Posted on: 05/12/09 10:02am
By: monoclast
So it seems if you use another web browser, you are able to vote more than once in a poll. And there have been times I have seen the poll plugin allow me to vote again even with the same browser. Is this because it uses cookies? Wouldn't it be a better idea to also check the IP address to prevent this from happening?
Re: Poll Spamming
Posted on: 05/12/09 10:10am
By: LWC
Yes, it checks cookies. But what makes you think it doesn't also check IP addresses? What on Earth can it do if you changed your IP address (every time you re-connect online) and erased your cookies? The only alternative is for you to disable voting for anonymous users*.
* Then again, I guess the only way to do it currently is to hide the poll from them altogether.
Re: Poll Spamming
Posted on: 05/12/09 10:28am
By: Dirk
Re: Poll Spamming
Posted on: 05/12/09 12:13pm
By: scarecrow
From what I've seen the polls will allow a user using the same browser and IP to vote again after a few days. I've voted several times in this site's front page poll just to see if it was something related to the sites I maintain, or something global.
Re: Poll Spamming
Posted on: 05/13/09 04:37am
By: LWC
Dirk, why doesn't the poll also store usernames? Then registered users wouldn't be able to manipulate it at all.
Re: Poll Spamming
Posted on: 05/13/09 08:01am
By: Dirk
Quote by: LWCDirk, why doesn't the poll also store usernames?
For privacy reasons.
bye, Dirk
Re: Poll Spamming
Posted on: 05/13/09 03:14pm
By: LWC
What if you just save the actual fact if they voted or not (1 or 0)? I don't think that would hurt their privacy too much.
Re: Poll Spamming
Posted on: 06/15/09 11:12am
By: lasat
It is possible to store only that a user has already voted for a poll and not what he has voted.
So there should be 3 possibilities:
1. IP based
2. Cookie based
3. User based
At
http://fsim-ev.de[*1] we changed the polls plugin to this bahavior. You can check this out from
http://fsim-ev.de/hg/geeklog[*2] (our mercurial repository)
Re: Poll Spamming
Posted on: 05/16/10 03:41pm
By: Anonymous (Anonymous)
Most polls use cookies to check who's voted, simply turning them can get around this.
Also, using the Firefox addon - iMacros - is a fantastic way to spam polls.
See a certain ED page for further lulz and information:
http://encyclopediadramatica.com/Poll%27s_closed
Re: Poll Spamming
Posted on: 05/17/10 09:22am
By: 1000ideen
I`d distinguish between a dishonest buse and a spamming like comment spamming.
You can`t handle dishonest abuse if anonymous can also vote other than by moral. So you could write that you rely on the honesty of the voters only to vote once.
If you open the poll only for registered members then it would make sense to keep track of the voting per user-ID rather than cookies.
Re: Poll Spamming
Posted on: 05/17/10 04:39pm
By: Laugh
Quote by: lasatIt is possible to store only that a user has already voted for a poll and not what he has voted.
So there should be 3 possibilities:
1. IP based
2. Cookie based
3. User based
At http://fsim-ev.de[*1] we changed the polls plugin to this bahavior. You can check this out from http://fsim-ev.de/hg/geeklog[*2] (our mercurial repository)
Can you submit a patch for this? Maybe we can get around the privacy issue by having a config option to enable or disable user based checking.