[relledge]

Over the past week, we have received two complaints from people about sites out there that have the HotScripts.com Rate It code on their page. And, when people vote, the forms have been modified to put a higher score in the database than the person selected.

Let me just say, if you are a HotScripts.com listing partner who is doing this, I would STRONGLY recommend you change your code to the right way as we will delist all scripts by the listing partner who does such an unethical thing.

Today, a guy who had 57 scripts on HotScripts.com now has ZERO for doing this.

HotScripts.com wants to maintain a reputable directory, and people who do this hurt our image. So, if you are one doing this and just haven't been caught by us (yet!), update your site now.

Why do people have to be unethical and STOOOOOPID?

[Mud]

Dude i hate people who do that. What do they get from doing it? Crack down on those people

[java]

I know what you are talking about.

Tools-soft.com is selling software they have simply stolen
the source code to from companies such as OpenCube, and
and Gokhan Dagli (http://www.appletcollection.com/ascroll.html).

Take a look at some of "tools-soft" "software", (which is really
one guy, even though he says he is a "team" of developers. Bull shit).
Anyways -- he also has "jordan-markets" selling the *exact* same
stuff in the hotscripts site, just under a different name. Plus,
somehow "magically" a lot of his stuff has managed to appear at
the top of the category rankings... Hmm... I wonder...

[rob2132]

Quote:

Originally Posted by relledge

Over the past week, we have received two complaints from people about sites out there that have the HotScripts.com Rate It code on their page. And, when people vote, the forms have been modified to put a higher score in the database than the person selected.

Let me just say, if you are a HotScripts.com listing partner who is doing this, I would STRONGLY recommend you change your code to the right way as we will delist all scripts by the listing partner who does such an unethical thing.

Today, a guy who had 57 scripts on HotScripts.com now has ZERO for doing this.

HotScripts.com wants to maintain a reputable directory, and people who do this hurt our image. So, if you are one doing this and just haven't been caught by us (yet!), update your site now.

Why do people have to be unethical and STOOOOOPID?

I could recommend some ways to have you guy's get around this so people can't do that. If you're interested, feel free to email or PM me.

[Mud]

My idea is host the vosting script on ur site and make this use php or asp or frames to include it in their site. Though there is a bandwidth issue,

[rob2132]

Quote:

Originally Posted by Mud

My idea is host the vosting script on ur site and make this use php or asp or frames to include it in their site. Though there is a bandwidth issue,

I think they do have the voting script on their side (I assume that they must--I didn't check myself). Using this method, the other site could just have their own script fake the referer and posting methods and still pass whatever they want. The best quick solution would be to post to the voting script on the hotscripts.com site itself (as we both assume it's doing) and have a "confirmation" of the number. Something can alert the user that "Your vote will not count until you've confirmed this is the correct number".

This would, provided it's required on the other end via some one-time random session, prevent this type of abuse--even though it now involves an extra step in the voting procedure. That would be a very quick, simple and 100% effective means and it wouldn't matter who passed what to the script on the hotscripts.com side, because it would account for these attempts as well as other mistakes anyway and couldn't be circumvented--assuming it was implemented properly (which again, would be very simple to do with the existing script).

Another alternative would be to have them use a frame like you suggested and maybe use something like a Java applet or something on the other end that the user on the othre side couldn't change the fields with. Simply posting to or including a script that uses HTML or form elements could always be overcome otherwise and a frame would make no difference to this because they could use their own form with raw HTML or an actual (more intelligent) script to deal with and overcome the restrictions. No matter what method used above (though the applet would be more so), the bandwidth issues would be non existent.

[Archbob]

No,
Hotscripts voting code is not on their site. It is a simple form code that users cut and paste to their sites. This saves Bandwidth majorly over the iframe method but however, leaves the way for cheating unfortunatey, by unethical members.

[rob2132]

Quote:

Originally Posted by Archbob

No,
Hotscripts voting code is not on their site. It is a simple form code that users cut and paste to their sites. This saves Bandwidth majorly over the iframe method but however, leaves the way for cheating unfortunatey, by unethical members.

I figured as much (as you can see above), so I once again recommend the "confirmation" of the vote "scoring" on the hotscripts.com side. Thus, no matter what they change, the user would have to confirm or refuse (and report the 'abuse' which should be another option) the score on the end the site doesn't have control over. It would be so small that bandwidth considerations would not be an issue. A simple form with a button to confirm or deny the vote. However, this would have to be session based, where it would create a random session from the initial vote to be able to ensure there was an initial vote score posted to the hotscripts.com voting script, and then require a confirmation.

This would be the only way to ensure that the abusive site didn't just post directly to the 'confirmation' side of the process. it would be pretty simple and fail safe as well--unless the site owner created some scripts to do some very interesting and sneaky things--like have a script on their end post to, grab and parse the response from hotscripts.com's own voting script output, including the 'session' and then have the user post to it or have the script itself automatically post back to it and 'confirm' the vote. Most people are clueless how to go about doing that, even if it is quite simple to do.

However, that problem too, can be overcome by simply checking the session against the requesting and posting IP, to ensure they are the same. This would mean that any script on the other end (abuser's side) would have to send out from that systems' IP/ethernet IP. That would not match the user's own IP for the following confirmation. If they didn't ever use the actual voter's IP, you'd have on record that it was the site's own IP, which would only be allowed to post once anyway and then it would deny them from voting again. Thus, short of changing the IP of the site or masking script they could use, it would allow them to trick one user with one vote and then they couldn't get by that after that without changing their site IP (or worse, the ethernet IP), which would not pay to do and would be unlikely. Well, that's my suggestion anyway, it's all very simple to do.

[rob2132]

This suggestion would also prevent it from happening no matter where they had the script or what site it was on. Again, few would know how, even if it's quite simple to do. However, all in all, anyone that intent on skewing the votes would surely just jump through a few thousand proxy servers and up their vote scores anyway. However, this would stop the most obvious and easy and quick methods to skew their voting scores.

Since it's so simple to do, it would be worth doing anyway. The rest of the more hardcore abusers would have to run through a proxy. So my final suggestion due to that, would be to force people to have cookies enabled and have a double-session. Different sessions that must match the same IP. This would make it so someone would either have to use a tool or specific setting to be able to run through proxies, unless they wanted to keep trying to remove cookies all the time or use a tool. That's about as good as it's going to get and it's not too bad (for the intent of the feature in question).

[the|Skrilla]

Fail-Proof method:

The best way to control this kind of thing would be to use an image form element with the ratings on the image. When the image is clicked, the form is submitted and the XY coords of the mouse click on the image are sent as well.

For instance, let's say that the "5" rating is from (40,0) to (50,10) on the image, and they click within that area.

Code:

<input type="image" src="image.gif" name="hsrate">

Code:

if ($_POST['hsrate_x'] >= 40 && $_POST['hsrate_x'] <= 50 && $_POST['hsrate_y'] >= 0 && $_POST['hsrate_y'] <= 10)
{
    // Do some stuff...
}