I'm currently working on my Referral System, but I have a problem with protecting it of frauds. Okay, here's how it works for now: user registers and activate it's account user now have access to the control panel and there is it's uniqe link in following format: domain.tld/ref/12345 when someone other click to user's link, he or she must to click a specific button to confirm that is not some kind of fraud (like "click here, you'll get $100" or something) system writes visitor's IP in a database and some data to cookies to prevent re-pressing the button. User now have +1 point. But, the problem is that visitor can change it's IP, clear cookies and hit button again. It takes a few seconds, and that's not OK, that's cheating. How to prevent it? Is there some trick to get some unique computer ID or something can't be changed that easy?

Reputation: 106

Making of Referral System

I'm currently working on my Referral System, but I have a problem with protecting it of frauds. Okay, here's how it works for now:

user registers and activate it's account
user now have access to the control panel and there is it's uniqe link in following format: domain.tld/ref/12345
when someone other click to user's link, he or she must to click a specific button to confirm that is not some kind of fraud (like "click here, you'll get $100" or something)
system writes visitor's IP in a database and some data to cookies to prevent re-pressing the button. User now have +1 point.

But, the problem is that visitor can change it's IP, clear cookies and hit button again. It takes a few seconds, and that's not OK, that's cheating.

How to prevent it? Is there some trick to get some unique computer ID or something can't be changed that easy?

Upvotes: 0

Answers (4)

jjlm

Reputation: 38

How about storing the link with with the user when they navigate to the link. then in the database you will have the link and if the users has already been to the link then deny them. Seems like it could work then you wouldn't have to worry about the cookies etc...

Upvotes: 0

symcbean

Reputation: 48387

Really the only options are to tie the process to something which is not so easily manipulated by the user - super cookies, browser fingerprints, OpenID, Email addresses and telephome numbers (the latter 2 using some sort of validaton step before a vote is counted)

Upvotes: 1

smassey

Reputation: 5931

Although it's certainly not 100% accurate, you can still fingerprint visitors using for example a combination of their ip, browser user agent, and with some javascript you can even go for screen size or installed fonts. Using these pieces of information you can set up a system where you save the fingerprints in datatable and in the same record you store the session id (from the cookie). Now when a new visitor arrives you can test their fingerprint against the db of recent fingerprints with different visitor ids. If you find a large number of matching fingerprints (you define the threshold) with different sessions then you can alert for the possibility of fraud.

Cheers

Upvotes: 0

eggyal

Reputation: 125965

The only way you can be certain a referred party does not reuse a referral code is for the original user to send different one-time-use-only referral URLs to each person. Once the code has been used, it is flagged as such in (or removed entirely from) your database so that it can not be used again.

How you prevent the original user from sending multiple links out to the same person is another matter - and not an easy one to resolve.

Who do you perceive to be the threat?

Upvotes: 0

Making of Referral System

Answers (4)

Related Questions