I have a web app that is running a photo competition. Basically any
user should be able to vote on a photo with a rating between 1 and 5.
At the end of the competition the photo with the highest average
rating wins the competition.
To make things fair we would like to restrict a user from only voting
on any one photo only once. However to encourage voting we dont want
to have to force users to register/signup. So we thought perhaps that
we could track IP Addresses as well as user ids against photos.
So I would just like to know what sort of implications may arise with
tracking IP Addresses. The obvious one that comes to mind is IP
spoofing. But Im not quite sure what happens with dynamic IP
addresses? Does this mean anyone without a shared IP address will
come on with a different IP Address? What about proxy servers?
There will obviously be other measures in place to ensure that rigging
of votes will be kept to a minimum.
I thank anyone that can help shed any light on this and if they think
this is actually viable?
11  2176 
"glenh" <gl******@hotma il.comwrote in message
news:ae******** *************** ***********@a19 g2000pra.google groups.com...
So I would just like to know what sort of implications may arise with
tracking IP Addresses. The obvious one that comes to mind is IP
spoofing.
Correct. This is one the main reasons that IP addresses cannot be used for
this purpose...
But Im not quite sure what happens with dynamic IP addresses? Does this
mean
anyone without a shared IP address will come on with a different IP
Address?
Dynamic IP addresses are exactly as their name suggests i.e. that they can
change at any time. This means e.g. that someone could visit your site,
close their browser, reboot their machine and visit your site again with a
different IP address...
What about proxy servers?
http://en.wikipedia.org/wiki/Proxy_server
There will obviously be other measures in place to ensure that rigging
of votes will be kept to a minimum.
Like what...?
I thank anyone that can help shed any light on this and if they think
this is actually viable?
The only even reasonably secure way of achieving what you want is to force
people to register and log in...
--
Mark Rae
ASP.NET MVP http://www.markrae.net
As Mark pointed out, IP addresses are pretty much useless
for keeping track of who visited your site and who did not.
You can either force people to register and login, as Mark suggested,
or issue a cookie after the user has voted, flagging that the user has voted,
so that later checks are made possible, or do both.
Forcing people to register has the disadvantage of probably reducing participation.
I generally vote at sites that don't require registration, but will walk away if registration is needed.
Issuing cookies is a simple way to keep track of who voted and who did not.
Of course, you will always have a very low percentage of people who will try to cheat by erasing
the cookie and voting again, but I suspect that their impact would be negligible on the results.
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== ========
"glenh" <gl******@hotma il.comwrote in message
news:ae******** *************** ***********@a19 g2000pra.google groups.com...
>I have a web app that is running a photo competition. Basically any
user should be able to vote on a photo with a rating between 1 and 5.
At the end of the competition the photo with the highest average
rating wins the competition.
To make things fair we would like to restrict a user from only voting
on any one photo only once. However to encourage voting we dont want
to have to force users to register/signup. So we thought perhaps that
we could track IP Addresses as well as user ids against photos.
So I would just like to know what sort of implications may arise with
tracking IP Addresses. The obvious one that comes to mind is IP
spoofing. But Im not quite sure what happens with dynamic IP
addresses? Does this mean anyone without a shared IP address will
come on with a different IP Address? What about proxy servers?
There will obviously be other measures in place to ensure that rigging
of votes will be kept to a minimum.
I thank anyone that can help shed any light on this and if they think
this is actually viable?
glenh brought next idea :
>
So I would just like to know what sort of implications may arise with
tracking IP Addresses. The obvious one that comes to mind is IP
spoofing. But Im not quite sure what happens with dynamic IP
addresses? Does this mean anyone without a shared IP address will
come on with a different IP Address? What about proxy servers?
We had a customer once that wanted to track IP addresses of their
customers. Unfortunately the hosting center used a proxyserver, so the
only IP address recorded was that of that proxy server ...
Hans Kesting
"Juan T. Llibre" <no***********@ nowhere.comwrot e in message
news:eW******** ******@TK2MSFTN GP04.phx.gbl...
Issuing cookies is a simple way to keep track of who voted and who did
not.
Of course, you will always have a very low percentage of people who will
try to cheat by erasing
the cookie and voting again, but I suspect that their impact would be
negligible on the results.
I think you might be surprised... IMO, pretty much everyone knows about
(tracking) cookies these days...
--
Mark Rae
ASP.NET MVP http://www.markrae.net
re:
!I think you might be surprised...
