i'm making simple star rating feature in php site , general question is, cookies prevent people spamming multiple votes?
as far know can store cookie javascript , php. what's prevent spammer testing feature, looking @ cookies saved , remove/add them in spam attack script?
a sub question be, should save in cookie? person has voted? what's prevent spammer automatically delete cookies before spam attack?
so far i've got honeypot, secret code calculated time , other things , ip blacklisting.
i try stay out of captchas , recaptchas.
here's fact: @ worst possible case, user may entire new computer cheat system. , there's nothing can it. no matter client-side protections have, can broken.
- cookies trivial reset.
- sessions rely on cookies, hence, trivial reset.
- ip easy enough reset (or use vpn or other such service), moreover, mobile devices change ips walk down street.
the real way authenticate users (i.e. login system) , allow authenticated users vote.
note cookie work 95% of cases, if don't care occasional cheat here , there. if cheating must prevented @ costs, need authentication system.
Comments
Post a Comment