Geek Answers Handbook

How can I prevent users from voting more than once in 1 hour?

At the moment, I have a script with CAPTCHA that logs the IP address of the user at the input so that the user does not vote more than once per hour.

However, many people use proxies to get around this limitation of votes, and I would like to use additional protection.

I understand that there are other questions on this topic, but they always attract people who want users to be able to vote only once, and not by time.

Thanks for any help

EDIT: I don't want to force users to log in

+7
source share
5 answers

There is no 100% safe way to avoid people voting more than once per hour, but there are several ways to make it harder to get around it:

  • Placing cookies on the user's computer.
  • Write down your IP address
  • Store content in your local storage (only for users with HTML5 browsers)
  • If you really want to start digging deeper, you can begin to set limits based on the length of the user's session, the number of pages that they went through before the vote, i.e. start profiling users who are trying to circumvent the system, and start introducing restrictions for those profiled users.
+6
source

You can use cookies, but people can delete them. The simple answer is, without forcing them to log into the system (for which they can create several accounts if they have several emails, etc.), It would be difficult to limit them if they could not sneak in any way.

+2
source

  • MEMORY tables on a server with IP addresses

  • evercookie

  • browser fingerprints

  • registration required

  • Cron task to clean tables once an hour

  • http://code.google.com/p/mailvalidator/

  • make a list of prohibited domains

visit 10minutemail and copy the email domain and add to the list

+1
source

Do you mind having users register on your site to vote? I would say do it based on account, not IP. Many users may be behind NAT, which would assign them the same external IP (I think, work or school). In this case, I would say that a table with four columns is enough: user identifier, poll identifier, voting time, choice. If the same user id / poll id exists and the time is greater than now minus one hour, they are not allowed to vote

0
source

If the "bad" people are smart enough to use proxies to vote against your will or rules, there is a chance that they will also be able to circumvent other protections ...

But here is what you can do:

1) Set up cookie on machine after voting, but users can manually delete cookie

2) Use user accounts for voting confirmed by email, but users can create alternative user accounts.

2bis) A user account can only get a vote after 24 hours, and may not be suitable for your application.

3) Like a stack overflow, it implements a reputation mechanism on user accounts so that they can vote only after they have proved that they are not just bots or alternative personalities

0
source

More articles:


All Articles