Anti fraud voting system w/o login.
-
Hi, I am developing a voting system for a company, everything is going OK but the ability to detect and reject fraud votes. Currently I am using cookies to determine whether the user has already voted or not, but this is not enough at all becoz a normal user can delete the cookie and vote again and again! A hacker can write a small program to send thousands of web requests that hold no cookies at all, which is of course a disaster! I though about saving the IP address of each vote and block multiple votes from one IP, but there are many shared machines in cafes, universities, etc. Furthermore, many machines may be behind a firewall which means they will have the same public IP address. I am sure that there are techniques to solve this problem but I couldn't find any by googling it, any ideas from experts? ps: I don't want a ready-to-use solution, I want to write it myself coz I want to learn it. Thanks everybody! :rose:
And ever has it been that love knows not its own depth until the hour of separation Mohammad Gdeisat
-
Hi, I am developing a voting system for a company, everything is going OK but the ability to detect and reject fraud votes. Currently I am using cookies to determine whether the user has already voted or not, but this is not enough at all becoz a normal user can delete the cookie and vote again and again! A hacker can write a small program to send thousands of web requests that hold no cookies at all, which is of course a disaster! I though about saving the IP address of each vote and block multiple votes from one IP, but there are many shared machines in cafes, universities, etc. Furthermore, many machines may be behind a firewall which means they will have the same public IP address. I am sure that there are techniques to solve this problem but I couldn't find any by googling it, any ideas from experts? ps: I don't want a ready-to-use solution, I want to write it myself coz I want to learn it. Thanks everybody! :rose:
And ever has it been that love knows not its own depth until the hour of separation Mohammad Gdeisat
Mohammad A Gdeisat wrote:
I though about saving the IP address of each vote and block multiple votes from one IP,
I guess, this is what CP is doing. Do your users need to login to cast their vote? If yes, you can store the user id and IP address. And each time check this combination exist. So that multiple users from same IP can vote once. I guess there is no 100% fraud proof technique is available. :)
Navaneeth How to use google | Ask smart questions
-
Mohammad A Gdeisat wrote:
I though about saving the IP address of each vote and block multiple votes from one IP,
I guess, this is what CP is doing. Do your users need to login to cast their vote? If yes, you can store the user id and IP address. And each time check this combination exist. So that multiple users from same IP can vote once. I guess there is no 100% fraud proof technique is available. :)
Navaneeth How to use google | Ask smart questions
The problem is that users are not required to login, otherwise I could just store a vote-userID combination. Any ideas?
And ever has it been that love knows not its own depth until the hour of separation Mohammad Gdeisat
-
The problem is that users are not required to login, otherwise I could just store a vote-userID combination. Any ideas?
And ever has it been that love knows not its own depth until the hour of separation Mohammad Gdeisat
Mohammad A Gdeisat wrote:
Any ideas?
Not much. As I said, it is tough to implement fraud proof online voting system. Best method I can think is, you should keep the IP address validation and forget about multiple users using the same IP.
Navaneeth How to use google | Ask smart questions
-
The problem is that users are not required to login, otherwise I could just store a vote-userID combination. Any ideas?
And ever has it been that love knows not its own depth until the hour of separation Mohammad Gdeisat
Mohammad A Gdeisat wrote:
Any ideas?
Yes. You are screwed. If you don't validate the user, you can't validate the user. The end.
Christian Graus Driven to the arms of OSX by Vista. "I am new to programming world. I have been learning c# for about past four weeks. I am quite acquainted with the fundamentals of c#. Now I have to work on a project which converts given flat files to XML using the XML serialization method" - SK64 ( but the forums have stuff like this posted every day )
-
Hi, I am developing a voting system for a company, everything is going OK but the ability to detect and reject fraud votes. Currently I am using cookies to determine whether the user has already voted or not, but this is not enough at all becoz a normal user can delete the cookie and vote again and again! A hacker can write a small program to send thousands of web requests that hold no cookies at all, which is of course a disaster! I though about saving the IP address of each vote and block multiple votes from one IP, but there are many shared machines in cafes, universities, etc. Furthermore, many machines may be behind a firewall which means they will have the same public IP address. I am sure that there are techniques to solve this problem but I couldn't find any by googling it, any ideas from experts? ps: I don't want a ready-to-use solution, I want to write it myself coz I want to learn it. Thanks everybody! :rose:
And ever has it been that love knows not its own depth until the hour of separation Mohammad Gdeisat
Well I think no matter what you are not going to be able to stop very motivated repeat voters. Even major democractic elections using physical voting machines and verified official IDs still run into voter fraud and they've been doing it for years! However there are probably measures you can take to stem fraud to a minimum. Your first task is to make sure scripts can't vote, only people...so definitely use a CAPTCHA. Also have the user enter an email address with a unique link embedded inside, so they need to check their email and click on a link to make the vote count. This wont stop people with multiple emails voting, but you could also look into doing some simple data mining after the vote takes place to notice any glaring issues...like if there are 10 votes in 10 minutes from the same IP. Another critical note: whatever this voting system is going to elect, it better not be important! Because if it is, someone motivated enough will probably be able to crack, or at least bias, whatever system you have in place. Good luck!