I have strange problem with rating, i make simple ajax like/dislike on my site but im not sure if this correct way to protect from bots to click there...
I asked here because always when i publish post i can find same IP after few minutes is clicked on like button, always like and always same IP, is possible to be some type of bots ?
My code is
<div data-id="<?php echo $row['id']; ?>" class="like-btn<?php if(!$voted) {echo' vote_like';}?> main-sprite"></div>
js
$(function(){
$('.vote_like').one('click.like', function () {
var pageID = $(this).data('id');
$('.vote_dislike').off('click.like').removeClass('vote_dislike');
$('.like-btn').addClass('voted_like');
$('.rate-total,.rate-count').hide();
$('.rate-done').fadeTo(100,0.6).html('Loading...');
$.ajax({
type:"POST",
url:"/rate",
data:'act=like&video_id='+pageID,
success: function(){
$('.rate-done').fadeTo(100,1).html('Thanks!');
$(".bg-green").animate({width:'100%'},800);
},
error:function(){
alert('Something is wrong, try again!')
}
});
});
$('.vote_dislike').one('click.like', function () {
var pageID = $(this).data('id');
$('.vote_like').off('click.like').removeClass('vote_like');
$('.dislike-btn').addClass('voted_dislike');
$('.rate-total,.rate-count').hide();
$('.rate-done').fadeTo(100,0.6).html('Loading.');
$.ajax({
type:"POST",
url:"/rate",
data:'act=dislike&video_id='+pageID,
success: function(){
$('.rate-done').fadeTo(100,1).html('Thanks!');
$(".bg-green").animate({width:'0%'},800);
},
error:function(){
alert('Something is wrong, try again!')
}
});
});
});
And than i call /rate php
<?php
session_start();
$md5 = $_SERVER['HTTP_HOST'];
if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest' && $md5 == 'sitename.com') {
// REST OF CODE
}
?>
I'm not sure there's any way of doing this without somehow storing the list of IPs that have rated a particular item before. As part of the rating process you'd (for instance) check to see if the item ID / IP combo in question already exists in your database. If it does, you do nothing, if it doesn't, you process the rating and add the combo to your database so you don't rate it again.
Obviously that's an example, and it won't be 100% foolproof because it's going to clobber multiple people who have the same public facing IP etc., but it would probably be a good starting point.
You can store IP-rated_item relation in your database in order to prevent rate same agent in one item several times. For each item, it can rate only once by doing this. However, you do not want to rate bot things on every items. You can prevent bots on your web server with RewriteRule. Here is an example;
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^evil_bot1[OR]
RewriteCond %{HTTP_USER_AGENT} ^evil_bot2 [OR]
.....
RewriteRule ^.* - [F,L]