All geek questions in one place

Double Voting Prevention

I am creating a web application in which users will vote for some candidates by clicking on the thumbs up or down, and these users will not have an account on the site.

What is the best way to use? Do I need to use captcha for more protection against spam?

The vote count is expected to be millions, and this question is not very critical if I get 95% accuracy, which would be nice. Thank you

+6
source share
3 answers

You can combine these two methods:

  • Add a cookie to prevent multiple voices from the same computer.
  • Write down the IP addresses and prohibit voting more than a certain number of times from the same address (for example, 5 times in the same hour).

This will allow multiple individuals to vote from the same network, but still prevent excessive cheating.

It may also be more difficult for you to create a bot vote by adding some hidden form field with a token to be included in the vote and / or using Ajax to vote. I know it's relatively easy to build a bot anyway, but most cheaters aren't that smart.

+4
source

Cookies and Session IDs will help, although both may be lost when you close your browser (if the user has allowed them to be deleted). However, they will give you a certain degree of accuracy (for example, lazy voters did not bother to close and reopen their browsers).

Using IP addresses will also work, but since @Michael Dillon said that people on the same IP address (same router) will not be able to vote.

+1
source

You have several options, some or all of which you can use.

You can write down the IP address and then check it on the IP address, but then this does not mean that a specific person is just a computer, and sometimes not just one computer.

You can also write cookies in a user browser, but the user can use a different browser, machine, etc.

In a user session, you can create a session variable, although if you expect very high traffic, this may not be the best option, and also only prevents re-voting during one session.

If you are considering captcha, you can also ask the user to provide an email address, and then you will get at least one vote for the email address. However, even then you cannot be guaranteed a valid email address.

+1
source

Source: https://habr.com/ru/post/906590/

More articles:


All Articles