0

Anyone can just spam this, is it easy click the like dislike button after login per visitor? How would you archieve this? Send me the source code too..

  • easiest if the user has an account and you save it in a database. Else there is a lot of ways to still spam likes if you know how to do it. – Medda86 Apr 15 '18 at 13:41
  • I'm afraid that registration of the users is only good way to do this, everything else may be faked (IP addresses, uses agents, cookies). One click per account is easy to accomplish, one click per guest user isn't (or not even possible). – Wh1T3h4Ck5 Apr 15 '18 at 13:50
  • Can you rxplain me more details about that? @Medda86 –  Apr 15 '18 at 14:22
  • @FebryAryo yeah just like Wh1T3h4Ck5 wrote above – Medda86 Apr 15 '18 at 15:09
  • @FebryAryo Unfortunately like people are saying Guest session id's, are just not possible either Client side / or even using Server side logic. So the question you have to ask yourself, how important is it that the like button clicks are truly unique, and how likely is it that your user base is either 1. competent enough to crack your session id logic, 2. are even interested in doing so. If 1 & 2 are unlikely to be an issue, Randy's answer below looks a good idea. There are also fingerprint tools that can be used server side, so mixing them may even make things harder to circumvent. – Keith Apr 15 '18 at 15:20

1 Answers1

1

One mechanism to help you achieve this with a measure of certainty is Fingerprinting the visitors. Using this library:

https://github.com/Valve/fingerprintjs2

You could establish some threshold of variability designed to capture the margins (user changing User Agent, Spoofing IP address, etc.).

Edit

Based on comment discussion, it is important to realize this method should not be used as an absolute. Only the various authentication techniques can reliably isolate individual users with certainty.

Randy Casburn
  • 13,840
  • 1
  • 16
  • 31
  • Interesting library, but unfortunately it's more a play nice session id, and is void of any tampering logic.. :( – Keith Apr 15 '18 at 14:05
  • @Keith - You should probably read up on fingerprinting on the web. Here: https://spectrum.ieee.org/computing/software/browser-fingerprinting-and-the-onlinetracking-arms-race and here: https://amiunique.org/faq or if you prefer WikiPedia: https://en.wikipedia.org/wiki/Device_fingerprint – Randy Casburn Apr 15 '18 at 14:17
  • Hi Randy, I might just do that. But it's not really invalidating what I've just said. Please don't rely on this been bulletproof, as it's not. I certainly wouldn't use this were unique session id's are important. – Keith Apr 15 '18 at 14:36
  • I agree with the session id thing, no doubt about that, but this is a like button, not the vault at Fort Knox. All good my friend. – Randy Casburn Apr 15 '18 at 14:54
  • I agree, but he did say.. -> `Anyone can just spam this` so from his point of view it might be important. And any other users reading this, it's certainly a good idea to warn of the consequences, otherwise someone might use this for something a tad more important than a like button. May I suggest you update your answer with a warning, just in case. ? – Keith Apr 15 '18 at 15:00
  • Sure thing, will do. – Randy Casburn Apr 15 '18 at 15:06