I have written a message board as my first ASP.NET project. It seems to work well so far. However, one of the features I have is that each message has a spam rating. It is simply the number of times that viewers have marked the message as spam divided by the total number of times the message has been viewed. The idea is to allow users to ignore messages with high spam ratings if they choose to do so.
However, the whole system can be foiled by a spammer simply viewing his own message and refreshing it a bunch of times, which will increase the number of times the message has been viewed. It can also be foiled by someone who marks the message as spam a bunch of times in a row. I need a way to determine whether a particular visitor has already viewed a particular message, and a way to determine whether a particular user has already marked a particular message as spam.
I don't want to require registration - I want anyone to be able to view or post messages. Two ideas I've been considering are setting a cookie when the visitor gets onto the site so I can track them, or creating a new data table that logs IP addresses of users when they view a message or mark it as spam. Can anyone else think of a better way? Does .NET have any built in features that might help me determine whether the visitor is viewing a page for the first time?
-
The most reliable measure is IP address filtering as the spammer could circumvent any other method by writing his own program to request the page. It will affect your clients behind NAT, but for spam filtering purposes, it works pretty OK.
JoshBerke : A spammer could also spoof the IP Address making IP Filtering useless. You would also loose people who are behind a nat.Mehrdad Afshari : It's much less likely and is by far harder. This is always the problem. You have to sacrifice :) Any spam filtering mechanism I have seen has false positives.Tom V : It is a message board for a small community of people who share similar interests. I don't anticipate running into hordes of users who will be viewing the same messages from behind the same NAT, so I think the IP option will work the best, at least for now. Thanks to everyone for you input. -
ASP.Net has a built-in feature called
Personalizationthat can be used to detect and remember anonymous users alongside normal "registered" users.eglasius : I think that depends on a cookie, so I don't think it is good for the scenarioJoel Coehoorn : You can configure it a number of different ways. -
For anonymous users use the IP. This will give false positives, specially for some internet providers, but it looks like a decent trade-off for your scenario. I would also make it simple for users to get identified, open id is a great way to do this.
Tom V : I was actually thinking about making that an option to users. People who identified themselves will have their message marked as "verified", which will allow other users a greater level of discrimination when deciding which messages to take seriously. Thanks for the recommendation to use Open ID.eglasius : @Tom, glad to help, up votes are welcomed :)
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.