Detecting abuse for post rating system

I am using a wordpress plugin called “GD Star Rating” to allow my users to vote on stories that I post to one of my websites. http://everydayfiction.com/ Recently we have been having a lot of abuse of the system. Stories that have obviously been voted up artificially. “GD Star Rating” creates some detailed logs when a user votes on a story. Including; IP, Time of vote, and user_adgent, ect..

For example this story has 181 votes with an average of 5.7 http://www.everydayfiction.com/snowman-by-shaun-simon/ Most other stories only get around ~40 votes each day.

Read More
  • At first I thought that the story got on to a social bookmarking site Digg, Stumbleupon ect… but after checking the logs I found that this story is getting the same amount of traffic that a normal story gets ~2k-3k.

  • I checked if all the votes for this perpendicular story where coming from a the same IP address. I could see this happening if a user was at a school’s computer lab using all their lab computers to vote up this story. Not one duplicate IP address in the log for this story.

    SELECT ip, COUNT(*) as count FROM wp_gdsr_votes_log WHERE id=3932 GROUP BY (ip ) ORDER BY count DESC

  • Next I thought that a use might be using a proxy to vote up a story. I checked this by grouping all the browser user_agent together to see if there a single browser voting in a perpendicular way. At most 7 users where using a similar browser but voted sporadically (1-5), no evidence of wrong doing.

    SELECT user_agent, COUNT(*) as count FROM wp_gdsr_votes_log WHERE id=3932 GROUP BY ( user_agent) ORDER BY count DESC

  • I also check to see if all the votes came in at a once. Maybe someone has a really interesting bot that can change the user_adgent and uses proxies, ect… At most 5 votes came with in 2 mins of each other. It doesn’t seem to be any regularity on how people vote (IE a 5 vote does not come in once a min)

    SELECT * FROM wp_gdsr_votes_log WHERE id =3932 AND vote=5 ORDER BY wp_gdsr_votes_log.voted DESC

The obvious solution to this problem is to force people to login before they are allowed to vote. But I would prefer to not have to go down that route unless it is absolutely necessary.

I’m looking for suggestions on things to test for to detect the abuse.

Edit

Anther thing that I just tested was to see if all the people that voted on this perdicutre story were first time voters on the site by IP address. It appears that about 80 people by IP address voted on this story first and no other story. I check it against other stories and found that most of the time it is the opposite where 80% of the people that do vote, vote in several different stories as well. I think this proves that there is something fishy going on here but i’m not sure how they would have done it or how I could filter out the artificial votes.

SELECT id, `ip`, COUNT(*) as count FROM `wp_gdsr_votes_log` GROUP BY (`ip` ) ORDER BY `count` ASC 

Edit 2

Wow OK, it looks like one of the band members from http://www.mychemicalromance.com/ (rhythm guitarist) posted a link about the article in their twitter and on the bands website. I’m just surprised that there hasn’t been a big increase of visitors only people up voting the story..

Related posts

Leave a Reply

3 comments

  1. Maybe it’s not a problem at all. Maybe you hit on a story that more people cared enough about to actually vote on.

    One thing you might check is the percentage of votes versus traffic as compared to other stories that have similiar traffic.

    I read it. Nice story. I voted as well. 😉

  2. You must ensure that your voting is at least establishing a session when they first hit the page, and that the session is still active when they vote. If you’re not at least requiring some type of token that you specify, the client could post data to your server all day, spoofing IP addresses and User Agents.

    If you’re using sessions, or some other type of token access that forces the use of your forms, then it seems, according to the information that you have so far, that the votes are indeed coming from different computers.

    Check your web server logs for the referrer to see how they’re finding the article.

    If you can’t prove that a vote is invalid, then I think you have to accept it.

  3. If there’s a flaw in your rating system it most likely situated with the form itself. A simple F5/refresh could get multiple votes in if no checking is done. There must at least be a session or userid as well as a unique token you can check against to avoid F5 exploits.