Menu
On my website we run a contest system and users vote for other user's content. We recently caught someone creating multiple accounts to vote multiple times (consecutive id numbers, and votes within a couple minutes). We would like to prevent that from happening again. Judging how Times handled their "Most Influential Person of the Century" poll, even the big guys get it wrong.
Currently we log User ID's, vote date, and IPv4 addresses (via $_SERVER['REMOTE_ADDR']).
What things can I do to prevent or make it more difficult for someone to vote fraudulently?
409
Require user reputation. If you associate the right to vote with an user that has to have a certain reputation (i.e. by participating in your community for a certain time, and providing meaningful content), it becomes increasingly difficult for someone to automate the process of creating multiple identities.
In the end it is a balance between sufficient authentication, ease of access, and the value of the result (for you and the user) - and how you present the results.
187
Using IPv4 address, with browser signature ($_SERVER['HTTP_USER_AGENT']) hash.
If the vote come from different user, but in the same IP address, with the same browser, in a close timeframe window, it is probably a fraud.
If the time is too close, leading to an automated process, a captcha would solve it (but no one likes captcha on polls).
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
