How can I prevent users from voting more than once in 1 hour?
Question
At the moment I have a script with CAPTCHA, which on submit logs the users IP address to prevent a user from voting more than once per hour.
However, many people are using proxies to get around this vote restriction and I would like to employ additional protection.
I realize there are other questions about this topic, but they always involve people wanting users to only be able to vote once, rather than a timed restriction.
Thank you for any help
EDIT: I do not want to force users to login
5 answers
solution1
6 ACCPTED 2011-06-07 15:51:00
There is no 100% secure way of avoiding people to vote more than once an hour, but here are few methods to make it harder for the users to circumvent it:
- Place cookies on the users computer
- Log their IP
- Store content into their localStorage (only for users with HTML5 browsers)
- If you really want to start digging deeper, you can start putting restrictions based on the users session length, how many pages they navigated prior to voting, ie starting to profile the users that try to circumvent the system, and start putting restrictions on those profiled users.
solution2
2 2011-06-07 15:47:37
You could use cookies, but people can delete them. Simplest answer without forcing them to login (for which they can create more than one account if they have multiple Emails etc) it would be hard to limit them without them being able to sneak round it somehow.
solution3
1 2011-06-07 20:01:26
MEMORY tables on server with ip addresses
evercookie
browser fingerprinting
required registration
cron job to clear tables once a hour
make list of banned domains
visit 10minutemail and copy e-mail domain and add to the list
solution4
0 2011-06-07 15:50:25
Are you against having users register on your site in order to vote? I would say make it based on account, not IP. Many users can be behind a NAT which would assign them all the same external IP (think work or school). In this case I'd say a table with four columns would suffice: user id, poll id, vote time, choice. If the same user id/poll id combination exists and time is greater than now minus one hour don't allow them to vote
solution5
0 2011-06-07 15:53:29
If the "bad" people are clever enough to use proxies to vote against your will, or the rules, chances are that they will be able to circumvent other protections, too...
But here are the things you can do:
1) Set up a cookie on the machine after the vote, but users could remove the cookie manually
2) Enforce user accounts to vote, validated by an email address, but users could create alternate user accounts
2bis) A user account could get the right to vote only after 24h, might not be suitable for your app
3) Like stack overflow, implements a reputation mechanism on user accounts so they will be able to vote only after having proved they're not just bots or alternate identities
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.