How the protection from unfair voting is implemented?

In NorrCompetition the protection from unfair voting (voter fraud) depends on contest settings.

Users cannot vote by default. To give them this permission you should proceed to Options > Permissions tab and allow users from certain groups to vote for entries (set "Vote" to Allowed).
Read more here: Permissions.

So, the first and the main protection level is to allow only registered users to vote. When the user is voting, his user ID is checked first, and if he has not voted yet, user ID is being recorded to votes table.

The protection levels below are used for cases, when we allow unregistered user to vote.

IP-address check is the second protection level. When the user is voting, their IP-address is checked first, and if they have not voted, IP-address is being recorded to votes table. To enable this option open Options > Competition tab and set the "Check IP" parameter to Yes.

But, there are several problems with IP checks:

  • Many users have dynamic IP-addresses
  • Several users have the same IP-address (for example, different organizations). To solve this problem you can set check for IP+User-Agent combination.
  • A user can use a proxy server to hide his real IP-address

Cookie check is the 3rd protection level. When the user is voting, the component generates a special cookie and writes it to the user’s browser. The user cannot vote when this cookie is set. To enable this option open Options > Contest tab and set the "Check Cookie" parameter to Yes.

The problem with cookie check is quite simple – the user can erase cookie file or simply vote using another browser.

One more protection is Captcha. You can display it to users and protect the voting from bots. Captcha works on the entry page only. Please refer to Entry Layout Options document.

Despite all these protection options, please remember, that there is only one 100% protection from unfair voting - to allow only registered users to vote.