How can I prove IP rotation is being used to cheat in public voting?

I am running an anonymous voting contest. We are using cookies as the sole deterrant of multiple voting, but also tracking IP addresses and looking for susp开发者_运维问答iciously high numbers of votes from the same IP. Is there any way to prove that someone is cheating by IP rotation?

only statistically, which is not a 100% proof but you can easily put the statistical terms in your contest terms - for example (just an example, don't know your traffic exactly) - no more than 1 vote per hour from same class B network for same candidate

a good way to filter out based on cookies is to require cookie before contest starts. i.e. only allow previous visitors of the site to vote. place cookie on their computers before they know about the contest. well, and of course require registration for votes, but that's a little more involved.

There is no way to identify the human sitting at the keyboard. So there's no 100% reliable way to prevent or detect multiple votes.

But, you could use some other means to identify the browser. Some useful links:

• Browser info: http://panopticlick.eff.org/
• Flash cookies: http://www.google.com/search?q=flash+cookies
• List of various "offline storage" APIs: https://labs.isecpartners.com/breadcrumbs/breadcrumbs.html

Also, you can check the "User Agent". E.g. Wget and Curl are only used by ballot-stuffers, they're not normal browsers.

Short of watching over their shoulder as they do it you're not going to prove it. There are a few things you could potentially do though to try and catch this out.

The most obvious seems to be requiring email confirmation of voting (e.g. give us your email and click the link we send), you an enforce uniqueness on the emails sensibly and "disposable" addresses would be reasonably easy to spot I suspect. This could be taken a step further to "only registered users can vote" or like stackoverflow "only users with rep > X can vote" even.

See also this question