Could be...
re:
!IMO, pretty much everyone knows about (tracking) cookies these days...
....and use it to determine the winner of a photo competition ?
Also, there's other ways to suspect of foul play.
If the cookie's time is stored in a database, and later the database is analyzed,
and 500 votes for a particular photo were sent within 15 minutes, while 30 votes
were sent for all the other competitors, I'd suspect foul play. <g>
That's an extreme case but, you're right, just cookies won't cut it.
Other protective measures should be btaken, like the example given.
Any other ideas that would help protect against multiple votes without using IPs ?
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== ========
"Mark Rae [MVP]" <ma**@markNOSPA Mrae.netwrote in message news:OE******** *****@TK2MSFTNG P02.phx.gbl...
"Juan T. Llibre" <no***********@ nowhere.comwrot e in message news:eW******** ******@TK2MSFTN GP04.phx.gbl...
>Issuing cookies is a simple way to keep track of who voted and who did not.
Of course, you will always have a very low percentage of people who will try to cheat by erasing
the cookie and voting again, but I suspect that their impact would be negligible on the results.
I think you might be surprised... IMO, pretty much everyone knows about (tracking) cookies these days...
--
Mark Rae
ASP.NET MVP
http://www.markrae.net
"Juan T. Llibre" <no***********@ nowhere.comwrot e in message
news:O2******** ********@TK2MSF TNGP04.phx.gbl. ..
Also, there's other ways to suspect of foul play.
If the cookie's time is stored in a database, and later the database is
analyzed,
and 500 votes for a particular photo were sent within 15 minutes, while 30
votes
were sent for all the other competitors, I'd suspect foul play. <g>
Of course.
That's an extreme case but, you're right, just cookies won't cut it.
Other protective measures should be taken, like the example given.
Any other ideas that would help protect against multiple votes without
using IPs ?
Not without forcing registration and login...
--
Mark Rae
ASP.NET MVP http://www.markrae.net
To make things fair we would like to restrict a user from only voting
on any one photo only once. *However to encourage voting we dont want
to have to force users to register/signup. *So we thought perhaps that
we could track IP Addresses as well as user ids against photos.
So I would just like to know what sort of implications may arise with
tracking IP Addresses. *The obvious one that comes to mind is IP
spoofing. *But Im not quite sure what happens with dynamic IP
addresses? *Does this mean anyone without a shared IP address will
come on with a different IP Address? *What about proxy servers?
How about a compromise. Have the user enter their email, then vote.
Then a link is sent to their email box and only when they click on the
link will that vote count.
Granted, you could still vote more than once by entering more than 1
email, but at least it would have to be a valid e-mail account.
Hi All,
Firstly thanks everyone who has left a comment on this post. It is
much appreciated.
Mark, to answer your question on what other measures will be put in
place to minimize rigging. We will track any photo that has a high
number of votes on it any particulary day. By nature of the site
theoritically you can only vote on one photo at a time and then the
next photo is displayed (randomly) so any photo that receives a high
number of votes in any particular day shouldnt occur (Julian has made
this same suggestion). We will also be tracking users voting of other
photos, to ensure that a particular user is not voting low 1's on
everyone else's photo. Although this I guess is allowable it is in
the t&c's that every user should vote fairly and any person trying to
influence any particular photo can have their votes pulled.
The big point to make here is that the site is offering quite a large
prize of $100,000 (potentially based on participants). So of course
we are wanting to ensure the safest and fairest process of voting.
So from what I determine so far by your comments is that IP Addresses
are not fool proof as are cookies. Im not that fond of cookies that
much as I know how easy it is to clear the cookies (you dont even have
to close down the browser) and Firefox 2 offers a shortcut key to make
it even easier.
I suspect IP addresses are slightly harder for the user to change.
Mark you say that a user may close their computer down and come back
with a new one. I dont think will be too much an issue for us as you
point out I think a user will soon get sick of this very quickly.
However Im not sure if a user can somehow change their IP address with
some program and do this quickly?
Juan I am in agreeance with you about reduced participation in voting
if users have to register and ideally is something I and my clients
would like to avoid. I think that forcing registration could possibly
discourage voting by over 50% if not more. Of course there will be an
incentive to register by offering a prize but like a lot of people a
prize draw is not an incentive. Also by not having mandatory
registration will mean more votes and ultimately the more votes photos
registered will mean foul voting will have less effect and any user
attempting to rig votes should then be more obvious pick up.
Larry we did think of that idea about activation of email accounts and
will have to be implemented when a user registers (whether
registration is mandatory or not).
