All geek questions in one place

Evercookie for rails

I find a solution to detect cheaters creating multiple accounts on my site.

I found persistent cookies with several browsers: http://samy.pl/evercookie/ But it is written in JS and I need to use something in the rails controller. Is there any gem or plugin similar to evercookie?

+4
source share
4 answers

As soon as I searched for the Evercookie solution for Rails, I did not find or write the evercookie gem. You can try it . Documentation is available on github.

+3
source

Email Token (Devise, Sorcery)

Can you send an email to a new user?

A simple solution that many websites use sends an email to the user with a security token. A good Rails stone for this is Devise, and another is Sorcery, which makes it easy to create your own user authentication.

Third-party sign (OmniAuth, OpenId, Facebook Connect, Twitter, etc.)

Can you authenticate a user using a third-party service?

OmniAuth stones can connect to many third-party services and allow you to authenticate a user using an existing account on Google, Yahoo, Facebook, Twitter, LinkedIn and open services, including LDAP and Shibboleth.

OpenId hard drive works well with Google, Yahoo and many other major providers; You can also use OpenId in OmniAuth.

In all these cases, you will track the shipment so that the user cannot submit the application again too quickly using the same phone number, postal address, credit card, etc.

Phone Message (Twilio)

Can you send a text message to the user?

Twilight Twilio allows you to send text messages to phone numbers. The concept is that your application sends them a text message with a verification code.

Street mail (postal methods)

The postmark graph allows you to send real postcards to mail. You can send a card with a verification code. This may take several days, so some sites use this in conjunction with the “trial period” for new users, where they are somewhat isolated from any problems. (for example, they can read information but not report information).

Credit Card (BrainTree)

Related ideas are for the user to send you something that requires a credit card, for example, using a payment gateway such as BrainTree or ActiveMerchant.

You can verify that the card is open and valid without clicking any money on it. Or you may require a tiny minimum payment, for example, require a user to send you one dollar through PayPal, Google Payments, Amazon Dev Pay, etc.

Credit card numbers have an internal structure (for example, a checksum), so you can verify that the number is the correct format and checksum. A simple script is a .org flame

Image Captchas (recaptcha)

To block bots, captchas like Ruby recaptcha work very well.

Ruby has other captcha solutions, and any of them are probably fine.

Karma (hypothesis)

This is not a gem, but a concept. Give new users limited privileges, such as read-only access. Allow users to gain new privileges by being a member for a certain amount of time, or by providing content, or by connecting with friends and colleagues on your site, etc.

This is how sites like StackOverflow work, and there is a lot of good information about these approaches at http://hypothes.is

Combo

The most powerful approach is a combination of these methods.

It is possible to give the new user some basic features, such as reading information, and then allow him to receive new features by completing one or more of the confirmations above. Here's how Google and Facebook add some features: you can easily sign up, then authenticate other emails, then verify your phone number, and then verify your email address.

+3
source

No, there is no solution to roll back to Rail, and that doesn't make much sense.

evercookie is written in JavaScript and additionally uses a SWF (Flash) object for local shared objects and PHP to generate cached PNG and ETags on the server side.

Almost all Evercookie technicians rely on special Javascript APIs for the browser, so there is no way to port them to server technology (with the exception of a small part of PHP).

A gem can simplify integration and upgrades, but there will still be Javascript for the client.

Please consider the ethical implications of Evercookie. This, in my opinion, is a proof of concept, and not a tool that can be widely used.

+1
source

If you want to deploy your solution, a good starting point (with cookies) would be:

def create if cookies[:xyz] render :text => 'cheater!' else # save the user first (you may need to display the form again), and then set the cookie cookies[:xyz] = { :value => "1", :expires => 1.day.from_now } end end

EDIT: this is not comparable to evercookie, just a simple alternative.

EDIT 2: I already said that captchas is what the author probably should use, so I’m ignored to show what the starting point would be if he still wants to use cookies?

-1
source

Source: https://habr.com/ru/post/1415835/

More articles:


All Articles