Gateway Page Help

Mark

Administrator
Staff member
Actually a captcha cant resolve that kind of problems, developer's should make more advanced checking with the vote's and not just if the ip is the same.
A good idea would be to also check cookie's and a combination of some other things/tricks.

Check above a video how i botted with my single pc 5 votes in just 1 minute using the inbuild hola broswer proxy shit.
The amazing thing is that all my vote's are valid for visiolist since my ip is changing everytime.

What you have posted is nothing new, common knowledge for last 10 years. Open to suggestions.... Cookies can be emptied easily... What other ideas do you have? Stopping proxy is very expensive, consider proxy blocking costs hundreds, sometimes thousands of dollars per month.
 

vnevermore

Member
What you have posted is nothing new, common knowledge for last 10 years. Open to suggestions.... Cookies can be emptied easily... What other ideas do you have? Stopping proxy is very expensive, consider proxy blocking costs hundreds, sometimes thousands of dollars per month.
Yes never said is something new but indeed is a problem don't you think? Especially when the rank of a topsite is calculated from votes that can be botted so easily.
Is common sense, if i was a site owner who wanted to enter a toplist, and knew that the first rank/website have 990 of its 1000 votes fake, i wouldn't join ....

Now back to the idea...
Its true Cookies can be deleted easily, but i think that a combination of protection's can solve that kind of problems.
So is something like -> checking cookies + checking ip > checking ip

I've seen a really good protected website on the terms of vote checking but i will not post the link here since the forum ( and i can't find the reason ) is accessible from quests and randoms.
Maybe you can look into it, and take some idea's .

Also i have to say, that this website does not use captcha, but just a simple gateway with a vote button.
 

magnum

Member
Ich Prüfe die Votes zusätzlich mit Cookies.

Zum zweiten, wird jeder Vote in der Datenbank gespeichert:
IP, Country, Region, Display Width, Display Height, System, Browser, ISP

Mit den gespeicherten Daten habe ich mehr Kontrolle über die Votes, und kann durch zusätzliche if abfragen die Votes von einzelnen Usern oder von allen, kontrollieren.

So zum Beispiel:
Code:
elseif ($username == "Renania" && $data_display_width == "$display_width_c" && $data_browser == "$check_browser" && $data_operating_system == "$check_operating_system")

{
  $TMPL['gate_check_ip'] = base::do_plugin_skin('./plugins/IPGateCheck','bl_user');
}
else

{
$TMPL['gate_check_ip'] = base::do_plugin_skin('./plugins/IPGateCheck','vote_ok');
}
Der User bekommt dann entweder einen Vote Buttons angezeigt oder nicht.
Mein Script ist nicht Professionell, deswegen müsste es mal einer schreiben der ein Profi ist.

Ich hatte das ganze schon mal vorgeschlagen ;)
-------------------------------------------------------------------
Google Translater :)

I Check the votes in addition to cookies.
Secondly, each vote is stored in the database:
IP, Country, Region, Display Width, Display Height, System, Browser, ISP
With the stored data I have more control over the votes, and by additionally if query the votes of individual users or by all, control.

The user then receives either shown a Vote buttons or not.

My Script is not professional, so it would have to go sometimes of a programmation him a professional is.

I had already suggested whole.
 

Mark

Administrator
Staff member
Yes never said is something new but indeed is a problem don't you think? Especially when the rank of a topsite is calculated from votes that can be botted so easily.
Is common sense, if i was a site owner who wanted to enter a toplist, and knew that the first rank/website have 990 of its 1000 votes fake, i wouldn't join ....
its a problem, but not something easily solved programmatically.

It's common sense, if you are the admin of a toplist (like we all are) and your top ranked sites are known cheaters, you need to delete the cheaters. I am always looking for methods to automate stopping cheaters but in my experience manual investigation is still the best.

Sorry, but cookies offer zero additional protection, incognito browsing is only 1 click away. Cookies are always stored on the client.
 
Last edited:

Mark

Administrator
Staff member
Secondly, each vote is stored in the database:
IP, Country, Region, Display Width, Display Height, System, Browser, ISP
With the stored data I have more control over the votes, and by additionally if query the votes of individual users or by all, control.
This is about as close as we could get, a simple log of as many details as possible. But it's still futile, it should be noted that the VPN cheat method posted earlier will still work perfect on this as all of that info can easily be spoofed and most of it is auto spoofed by the VPN. The only hope is the admin can recognize a pattern, but that would be easier to recognize with timestamps.


I have most of the code for a "vote log" on hand from years ago when we investigated this, I'll roll it into 1.6 so you all have the tools available
 

magnum

Member
Ganz kann man das Faken von Votes nicht vermeiden. Das stimmt.
Aber man kann ein Muster erkennen wenn man eine "vote log" hat. Dann kann man Handeln.
Hier mal meine Vote Log Seite, wie ich es Protokoliere.
-------------------------------------------------------------------------
Translater
Completely one cannot avoid the Faken of Votes. That's right.
But one can recognise a pattern if one "vote lied" has. Then is able to do one action.
Here sometimes my Vote log page, how I it Protokoliere.

 
Top