Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: blocking IPs

by Abigail-II (Bishop)
on Jan 27, 2004 at 14:06 UTC ( [id://324418] : note . print w/replies, xml ) Need Help??


in reply to Re: blocking IPs
in thread blocking IPs

I doubt the more than a million AOL customers can be considered to be on a single LAN. Sure, they have "lots and lots" of proxies, but up to a few years ago, they hid behind a dozen proxies. Perhaps they now have a few hundred of them. That still means they have a high user/IP ratio. And AOL isn't the only ISP with a lot more customers than proxies and/or NAT boxes.

But you shouldn't only think big. Think small as well. Think families. Lots of families either share a computer, or are hidden behind the same proxy or NAT box. Blocking on IP means that little brother can vote, but when he shows the site to his sister, the sister can't.

It's user hostile, and the tell mark sign of a bad programmer. A good programmer would never start from a broken design.

Abigail

Replies are listed 'Best First'.
Re: blocking IPs
by b10m (Vicar) on Jan 27, 2004 at 14:37 UTC

    It's choosing between two (or more) evils. Either you allow everyone to vote as often as possible (with possible abuse), or you restrict it in someway, and have some negative side effects, ranging from forcing people to register, to blocking potential legit votes (and the fact that you can work around it if you really want to).

    I take it, the OP has experienced people abusing the voting script, otherwise the whole blocking question probably never would come up.

    I, personally, find forcing users to register far more user unfriendly (hostile) than the blocking of some legit votes. It all depends on the amount of visits, I presume. If you only get a handful of visitors a day, blocking based on IP probably won't hurt. If you get a lot of visitors, it might work counter productive, I agree. And yes, small sites might get big, but a lot of them will stay small forever.

    In this specific case, the OP seems to have the voting procedures all done, and adding the procedures for users to log in (because I presume you think that is a better way, but I have no clue of knowing that for sure, since you don't specify a better alternative) probably takes a lot more time than implementing a simple IP-blocking test. And I personally would not do that, because of my already explained annoyance with registration on (simple) websites.

    I fully agree that IP blocking isn't nice (and personally, I would just allow everyone to vote as often as possible and would manually look through the logs to see if I could detect certain abusive votes, or even write a script to do the work for me and report every Monday, first thing in the morning :), but disregarding IP blocking as useful straight when you see the words isn't helping much either. It all depends on specific cases. Most sites won't get away with it, but small sites could use it quite well, IMHO.

    --
    b10m
      But what is the goal of having the poll? I can think of two reasons: 1) you have an interest in the outcome of the poll; that is, you want to result to reflect the opinion or experience of your visitors. Or 2) you do it to attract people to your site, or to enhance their visit with the voting experience.

      In case 1) shutting out people is as bad as having people vote more than once. In case 2) shutting out people is worse than having people vote more than once.

      Abigail

        I have to disagree on you on this specific case. As I see it, the OP has a website full of images and he wants to give the visitors the abillity to specify how much (or not) they like the specific pictures. Possibly to create a "best of" list.

        Shutting down people may result in the loss of a view votes (either positive or negative votes), which is bad. Allowing users to vote as much as they like may result in heavilly influenced votes, for someone could vote a hundred times on "5 stars", just to see that picture rank highest. Blocking on IP for a certain ammount of time may stop those abusive users to a certain degree. You must be quite determined to reconnect your connection a lot of times to get a different dynamic IP address, or find a bunch of proxies, which takes time and effort too.

        By forcing users to register solely to vote, you probably lose votes too, for a lot of people won't take the hassle to register -IMHO-, and skip the voting, they otherwise might have done.

        Like I said, it's choosing between evils and our opinions seem to differ on this point. It also depends on the ammount of traffic, as I stated before.

        --
        b10m