Reddit, as we all know, allows around 1 vote per ip address per link to avoid issues with spammers. I am working on a Slim application that will have a voting feature and I, quite frankly, have no idea how to implement system like this as I have no experience with cookies and native sessions. Also most of my functions have paths like (example) localhost:8888/myapp/voteup/item-to-vote.
On my site I allow members to rate some code between 1 and 5 once every 24 hours. I stop spam by adding a hash code and using ajax to submit a vote. I haven't gotten any spam votes since I added it in June 2012. I used to get about 40 votes per day from bots, but now that has been eliminated for now.
For example this is what my link looks like:
http://phpsnips.com/process/vote.php?id=43&vote=3&enc=a560e4320af4e13e4170947cd42de18b
With that, enc is different every time the page loads, and once the vote is submitted it is changed again.
My steps
The best way to fight automated bots, is to confuse them. Hide some text input fields, name them the otherway around (the name field, name them email, and the site, name them name, etc)
Prefer using Javascript only submission, so it can help mitigate form submission from the outside. The usage of CSRF can help as well. Force the use of cookies, HTTP custom headers, all to ensure that only a browser and no automated means can reproduce.
Logical questions can help as well, like "how much is 1 + 1, write it down" (the answer would have to be two, and make that random) or "what is the day of the week starting with W".