I like this module; it was easy to configure, plays nicely with the Voting API and the voting widget looks pretty.

I'd like to have voting enabled for anonymous users on my sites, but I noticed that several bots immediately started hitting the node?rate=62c7e5812c.... URLs.

Is there a way to prevent that? Shouldn't the rating action be a POST which is typically ignored by bots?

Comments

bertboerland’s picture

though no guarantee against rogue bots, a post would indeed be better then a get.

yt’s picture

Version: 6.x-1.3 » 7.x-1.3

The module is very userfriendly and I think it could get an awesome tool, but I have the same Problem!

Anonymous Votes are the most worthy input. Most User worldwide read websites but don´t like to post a comment. It is comfortably to give just a click. That is what a rate widget should do. Count anonymous opinions, but no Bot Requests from Search engines.
To make things worse, this Rate Widget is easy to manipulate. It should have a timer to ban IPs that give rates unnatural fast.

Hope this input helps. I have removed the module meanwhile, because it is not usable the way it is.

yours truly
yt

bertboerland’s picture

thank you for your much needed help and opinions "Anonymous Votes are the most worthy input."

you made my day :-)

mauritsl’s picture

Status: Active » Patch (to be ported)

There are some reasons why the links are basic links and not forms via post. This is more easy for theming and much better for performance. All links have a basic protection against bots via a rel="nofollow". But sadly that doesn't seem to be enough..

I've added bot detection in the next release. The module is now able to detect bots in three ways:

* Based on user agent string
* Using an threshold. The IP-address is blocked when there are more votes from
the same IP within a given time than the threshold. There are thresholds for
1 minute and 1 hour.
* Lookup the IP-address in the BotScout.com database. This requires you to
obtain an API-key.

This will be available in 6.x-1.4 and 7.x-1.4. It is now committed to 7.x only and will be available in 7.x-dev within 12 hours.

mfb’s picture

FYI: found a bug in the new rate.bots.inc functionality: #1774468: Fatal error: Undefined function rate_bots_delete_votes() in rate.module

mauritsl’s picture

Status: Patch (to be ported) » Closed (fixed)

See #1774468: Fatal error: Undefined function rate_bots_delete_votes() in rate.module.
Not considering backporting to 6.x anymore since usage decreases steadily.