Gossamer Forum
Home : Products : Gossamer Links : Discussions :

Rating / voting security

Quote Reply
Rating / voting security
Hi,

im currently using Link SQL to track votes for a Flash showcase site i own.

It allows non logged in visitors to rate sites and tracks them in the normal way by logging their full IP address to the ClickTrack table - anyone who's already voted for an individual site (in the last 24 hours) gets an error message.

My question is how can i make this system more bomb proof? as site owners have now figured out that if they close their internet connection and log back on they can vote for their site again - their ISP assigns them a different IP.

Going through the ClickTrack table its obvious which sites are trying it on as you get a grouped list of similar Class B and C IP addresses.

Would tracking Class B IP's instead of the full address be helpful in this situation?

thanks for your help,

charlie



Comedy Quotes - Glinks 3.3.0, PageBuilder, StaticURLtr, CAPTCHA, User_Edit_Profile

Last edited by:

Chas-a: Oct 29, 2003, 2:34 PM
Quote Reply
Re: [Chas-a] Rating / voting security In reply to
You could try modifiying /admin/Links/Users/Rate.pm .. Make sure you backup, but you could try the attached. This should check for a cookie, and if that doesn't exist, it will also check their IP etc in ClickTracks.

I wrote this mod a while ago, and it seemed to work ok.

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] Rating / voting security In reply to
Thanks for the response & script Andy. It looks like your setting the expiry for 7 days - so for 24 hours ill need to change that to -expires => '+1d' ?

my $cookie = $IN->cookie( -name => $id, -value => "TRUE", -expires => '+7d');

Im hoping to use this in addition to tracking the Class B IP's (xxx.xxx instead of xxx.xxx.xxx.xxx) - using this method will prevent some people for voting but should stop 99% of cheats (i think...).

Would the example below work for saving and retrieving Class B IP's?


my $IPfull = $ENV{REMOTE_ADDR};

my $IPshort = substr($IPfull, 0, 6);

my $rows = $click_db->count ( { LinkID => $id, IP => $IPshort, ClickType => 'Rate' } );


If so within rate.pm replace all references to $ENV{REMOTE_ADDR}; with $IPshort using this example?

thanks again

Charlie



Comedy Quotes - Glinks 3.3.0, PageBuilder, StaticURLtr, CAPTCHA, User_Edit_Profile

Last edited by:

Chas-a: Oct 30, 2003, 8:54 AM
Quote Reply
Re: [Chas-a] Rating / voting security In reply to
I ONLY allow Ratings from Logged In users- and I write the user name into the Rating table. Not only helpskeep the vpoting fair, but also entices people to sign up!
dave

Big Cartoon DataBase
Big Comic Book DataBase
Quote Reply
Re: [carfac] Rating / voting security In reply to
Hi carfac,

I dont think that would be a workable solution in this case as im using one page to showcase all the votes - if the number of people voting dropped to a handful each week it devalues the credibility of each weeks vote also sites aren't entered permanently into the site without receiving a majority vote each week and due to the amount of traffic a site can get for a permanent listing i imagine we'd get loads of site owners registering fake accounts (from free email accounts) to cheat the system.

Charlie



Comedy Quotes - Glinks 3.3.0, PageBuilder, StaticURLtr, CAPTCHA, User_Edit_Profile

Quote Reply
Re: [Chas-a] Rating / voting security In reply to
Yeah- did not think it would be too workable a solution for oyu... just wanted to throw that out as a solution for some people!
dave

Big Cartoon DataBase
Big Comic Book DataBase
Quote Reply
Re: [carfac] Rating / voting security In reply to
thanks anyway dave Smile



Comedy Quotes - Glinks 3.3.0, PageBuilder, StaticURLtr, CAPTCHA, User_Edit_Profile