At the moment I am toying with the idea of tracking IP addresses along
side with closely monitoring voting unless someone can tell me that it
is really easy to change your IP address. We have thought about
people behind proxy servers and anyone with a duplicate IP address
will be told that they have either voted or are behind a proxy server
and registration will be needed.
I have a little while to keep thinking about this so will appreciate
any other comments made.
Thanks
Glen
"glenh" <gl******@hotma il.comwrote in message
news:f4******** *************** ***********@m36 g2000hse.google groups.com...
Mark, to answer your question on what other measures will be put in
place to minimize rigging. We will track any photo that has a high
number of votes on it any particulary day. By nature of the site
theoritically you can only vote on one photo at a time and then the
next photo is displayed (randomly) so any photo that receives a high
number of votes in any particular day shouldnt occur (Julian has made
this same suggestion). We will also be tracking users voting of other
photos, to ensure that a particular user is not voting low 1's on
everyone else's photo. Although this I guess is allowable it is in
the t&c's that every user should vote fairly and any person trying to
influence any particular photo can have their votes pulled.
The big point to make here is that the site is offering quite a large
prize of $100,000 (potentially based on participants). So of course
we are wanting to ensure the safest and fairest process of voting.
The point here is that $100,000 is a huge sum of money, easily enough to
tempt a hacker.
For that sort of money, I (and many other people like me, many more than you
might imagine) could develop a piece of code which maintained the number of
votes for any particular photo just marginally ahead of the next most
popular photo, all coming from different IP addresses at random times
throughout the day. You'd never know...
This would take me, maybe, half an hour...
If this competition is already live, I'd be amazed if someone hasn't done
this already.
--
Mark Rae
ASP.NET MVP http://www.markrae.net This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Louis Frolio |
last post by:
Greetings All, I have read many upon many articles here regarding GUID
data types and uniqueness. There have been many opinions regarding
the effectiveness of GUID's and when they should/should not be used.
However, every article strongly implies, if it does not state it
outright, that GUID's are always unique. My question is this, what
happens if you have a database that uses GUID's and the NIC is changed
out on the box? From what I...
|
by: Dica |
last post by:
i've got a client that wants to be able to review records about IIS
generated emails.
in his own words, he wants the "ability to track and report message status
(i.e. how many messages were sent successfully, how many were blocked, how
many bounced back with an incorrect address)"
i'd start by adding a new row containing the email address, dateTime, etc
when first sending the email, but how to track the rest of the info? for...
|
by: Abhishek |
last post by:
Hi!
I need to create a unique password everytime i click a button .
what technique/Algo should i follow.
Abhishek
|
by: Goh |
last post by:
Hi,
I would like to know how can we implement a web page that
intelligent enough to unique identify that pc have been visit before without
any cookies and login user require.
I have try implement this by MAC address. When user browser the web
site I sometime can get user pc MAC and sometime no.
Why this type of implementation are so not consistency? Does any
|
by: nondisclosure007 |
last post by:
Hello all!
I have something rather unique. I'm creating a cookie for
customization for a webpage. But I want to tie the user to a machine
(not friendly, I know, but for what I'm doing, it's got to be done).
I know there a whole list of custom USI (Unique System Identifiers) on
a system. IE, System BIOS serial number, that funky code MSFT creates
on windows activation, etc.
| | |
by: l3vi |
last post by:
I have a new system Im building that stores entries of what people are
searching for on my sites.
I want to be able to keep records of how many times a keyword was
searched for daily, and from that I can calculate weekly and monthly.
At this point I have one entry per search phrase with the number of
hits the search phrase has gotten, and the last time it was updated.
As I start to take the program out of testing and move in more...
|
by: Mufasa |
last post by:
I'm looking for a way to get a truly unique identifier for a machine for our
client software. I'd like to have it so that there's little or no setup by
the end user. (We set up the machines and then ship them out for most cases
but some of our customers do provide their own machines.) Our concern is if
somebody takes one of our machines and ghosts it so they have a complete
copy of the machine, it will allow them to continue working.
We...
|
by: raylopez99 |
last post by:
A quick sanity check, and I think I am correct, but just to make
sure: if you have a bunch of objects that are very much like one
another you can uniquely track them simply by using an ArrayList or
Array, correct? An example: create the object, create an array, the
stuff the object into the array. Later on, assume the object is
mutable, the object changes, but you can find it, if you have enough
state information to uniquely identify...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
