Interesting work. I'm not sure I'd agree with adding in special provisions for rate-limiting non-browser User-Agent strings since they're so trivial to spoof. I wouldn't see much benefit from adding this since it'd only really impact people who put the minimum amount of effort into writing a bot.
I was wondering how a websocket approach (rather than a HTTP REST API) would change the work required to rig the voting system in the way you are. It'd probably be a bit less convenient than it is right now, but I'm guessing there are probably client libraries available for Python that would let you connect to a websocket server with minimal fuss. It might make it easier to control though - you could limit based on the number of connections open per IP and disconnect users that look like they're voting repeatedly for the same item.
1 comment
[ 3.0 ms ] story [ 14.5 ms ] threadI was wondering how a websocket approach (rather than a HTTP REST API) would change the work required to rig the voting system in the way you are. It'd probably be a bit less convenient than it is right now, but I'm guessing there are probably client libraries available for Python that would let you connect to a websocket server with minimal fuss. It might make it easier to control though - you could limit based on the number of connections open per IP and disconnect users that look like they're voting repeatedly for the same item.