On my website we run a contest system and users vote for other user’s content. We recently caught someone creating multiple accounts to vote multiple times (consecutive id numbers, and votes within a couple minutes). We would like to prevent that from happening again. Judging how Times handled their “Most Influential Person of the Century” poll, even the big guys get it wrong.
Currently we log User ID’s, vote date, and IPv4 addresses (via $_SERVER[‘REMOTE_ADDR’]).
What things can I do to prevent or make it more difficult for someone to vote fraudulently?
Require user reputation. If you associate the right to vote with an user that has to have a certain reputation (i.e. by participating in your community for a certain time, and providing meaningful content), it becomes increasingly difficult for someone to automate the process of creating multiple identities.
In the end it is a balance between sufficient authentication, ease of access, and the value of the result (for you and the user) – and how you present the results.