Geek Answers Handbook

How to prevent the largest number of cheaters for polls?

On my website, we are launching a competition system, and users are voting for other user content. Recently, we caught that someone creates several accounts for voting several times (consecutive identification numbers and votes within a couple of minutes). We would like to prevent this from happening again. Judging by the way the Times handled its poll β€œThe Most Powerful Man of the Century,” even the big guys are wrong.

We are currently registering user IDs, voting dates, and IPv4 addresses (via $ _SERVER ['REMOTE_ADDR']).

What can I do to prevent or impede someone from voting fraudulently?

+6
security php
source share
5 answers

Require user reputation. If you associate the right to vote with a user who must have a certain reputation (i.e., participating in your community for a certain time and providing meaningful content), it becomes increasingly difficult to automate the process of creating several identifiers.

In the end, it is a balance between sufficient authentication, ease of access and the meaning of the result (for you and the user) - and how you present the results.

+6
source share

Using an IPv4 address with a browser signature ($ _SERVER ['HTTP_USER_AGENT']) hash.

If the vote comes from another user, but in the same IP address, with the same browser, in a closed timeframe window, this is probably a fraud.

If the time is too close, which leads to an automated process, it will solve the problem (but no one likes to intercept polls).

+1
source share

Unfortunately, it is very difficult to prevent fraudulent voting, when there is a will, there is a way. However, the whole point is to make it as inconvenient as possible to trick the system.

Do you have accounts that require a unique verification email address before you can use this account?

How often can users vote? If it will be only once or once a day, you can send an email to check your voice, however this can be a pain for legitimate users.

Not sure about the size of the website, however, when you start talking about an extremely large website, such as polling time, it’s hard to just judge whether consecutive voices are fake when looking at the IP address. Colleges and offices can often have hundreds of people at the same IP address. It's hard to say if this is one person per voice, or if one person is going to all his friends on the dormitory floor, telling them to vote (can explain new subscriptions / voices from the same IP address all at the same time )

There really is no answer to this question, just keep checking the magazines and delete voices that don't look legit.

0
source share

As you have already done, keep track of IP addresses as well as voting time and prohibit multiple votes from the same IP address in the same time period. This will affect only a few students.

Another simpler way to do this with secure voting is to force registration and email confirmation. Some bot / spam sites can still work around this with their own domain, but then you can block domain registration and voting from this site. This is the β€œmost annoying,” but the most time-consuming, therefore leading to the least likely, combined with IP addresses to result in a lot of hype.

Remember that you are not going to interfere with all the scammers in your system, but you can mitigate them.

0
source share

I would use a combination of voice throttling of IP addresses and cookies. Yes, cookies can be deleted, but this will stop the malicious type of person who also turns out to be an idiot.

IP address control checks to see if anyone from this IP address has voted recently (say 10 minutes, whatever you consider fair, depending on the demographics or the number of people who voted from a large organization on the same IP address) and stop voting counted.

Combine these 2 with your use of user ID already and as realistically as possible.

0
source share

More articles:


All Articles