Multiple Votes Flood Control

I know this sounds like a weird request, but does version 8 have flood control for polls where people are allowed to vote multiple times?  I'm having a problem where people setup scripts to vote 25 to 100 times a second so they can win the battle.  I'd like to limit them to be able to vote only once per second or something reasonable (i.e. the speed of a human).

Hmmm.  I need to come up with a solution.  The Battle of the Islands is one of the more popular features of the website, but people voting with scripts is becoming a problem.

I think I am going to try limiting users to 1 vote per second by recording the user's timestamp in a poll_audit table in the database.  When they come back to vote again, if its been more than a second, the current time stamp will be different than the timestamp in the database and it will allow the vote.  If the time stamps match (i.e. its still within the current second), then it will redirect them to a "You are voting too fast" page telling them to slow down.

I haven't decided yet, but I might somehow flag their account so I know who has tripped the flood control.

For the average voter, it should take approximately 1 second for them to manually vote.  Even on a T1, I haven't been able to vote faster than 1 vote per second, so I think that is reasonable.  And I have already warned them that I was either going to eliminate the poll all together (making them earn votes every time they post in the forum instead) or implemement flood control.

I already created a poll_audit table to record who is voting and the number of times they voted in polls allowing multiple votes.  So it shouldn't be too hard to add the flood control.

At first I hoped publicly displaying who is voting the most would discourage people from using scripts (the theory being it would be obvious who is cheating), but I have found that is not the case.  So now I will have to implement flood control with advanced auditing to catch cheaters.

Borg, do you have any suggestions, or do you think this would be sufficent to prevent people from voting more than once a second?  Or would you suggest a different way of implementing flood control?

-boRg- wrote: I have put a flood control for the multiple votes on the 'to-do' list as long as I can find away without making modifications to the database.

Thanks.

-boRg- wrote: Disallowing Guests from voting should also help remote voting.

Guest voting is disabled and simple auditing has already been implemented (i.e. I track how many times a user has voted in a poll, but not each individual vote due to storage concerns).

I actually know who is doing it and unfortunately its been more than one person on more than one occasion.  With version 7.x of WWF, it appears its pretty easy to vote extremely quickly and I am not sure how they are doing it.  People have reported people voting hundreds of times a second... while logged in, and I have personally seen people vote 25 times a second... while logged in.

So whatever they are doing apparently works even when they are logged in.

-boRg- wrote: I would set the flood control time higher as 1 second still allows 60 votes per second.

Maybe we are talking about implementing flood control in different ways, but the method I was thinking about would only allow 1 vote per second.  If they voted at 1 second after midnight 00:00:01 it would prohibit any further votes until the clock reached 00:00:02.  It would compare timestamps and if they matched, they couldn't vote. 

The only problem with my method is that it adds an additional database hits, since I would store the timestamp in the database.  I suppose I could store the timestamp in their cookie instead of the database, but being stored on the user's system, it could be spoofed.  I wonder if a session variable could be used for this?

You probably have a much better way of doing it.


Edited by wistex - 03 May 2006 at 12:08pm

Okay, I figured out how they were doing it.  They actually were using the poll and "technically" they weren't cheating.  (Borg, I'll PM you on how they were doing it.)