Welcome to Geeklog Saturday, March 28 2020 @ 11:29 pm EDT

Geeklog Forums

Poll Spamming


Status: offline

monoclast

Forum User
Junior
Registered: 08/07/06
Posts: 26
So it seems if you use another web browser, you are able to vote more than once in a poll. And there have been times I have seen the poll plugin allow me to vote again even with the same browser. Is this because it uses cookies? Wouldn't it be a better idea to also check the IP address to prevent this from happening?
-mono
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
Yes, it checks cookies. But what makes you think it doesn't also check IP addresses? What on Earth can it do if you changed your IP address (every time you re-connect online) and erased your cookies? The only alternative is for you to disable voting for anonymous users*.

* Then again, I guess the only way to do it currently is to hide the poll from them altogether.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
:rtfm: How do the polls work?
 Quote

Status: offline

scarecrow

Forum User
Junior
Registered: 24/10/07
Posts: 33
From what I've seen the polls will allow a user using the same browser and IP to vote again after a few days. I've voted several times in this site's front page poll just to see if it was something related to the sites I maintain, or something global.
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
Dirk, why doesn't the poll also store usernames? Then registered users wouldn't be able to manipulate it at all.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: LWC

Dirk, why doesn't the poll also store usernames?


For privacy reasons.

bye, Dirk
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
What if you just save the actual fact if they voted or not (1 or 0)? I don't think that would hurt their privacy too much.
 Quote

Status: offline

lasat

Forum User
Newbie
Registered: 04/11/07
Posts: 6
It is possible to store only that a user has already voted for a poll and not what he has voted.

So there should be 3 possibilities:
1. IP based
2. Cookie based
3. User based

At http://fsim-ev.de we changed the polls plugin to this bahavior. You can check this out from http://fsim-ev.de/hg/geeklog (our mercurial repository)
 Quote

Anonymous

Anonymous
Most polls use cookies to check who's voted, simply turning them can get around this.
Also, using the Firefox addon - iMacros - is a fantastic way to spam polls.
See a certain ED page for further lulz and information:
http://encyclopediadramatica.com/Poll%27s_closed
 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 04/08/03
Posts: 1295
I`d distinguish between a dishonest buse and a spamming like comment spamming.

You can`t handle dishonest abuse if anonymous can also vote other than by moral. So you could write that you rely on the honesty of the voters only to vote once.

If you open the poll only for registered members then it would make sense to keep track of the voting per user-ID rather than cookies.
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/05
Posts: 1387
Quote by: lasat

It is possible to store only that a user has already voted for a poll and not what he has voted.

So there should be 3 possibilities:
1. IP based
2. Cookie based
3. User based

At http://fsim-ev.de we changed the polls plugin to this bahavior. You can check this out from http://fsim-ev.de/hg/geeklog (our mercurial repository)



Can you submit a patch for this? Maybe we can get around the privacy issue by having a config option to enable or disable user based checking.
One of the Geeklog Core Developers.
 Quote

All times are EDT. The time is now 11:29 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content