[Django]-Spam proof hit counter in Django

8👍

Logging an IP is probably the safest. It’s not perfect, but it’s better than cookies and less annoying to users than requiring a signup. That said, I’d recommend not bothering with saving these in a DB. Instead, use Django’s low-level caching framework. The key would be the ip and the value a simple boolean. Even a file-based cache should be pretty fast, though go with memchached as the cache backend if you really expect heavy traffic.

Something like this should work:

ip = request.META['REMOTE_ADDR']
has_voted = cache.get(ip)
if not has_voted:
    cache.set(ip, True)
    #code to save vote goes here

8👍

There is no foolproof way of preventing someone from artificially inflating a count. Rather, there’s the extent to which you’re willing to spend time making it more difficult for them to do so:

  • Not at all (they click refresh button)
  • Set a cookie, check cookie to see if they were already there (they clear cookies)
  • Log IP addresses (the fake a different IP every time)
  • Require signin with an email they respond from (they sign up for multiple email accounts)

So, in the end, you just need to pick the level of effort you want to go to in order to prevent that users from abusing the system.

1👍

You could send them a cookie when they access it and then check for that cookie. It can still be gamed, but it’s a bit harder.

Leave a comment