The short answer is that it's impossible to stop a determined attacker if a single unverified visit is the only thing required to alter the order of your story.
You may want to think about implementing a registered user voting system.
However, You can collect several pieces of information and combine all of them:
1) User Agent
2) IP Address
3) X-Forwarded-For header (if available)
Often times attackers will be lazy and not cycle through different user agents. If you setup your system to process visit information at a certain interval (and not in real-time), you could potentially filter out large collections of visits occuring at the same time with the same exact user agent.
You could always download databases of proxies from websites such as antiproxy.com, but the truth is that most well planned attacks today come from botnet nodes which have yet to be documented. It is fully possible for your website to be targeted by an attack with heterogeneous traffic which is indistinguishable from normal visitors.
At the very least, I would suggest changing your implementation so that users can vote on stories and require a captcha.