Preventing voting cheaters

October 25, 2008 – 6:37 pm

You know how in many game listing sites they allow games to reward users for votes by sending the game server some data when a legitimate vote is counted? Yes, that’s a very nice and easy way to get lots of votes from your players.

However, there’s a lack of security involved. If somebody could figure out what the secret voting page is where the data is sent to, they could possibly fake a vote and get rewarded automatically every day/week, depending on when the votes are reset. There’s a simple way to avoid this: give that file a ridiculous long, random name and hide it in sub-sub-sub-directories, which might be bordering on paranoia.

Here’s a simple suggestion to any game listing owners, if you read this blog: give each game owner a unique key, and send that key along when you are sending user/voting info to a game server. It’s a very simple way for the game listing to identify itself and for the game server to verify it!

To be honest, I don’t know of any cases where somebody found a way to automatically fake voting by sending POST or GET requests to a page in a game, but it is possible. This suggestion just provides a little bit of security without having to require large code rewrites for the game listing and for the game owner.

  1. 3 Responses to “Preventing voting cheaters”

  2. Would it not be much easier to have game listing owners announce if their outgoing IP Address from the callback ever changes and then use that to only allow callbacks to the file from their IP address?

    I’d imagine this would be alot more secure and simpler than your outlined method. On the other hand, a simple 32-64 char string would do as you mentioned, being sent to the callback file (I don’t understand why this wouldn’t be done in the first place, and the game in question could choose to ignore that parameter if they wished)..

    By Free PBBG on Nov 7, 2008

  3. Yep, that would work as well, but each method has its own disadvantages :)

    By Andy on Nov 7, 2008

  4. hi
    I like your blog, do you want to trade links?
    Please send me email.

    kind regards
    freebrowsergamer.com

    By browser based games on Dec 25, 2008

Post a Comment

Persistent Browser-Based Games Blog is proudly powered by WordPress Entries (RSS) and Comments (RSS). Designed by Bob