07-04-2007, 03:03 AM
DennisTT suggest me new thread there, so i'm.
In public poll, malicious guest can disable cookie and voting many times.
(from: http://community.mybboard.net/newreply.p...id=140860)
I thought about IP test for voting. My forum is for charity organization so many people can using internet cafe. I can block IP after vote for only 1 hour, maybe 30min. Malicious users can be little stopped, and other users from this internet cafe still have chance for voting.
I will add new field "voteip" to xxx_pollvotes. Next, for this ip (if exists) i can compare date with dateline (in polls.php, action==vote)
i'll use:
but maybe you have some function for this - i will make sure that i'm not destabilize my forum
I'm not 100% sure but for transparent proxy and "anonymous proxy" (transparent too) $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]
give us correct ip. Only Elite proxy can't be detect this way
You can check this:
But i'm not sure how is this with AOL. Maybe somebody from AOL can check this for me
In public poll, malicious guest can disable cookie and voting many times.
(from: http://community.mybboard.net/newreply.p...id=140860)
I thought about IP test for voting. My forum is for charity organization so many people can using internet cafe. I can block IP after vote for only 1 hour, maybe 30min. Malicious users can be little stopped, and other users from this internet cafe still have chance for voting.
I will add new field "voteip" to xxx_pollvotes. Next, for this ip (if exists) i can compare date with dateline (in polls.php, action==vote)
i'll use:
PHP Code:
$IPx = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"];
$proxy = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$host = @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);
DennisTT Wrote:IP addresses cannot really be relied on these days for voting because of NAT behind networks - all users of a local network share a common public IP address on the internet, the majority of AOL users use a list of transparent proxies and as a result they show up as having the same IP address as well.
Our IP address function is get_ip() and it is already assigned to a user in $session.
As for the double voting cookie problem, it is fixed already. If you wish to suggest other changes to the poll system, please make a thread in the suggestions forum or post on the ideas site.
I'm not 100% sure but for transparent proxy and "anonymous proxy" (transparent too) $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]
give us correct ip. Only Elite proxy can't be detect this way
You can check this:
- get fresh anonymous proxy from http://www.digitalcybersoft.com/ProxyLis...ransparent
- set this proxy in your browser settings (firefox: Tools->options->advanced->network->settings)
- next you can check you Anonymous and true IP on:
http://www.engpol-community.org/abc.php
But i'm not sure how is this with AOL. Maybe somebody from AOL can check this for me
