Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Prevent double voting

I'm creating a web application where users will vote for some candidates by clicking thumbs up or thumbs down, and these users won't have any account on the site.

What is the best technique to use? Is it necessary to use captcha for more protection from spam?

Vote counts are expected to be millions, and the subject is not very critical as long as I get 95% accuracy that would be fine. Thanks.

like image 976
Kamel Labiad Avatar asked Jan 22 '12 16:01

Kamel Labiad


4 Answers

You can combine these two methods:

  • Add a cookie to prevent multiple votes from the same machine
  • Log IP addresses and prevent voting more than a set number of times from the same address (for example, 5 times the same hour).

This will make it possible for multiple persons to vote from the same network but still prevent excessive cheating.

You may also make it harder to build a voting bot by adding some hidden form field with a token that must be included in the vote, and/or use Ajax for the voting. I know it's relatively easy to build a bot anyway but most cheaters aren't that smart.

like image 85
Emil Vikström Avatar answered Nov 19 '22 03:11

Emil Vikström


Cookies and Session Ids will help, although both can be lost when the browser is closed (if the user has it enabled to delete them). Still, they will give you some degree of accuracy (ex. the lazy voters won't bother to close and reopen their browsers).

Using IP Addresses would also work, but as @Michael Dillon said people on the same IP address (same router) will not be able to vote.

like image 26
dgund Avatar answered Nov 19 '22 02:11

dgund


You have several options, some or all of which you can use.

You can record IP and then check against IP, but then this isn't indicative of a specific person just a computer and sometimes not just a single computer.

You can also write a cookie to a user's browser but a user can use a different browser, machine etc.

Within a user's session you could create a session variable, although if you are expecting very high traffic this may not be the best option, and also only prevents re-voting within the same session.

If you are contemplating a captcha, you may as well ask the user to supply an email address and then you are assured of at least one vote per email address. However, even then you cannot be guaranteed valid email addresses.

like image 1
Digbyswift Avatar answered Nov 19 '22 03:11

Digbyswift


You can ask their phone numbers when they want to vote and send to them one time password and use that as verification. Some my also vote from another numbers but i think this is the most accurate way.

like image 1
Sam Omer Avatar answered Nov 19 '22 03:11

Sam Omer