The .NET forums are down right now, and I need this answered fast haha. I remember there was a few developers here. Don’t worry if you don’t know .NET. I can figure out how to program it, I just need some ideas. Here’s the post:
I’ve been working on a website where contestants for a contest are posted, and each has their own vote button. People are allowed to vote 20 times per day.
I store IP addresses in an XML file with the date they last voted and how many votes they used.
What has happened now is that a few contestants are using the Tor network to change their IPs and give themselves a ton of votes. It’s a pretty big prize, and the contest is advertised a lot. So the obvious cheating is making the client look bad, me look bad, and has caused the contestants who don’t know how to cheat to stop voting.
What options do I have to stop this?
We don’t want to do user registration, because it’s obviously annoying, and also because it isn’t in the budget haha.
Blocking foreign IPs isn’t a good solution, because Tor can easily just change to Canada only exit nodes.
I don’t know too much about de-anonymizing Tor, but from what I’ve read, it is very difficult. For every way to detect it, there is a way for them to stop me from detecting it. A cool way would be to use client-side programs to get me their local IP, but unfortunately, it is likely they will be behind a router anyways.
As of now, I have no idea how we will get around this. I just added a field to the DB showing which contestant the IPs are voting for. That way, I can check the foreign IPs, and see who they are voting for. But if we disqualify someone based on that, it won’t be long before other cheaters just starting using Canada-only IPs.
Help would be much appreciated.