Hi,
 
I’m not a skilled programmer, just a dabbler and a website designer. I
want to hire someone for a project if the following is possible at a
reasonable cost.

I’m thinking about putting a survey feature on a website but I only
want to do this if I can prevent somebody from writing an automated
script that votes multiple times. If that were to occur, the surveys
become almost worthless.

I am aware of several methods to prevent polling manipulation: 
--cookies
--IP tracking (one vote per IP per day(?) for each survey)
--sending an email to each voter and have them vote through the link I
send them (one vote per email address)
--displaying a picture (gif) of a random number that
optical-character-recognition technology can’t read and have the voter
enter the number in a text box (like overture.com’s advertiser login).

I have found several companies that offer polling services that
include using cookies and IP tracking, but that seems very easy to
work around since cookies can be turned off and IP addresses spoofed.
(Correct me if I’m wrong about that). I don’t like the method where I
would email a visitor a link to vote because the number of people
taking the poll would be greatly reduced. I DO LIKE the method of
using a picture of a random number. So ideally I would use IP
tracking, cookies, and the picture of a number to prevent somebody
from writing a script to vote multiple times. I can live with the rare
occurrence of somebody manually voting multiple times from different
IP addresses or computers, I am really just looking to prevent
somebody from writing an automated voting program to manipulate
results.

Here’s my question:

1. Besides the methods listed above, is there any other way to prevent
somebody from creating an automated voting program that would skew the
survey results?

2. What would be the best method to prevent such manipulation that
would still make it easy for site visitors to vote? (this can be a
very general answer)

3. Would using all three of these methods be effective: IP tracking,
cookies, and the “picture of a number” technique?

4. Approximately how much would it cost me to have this type of
security built into a survey? I realize this is impossible to answer
accurately, so give me your best rough estimate of what it would cost
to have a competent programmer write or modify existing code.
$100-$400, $400-$800, $800-$1200, $1200+??

Hi Captain Jeff,

Good day and thanks for your question.

You've covered some good ways of preventing automated votes. There is
one more way (which is similar to the one vote per e-mail). Get the
users to register to vote, and only one vote per user is counted.

Off the topic, your question reminds me of a familiar incident in
1999. Slashdot released a poll asking users to vote for the best
school in US for Computer Science. On one day, Carnegie Mellon landed
up getting a few thousand votes. The next day, MIT's votes suddenly
increased. The other schools had less than a thousand votes each. MIT
won by around 100 votes. Both the schools landed up with more than
21,000 votes. This incident led to Carnegie Mellon developing Captcha
(more about it later in the answer)

Whatever method you use, the votes can always be inflated. Of all the
methods, one method that prevents unauthorized votes is the picture
method. This method is used by almost all major sites now, including
Yahoo.

As far as your second question is concerned:

Cookies
-------
Cookies, as you mentioned can be deleted / not accepted in the first
place. It’s easy to write a script that deletes cookies and then casts
a vote.

IP Address
----------
IP addresses can be spoofed as you mentioned. But that is just one
part of the story. Most dial-up users have dynamic IP’s. Many others
use proxy servers. In the former case, there are chances that a user
who has logged on to your site to vote may not be allowed to simply
because some other user who was assigned that IP address at some point
of time earlier, already cast a vote. In the latter case (proxy
servers), the IP address is that of the proxy server. Assuming there
are 100 users using the same proxy server, only one user's vote will
be counted - that of the first one to vote.

Sending e-mail
--------------
This is very irritating both for you and for the recipients. Some of
the people receiving mail may consider it to be spam and may land up
blocking your email address. Additionally, you will find your mails
going into the Bulk Folders of web-based email services like yahoo! &
MSN Hotmail.

Regarding your third question, the usage of cookies, IP logging &
pictures together is today the best way to prevent automation. In
fact, the usage of pictures alone can prevent automation by robots.
Using all three is effective, with minimum "additional" votes.

Your final question asks how much it would cost for a programmer to
code something like this for you.

Before you venture into hiring a programmer for coding, I suggest you
look at Captcha. Yahoo uses Captcha’s Gimpy to prevent automated
e-mail sign-ups and other things. Gimpy is based on the human ability
to read extremely distorted and corrupted text, and the inability of
current computer programs to do the same. Gimpy works by choosing a
certain number of words from a dictionary, and then displaying them
corrupted and distorted in an image; after that Gimpy asks the user to
type the words displayed in that image. While human users have no
problem typing the words displayed, current bots are simply unable to
do the same.

There are two versions of Gimpy : Gimpy and EZ-Gimpy. You can
test-drive them both
Gimpy : http://www.captcha.net/cgi-bin/gimpy
EZ-Gimpy : http://www.captcha.net/cgi-bin/ez-gimpy

You can also download them.
Gimpy : http://www.captcha.net/gimpy_install.tar
EZ-Gimpy : http://www.captcha.net/ez-gimpy_install.tar

Running Gimpy requires The Gimp version 1.2.1 (an image manipulation
program that is freely distributed). Additionally, it requires the
perl module Gtk, version 0.7003 or higher. The Gtk module can be found
in the CPAN archive.
CPAN Archive : http://www.cpan.org/
The Gimp : http://www.gimp.org/

If you find setting up Gimpy too difficult and you want a programmer
to implement it completely, try http://rentacoder.com or
http://scriptlance.com - both these sites are very good sites where
you can get your work done and not spending that much. From your 4
choices, I would place the price in the $100-$400 category.

I hope this answers your question. If you have any clarifications,
then please don't hesitate to ask, and please don't rate the question
until your clarification has been clarified.

Warm regards,
aditya2k

Search Terms: distinguish between human and computer

Fabulous! Answered my question thoroughly and pointed me in the right
direction. Thanks!

I went to both of the above links and they are both bad links.  Does
anyone know where I can get the gimpy program?