Ways to prevent cheating caused by dynamic ip addresses tampering with PHP-driven web contests

Question

Hey all,

Let's say you have a website contest programmed in PHP, and the user must click their favorite picture. Now from what I hear, there are ways to dynamically change your ip address, such as with the iphone, so it looks like you are someone else and therefore you can continuously click the same picture over and over in a matter of minutes, therefore finding a loophole in the contest and cause cheating.

First, I would like to know whether this is true and second if it is true, are there ways to address this issue? And if there aren't, can a user really change their ip address so many times in a matter of minutes?

Thanks for any response.

Answer 1

In some cases, it is possible to change your IP address with a simple script. To prevent fully automated votes, you could use CAPTCHA. To prevent users from clicking over and over, you could implement user registration and limit the votes per user.

Answer 2

Here are some other options to consider:

• You could require an email address to vote.

• You could set some cookies. These are easily by passed, but the way you get around them bypassing it is by allowing them to vote multiple times without telling them they have already voted, but do not increment the value of the vote.