Security vs robots

Hello,

we are trying to make a website all based on people voting for certain medias.

The people would have to go on a page, click on a picture/link/whatever that would call a .php page (using AJAX) that would then:
1- verify with the person' I.P address if he as already voted today
2- if not, then add the vote to the database
3- if yes, return a message like "you already voted..."

without even reloading the actual page

The question would be:
if there any other way then with the I.P to control spam votes?

But our main concern is actually that someone could create an apps/robot that would "simulate" a user with a different I.P address and spam our website easily!

So how to make sure if the "click" is legit 100%???

C-B

You could try a...crap I forgot what it is called...lol. But it's the little letters you see on Webforumz before you can make an account...That verifies that you are a human and not a spam bot.

Yes that of course the automatic image creation of validation images will be used but more for registration forms and so...

but for simple click and votes, we're trying to make it as simple as possible for users because if they have to write as little as 5 letters for a simple vote...chances are they won't vote!!!

But thanks for the suggestion

C-B

Hmmm, you could embed the voting system in flash. As far as I know spam bots won't read flash, or at least not well enough to vote!

I think it is called a capatcha or somthing, Jacob. Yeah, you could do it with flash... As Jacob says.

Thanks for replying,

flash may be a good idea, we'll consider it.

And I've been hearing about captcha too, looks interesting, I'll look into it


C-B

Yeah I made a captcha recently and it stops most bots. Also I think you need to read through and data inputed and make sure it doesnt have certain words such as web addresses and "content-type" stuff as these bots try to do email/mysql injection. I guess it doesnt matter if you just have a button, but if you use text areas, thats differnt.

He just said that he did not want a captcha. He wanted to make the voting process easy, and did not want the user to have to type in letter or numbers...lol.

I said It looked interesting and I was going to look into it, which means when I have time... which I don't because bosses tend to give more job when you're already loaded... hehe

but if it required people to answer/enter anything, then it's a no

C-B

Well I guess it is a no. Like when I suggested it above you said no, then they said it was called a captcha!

Yeah I probably misread something, I'm in dire need of sleep

hehe

but now we're going towards the flash idea, it seems to be the simpliest yet safest suggestion I've read about so far! Besides, our site is made for users who have flash (it's not a flash site but includes flash modules), so we don't have to worry about that --> if users don't have flash, they shouldn't bother to go to our site!

C-B

Eeek, mabey I should read before typing!