs the users IP address to prevent a user from voting more than once per hour.目前我有一个带有 CAPTCHA 的脚本,它在提交时记录用户 IP 地址,以防止用户每小时投票超过一次。
However, many people are using proxies to get around this vote restriction and I would like to employ additional protection.然而,许多人正在使用代理来绕过这个投票限制,我想采用额外的保护。
I realize there are other questions about this topic, but they always involve people wanting users to only be able to vote once, rather than a timed restriction.我意识到关于这个话题还有其他问题,但它们总是涉及希望用户只能投票一次的人,而不是时间限制。
Thank you for any help感谢您的任何帮助
EDIT: I do not want to force users to login编辑:我不想强迫用户登录
There is no 100% secure way of avoiding people to vote more than once an hour, but here are few methods to make it harder for the users to circumvent it:没有 100% 安全的方法可以避免人们每小时投票一次以上,但这里有一些方法可以让用户更难规避它:
You could use cookies, but people can delete them.您可以使用 cookies,但人们可以删除它们。 Simplest answer without forcing them to login (for which they can create more than one account if they have multiple Emails etc) it would be hard to limit them without them being able to sneak round it somehow.
不强迫他们登录的最简单的答案(如果他们有多个电子邮件等,他们可以创建多个帐户),如果他们无法以某种方式偷偷摸摸,就很难限制他们。
MEMORY tables on server with ip addresses具有 ip 地址的服务器上的 MEMORY 表
evercookie永远饼干
browser fingerprinting浏览器指纹
required registration需要注册
cron job to clear tables once a hour cron 作业每小时清除一次表
http://code.google.com/p/mailvalidator/ http://code.google.com/p/mailvalidator/
make list of banned domains制作禁止域列表
visit 10minutemail and copy e-mail domain and add to the list访问 10minutemail 并复制电子邮件域并添加到列表中
Are you against having users register on your site in order to vote?您反对让用户在您的网站上注册以便投票吗? I would say make it based on account, not IP.
我会说是基于帐户,而不是 IP。 Many users can be behind a NAT which would assign them all the same external IP (think work or school).
许多用户可以在 NAT 后面,这将为他们分配所有相同的外部 IP(想想工作或学校)。 In this case I'd say a table with four columns would suffice: user id, poll id, vote time, choice.
在这种情况下,我会说一个有四列的表就足够了:用户 ID、投票 ID、投票时间、选择。 If the same user id/poll id combination exists and time is greater than now minus one hour don't allow them to vote
如果存在相同的用户 ID/投票 ID 组合并且时间大于现在减去一小时,则不允许他们投票
If the "bad" people are clever enough to use proxies to vote against your will, or the rules, chances are that they will be able to circumvent other protections, too...如果“坏”人足够聪明,可以使用代理人投票反对您的意愿或规则,那么他们很可能也能够规避其他保护措施......
But here are the things you can do:但这里是你可以做的事情:
1) Set up a cookie on the machine after the vote, but users could remove the cookie manually 1) 投票后在机器上设置cookie,但用户可以手动删除cookie
2) Enforce user accounts to vote, validated by an email address, but users could create alternate user accounts 2) 强制用户帐户投票,通过 email 地址验证,但用户可以创建备用用户帐户
2bis) A user account could get the right to vote only after 24h, might not be suitable for your app 2bis) 用户帐户只能在 24 小时后才能获得投票权,可能不适合您的应用
3) Like stack overflow, implements a reputation mechanism on user accounts so they will be able to vote only after having proved they're not just bots or alternate identities 3) 像堆栈溢出一样,在用户帐户上实施声誉机制,因此他们只有在证明他们不仅仅是机器人或替代身份后才能投票
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.