The Attack and Defense of Voting and Voting Brushing - How to Prevent Voting Brushing

In the project, voting is a very widely used function, and it also spawns a lot of vote-swiping behaviors. How to prevent ticket fraud has become a very important issue. This article hopes to be helpful to everyone by sharing some ideas on preventing ticket fraud.

1. IP restriction
This is the most commonly used, most widespread, and indispensable ticket brushing restriction. And since the topics do not have user modules, this method has almost become the only feasible method. This method limits the number of tickets that visitors can use within a period of time by obtaining their IP addresses. Of course, visitors who normally visit the page to vote will definitely be restricted by this method. However, various voting activities and special topics, as well as generous prizes, make some people try every means to swipe their votes.

ADSL users can change their IP address by disconnecting and redialing.
We cannot obtain the real IP address of users who use proxy access.
There are also unknown vote brushing tools.
The above are all problems that we have no way to overcome, and for Internet cafe/intranet users, such a setting will also seem unfair.

2. Cookies verification
This is also a method commonly used on the Internet. However, all information and content from the client are unreliable. People who are familiar with the principles of cookies can easily bypass restrictions.

Cookies can be disabled.
We cannot obtain the real IP address of users who use proxy access.
Cookies can be cleared and modified at will.
3. Session verification
session will assign a unique sessionID to all visitors. This seems to have some effect on preventing ticket fraud. Unfortunately, session has fatal shortcomings.

Close the browser and the session will be destroyed.
If the client disables cookies, the session will also become invalid.
4. Verification code
Register, log in, reply, post... Verification codes are used in a wide range of applications. Unfortunately, as for the specific effect, over time, it was found that this method only made it more difficult for ordinary tourists to vote, and the frequent access to verification codes for swiping votes also greatly increased the burden on the server.

There is a kind of verification code that is feasible. The graphical verification code launched by Google is designed to allow users to flip the picture to the correct direction to complete the verification. There must be very few software or computer operations that can bypass such a verification code very well. However, the disadvantage is that it is very difficult to implement.

5. MAC address restriction
As a web program, it is difficult to obtain the real Mac address (I experimented with php/js and did not successfully obtain the Mac address). When we read the client's Mac address, we also read information stored in the registry, which can also be modified.

6. User module
This should be considered a very useful method. Each visitor must register an account to vote. Voting can be restricted by limiting the account ID, and the initial registered user can be restricted from participating in voting for a period of time. Moreover, if there is a large influx of registered users, it can also increase the traffic of the website. However, for websites in small areas, this will make netizens find it very troublesome and may give up voting, thereby possibly losing users of the website.

7. Behavior Record
In fact, we cannot restrict many ticket fraud behaviors. But sometimes, we can record it very well. And when abnormal voting is detected, the number of votes will be automatically raised, or the illusion of successful voting will be returned, which can also effectively limit vote manipulation.

The disadvantage is that recording too much data will put a lot of pressure on the server. Moreover, if there are not enough recording points to record the behavior, and it is not complex enough, it may also be penetrated by professional users who use ticket fraud.

8. Answer the question
The first time we used this method to limit ticket fraud, we were very pleased to see good results. Unfortunately, if there is not a large enough question bank, the content and answers of the questions will soon be collected. On the contrary, users who normally vote will find voting disgusting, troublesome, and disgusted. Gradually we were abandoned.

9. Random voting address
This method allows each user who visits the page to get a random and unique KEY. Through this KEY, a voting address is generated. This address can only Visit once and become invalid after use.

Unfortunately, for the content of the specified KEY, I currently use the MD5 code generated by sessionid+ip+random number, and sessionid and IP are mentioned in the above content and can be destroyed and tampered with. This method is nothing more than a desperate struggle when IP restrictions and session restrictions are invalid.

10. Fill in the information
When voting, let visitors fill in information such as ID card, name, mobile phone number, etc. that can represent a person's identity for uniqueness verification. However, if you know the format of the ID card, you can fill in your name and mobile phone number as you like, and there is no restriction. On the contrary, it makes people who vote normally feel troublesome.

11. Voting code/numbering system
Before voting, users need to obtain a unique voting code/volume from other pages/mailboxes, which will be invalidated once used. However, how to verify the uniqueness of a 'person'? If there is a user with enough mailboxes, can he get unlimited voting codes?

right! Therefore, this is only a temporary solution rather than a permanent solution. However, at least this method will make ticket swiping people feel troublesome. But at the same time, it will also make people who vote normally feel inconvenient. However, it can be considered useful if it can make the vote-swiping party not so happy.

12. RMB voting
Tiger, this is the best, whether it is texting, calling, or Alipay, one yuan per vote, if you are willing enough, of course, whatever You vote and swipe as you wish, and we're happy not to. Through the combination of payment interfaces, cheating is quite difficult.

However, fairness needs to be considered. After all, not all supporters have money and are willing to spend money. Good works may not get votes because they are "poor". This is fair and In a democratic society, this is not recommended!

Okay, that’s almost all the above methods. To quote a netizen’s original text: “To completely put an end to ticket fraud, we basically have to rely on people.”

Thinking about it:

Flash vote, but I don’t know the principle very well. I will put it into testing when I have time.
Plug-in. Web plug-ins may require users to download and install them, which may be troublesome for ordinary users, and the feasibility remains to be studied.
Some interesting settings, for example, multiple votes in a short period of time may lead to a decrease in the number of votes; negative votes can be cast for a work, but there is a certain chance that it will be invalid or reflected to other works; similar to the 'stealing vegetables' on the farm, we You can vote and so on. Maybe it can add a little more playability, but fairness cannot be guaranteed.
Summary: Personally, I feel that the most effective method at present is RMB voting, which can effectively limit the behavior of vote fraud.

Related recommendations:

php Voting (Survey)

php High Concurrency Bidding

Detailed introduction to the example of php redis implementing the article publishing system (user voting system)

The above is the detailed content of The Attack and Defense of Voting and Voting Brushing - How to Prevent Voting Brushing. For more information, please follow other related articles on the PHP Chinese website!