My company regularly holds contests on the Internet. They consist of simple tests with several choices, where the fastest person wins the prize to complete the quiz.
Recently, we had a big problem with cheaters (there are a lot of minor entries that could not be done manually). Time is calculated on the server side, so the fraudster cannot manipulate time directly. The only possible way to cheat is to write a script to automatically populate and submit the quiz.
We have already completed the following steps to try and combat this:
- Limit the user to a single entry (by checking the IP address and requesting an email address).
- randomly take questions from the pool (unfortunately, each survey must be translated, so the actual pool size is quite small due to our limited translation resources)
- randomize the question and response order
- randomize the names and class names of quiz elements
Even with all of the above methods, we still get people who manage to cheat.
As a last resort, we are considering replacing the quiz text with images and randomizing image names, but that would be a nightmare for accessibility and could still be fooled using image comparisons. Therefore, we really want to avoid this, if at all possible.
So, I was wondering if anyone has any ideas on how to deal with this?