How is it possible for someone to manipulate the votes?

[lakeside]

I got a new user that signed up, and posted one image.  Shortly the image was showing 35 votes, but my server logs were showing the image had only been viewed 15 times.

So in some way someone managed to manipulate the vote system and post multiple votes.  Is there a browser out there that could circumvent the system?

I understand how a logged in user can be kept track of with the votes, but what about guests that are not logged in? How are their votes kept track of?

Thanks,

[lakeside]

Okay, found it out, VERY EASILY!

A user must only be guest, then clear his/her cookies then revote.

This explains why an image on our site can only show 15 hits to the actual image in our servers logs but show 35 votes.

There really must be a better way about this.

Perhaps a way of eliminating guests from voting, then use the vote stored in database mod so that only registered members can vote, and thus eliminate this vulnarability.

Any people want to comment?

[V@no]

basicaly thats the only way to prevent it - alowed only members vote.
unless u want strore IP addreses in the database...but this case u could block everyone on same LAN or proxy

[Chris]

unless u want strore IP addreses in the database...but this case u could block everyone on same LAN or proxy

It's also useless against dial-up users whose IP changes everytime they connect.