Closed (fixed)
Project:
Rate
Version:
7.x-1.3
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
8 Apr 2012 at 14:44 UTC
Updated:
6 Nov 2012 at 22:45 UTC
I like this module; it was easy to configure, plays nicely with the Voting API and the voting widget looks pretty.
I'd like to have voting enabled for anonymous users on my sites, but I noticed that several bots immediately started hitting the node?rate=62c7e5812c.... URLs.
Is there a way to prevent that? Shouldn't the rating action be a POST which is typically ignored by bots?
Comments
Comment #1
bertboerland commentedthough no guarantee against rogue bots, a post would indeed be better then a get.
Comment #2
yt commentedThe module is very userfriendly and I think it could get an awesome tool, but I have the same Problem!
Anonymous Votes are the most worthy input. Most User worldwide read websites but don´t like to post a comment. It is comfortably to give just a click. That is what a rate widget should do. Count anonymous opinions, but no Bot Requests from Search engines.
To make things worse, this Rate Widget is easy to manipulate. It should have a timer to ban IPs that give rates unnatural fast.
Hope this input helps. I have removed the module meanwhile, because it is not usable the way it is.
yours truly
yt
Comment #3
bertboerland commentedthank you for your much needed help and opinions "Anonymous Votes are the most worthy input."
you made my day :-)
Comment #4
mauritsl commentedThere are some reasons why the links are basic links and not forms via post. This is more easy for theming and much better for performance. All links have a basic protection against bots via a rel="nofollow". But sadly that doesn't seem to be enough..
I've added bot detection in the next release. The module is now able to detect bots in three ways:
* Based on user agent string
* Using an threshold. The IP-address is blocked when there are more votes from
the same IP within a given time than the threshold. There are thresholds for
1 minute and 1 hour.
* Lookup the IP-address in the BotScout.com database. This requires you to
obtain an API-key.
This will be available in 6.x-1.4 and 7.x-1.4. It is now committed to 7.x only and will be available in 7.x-dev within 12 hours.
Comment #5
mfbFYI: found a bug in the new rate.bots.inc functionality: #1774468: Fatal error: Undefined function rate_bots_delete_votes() in rate.module
Comment #6
mauritsl commentedSee #1774468: Fatal error: Undefined function rate_bots_delete_votes() in rate.module.
Not considering backporting to 6.x anymore since usage decreases steadily.