Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Prevent multiple registrations on a survey website

Tags:

security

php

user-registration

Context

I am developing a survey website where anyone can vote once. Obviously I have to prevent multiple registrations for the survey to remain relevant. I force every user to login with their Google, Facebook or Twitter account. But they can authenticate 3 times if they have an account on each, or authenticate with multiple accounts on the same platform (I have 3 accounts on Google). So I thought to store their IP address, but they can still use a proxy. I could keep the HTTP User Agent with PHP's get_browser(), although they can still change browsers. I can extract the OS with a regex, to change OS is less easier than browsers. And there is also geolocation, for example with the Google Map API.

Questions

  • How to prevent multiple registrations? What kind of test can be done?
  • How to embed these tests? Execute in what order?
  • Have you already deploy this kind of solution?
like image 786
GG. Avatar asked Nov 24 '11 17:11

GG.

3 Answers

The only way to be absolutely sure is to use something that uniquely identifies a person such as a serial number (social security number) or a hardware identifier (RSA key). The next best thing is to require a credit card as that usually identifies the first and last name. All other attempts can be easily broken (ie 2 phase authentication with a phone number, geolocation, etc). Headers sent be the browser can be easily spoofed (geolocation, IP address, user agent are all headers), and as you mentioned it's very easy to create multiple Google/Twitter accounts.

like image 51
Abdullah Jibaly Avatar answered Nov 03 '22 18:11

Abdullah Jibaly

You can verify user by mobile phone, by sending text message with some code to it. This will limit votes count to count of mobile phone numbers owned by user.

like image 23
werewindle Avatar answered Nov 03 '22 18:11

werewindle

Those tests you mention can help prevent some users from registering multiple times, but a determined user will be able to circumvent these measures if they really want.

They can create multiple accounts with Google, FB, or Twitter, spoof their user agent easily with browser plugins, as you said, hide behind large amounts of proxies which also defeat geolocation.

One other thing you could do is add proxy detection, and try to prevent registration/voting if you think they are behind a proxy.

like image 1
drew010 Avatar answered Nov 03 '22 19:11

drew010
Sign in to Comment

Related questions

how to differentiate ajax call and browser request in php (or codeigniter)?
How do you insert multiple records into a table at the same time?
PHP5 database password and can it be stolen?
installing PHP APC extension on windows
google analytics serverside tracking
Implementing a "Did you mean?" feature as used on Amazon and Google
PHP MySQL Search Suggestions
How does one access the URL arguments in codeigniter if one was to follow REST architecture?
calculate product variants based on option groups and options
PHP Injection from HTTP GET data used as PHP array key value
php script that deletes itself after completion
Doctrine 2 annotations and "var"
Download files from ftp server in PHP
CodeIgniter: SQL Audit of all $this->db->query() method calls?
PHP \uXXXX encoded string convert to utf-8
How to prevent user re-sending the form data?
yii error while excecuting custom command
After uploading a file to Drupal 7 via a form, how to get the file's path?
Paypal Buy now button without shipping anything?
Printing float values with sprintf

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!