2007-07-04, 03:03 AM
DennisTT suggest me new thread there, so i'm.
In public poll, malicious guest can disable cookie and voting many times.
(from: http://community.mybboard.net/newreply.p...pid=140860)
I thought about IP test for voting. My forum is for charity organization so many people can using internet cafe. I can block IP after vote for only 1 hour, maybe 30min. Malicious users can be little stopped, and other users from this internet cafe still have chance for voting.
I will add new field "voteip" to xxx_pollvotes. Next, for this ip (if exists) i can compare date with dateline (in polls.php, action==vote)
i'll use:
I'm not 100% sure but for transparent proxy and "anonymous proxy" (transparent too) $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]
give us correct ip. Only Elite proxy can't be detect this way
You can check this:
In public poll, malicious guest can disable cookie and voting many times.
(from: http://community.mybboard.net/newreply.p...pid=140860)
I thought about IP test for voting. My forum is for charity organization so many people can using internet cafe. I can block IP after vote for only 1 hour, maybe 30min. Malicious users can be little stopped, and other users from this internet cafe still have chance for voting.
I will add new field "voteip" to xxx_pollvotes. Next, for this ip (if exists) i can compare date with dateline (in polls.php, action==vote)
i'll use:
$IPx = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"];
$proxy = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$host = @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);
but maybe you have some function for this - i will make sure that i'm not destabilize my forumDennisTT Wrote:IP addresses cannot really be relied on these days for voting because of NAT behind networks - all users of a local network share a common public IP address on the internet, the majority of AOL users use a list of transparent proxies and as a result they show up as having the same IP address as well.
Our IP address function is get_ip() and it is already assigned to a user in $session.
As for the double voting cookie problem, it is fixed already. If you wish to suggest other changes to the poll system, please make a thread in the suggestions forum or post on the ideas site.
I'm not 100% sure but for transparent proxy and "anonymous proxy" (transparent too) $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]
give us correct ip. Only Elite proxy can't be detect this way
You can check this:
- get fresh anonymous proxy from http://www.digitalcybersoft.com/ProxyLis...ransparent
- set this proxy in your browser settings (firefox: Tools->options->advanced->network->settings)
- next you can check you Anonymous and true IP on:
http://www.engpol-community.org/abc.php