How do you abuse-proof a "Hot Or Not"-esque website

I can’t go into too much detail right now, but I’m trying to set up an Either/Or type site–the type where you see two photos and have to pick A or B, then it automatically sends you on to the next pair to judge, etc.

In order to drive traffic, I plan on having a reward go to the person who cast the most votes each month. Just a little something to get people to use the site. Problem is, this will bring with it the risk of people setting up scripts to game the machine.

How can I prevent that?

I’ve thought up a few ideas, but they all have their own weaknesses, a lot of them considerable.

Force Login through Facebook/Twitter - Lots of sites are doing it these days, and it’s the best way to keep folks on the up-and-up, but it’s enough of a deterrent when a big website does it. If anyone sees it on my site they’ll think I’m trying to hack them.

Check the time between votes - I don’t know heuristics from Annie Lennox’s old band, but I could code a little check that compares the amount of time between votes. If it’s exactly the same across, say, a few dozen votes, odds are that’s a script. Problem is, this is easily negated by a random timer in the script code.

That’s all I have so far. I know so little about vote scripts that I don’t even know how they work or what to try to combat. Can anybody out there shed some light on the whole thing and offer some advice on how to fight it?


It will be impossible to have a reward based on number of votes and for the winner to be legit.

The only solution is what recaptcha do: ask a lot of different (not random) clients about each choice.

Could you elucidate?

You’d have better luck and less work with a different award criterion. Especially if the criterion ties into the theme of the site. Since you can’t describe the site, all I can throw out is a generic example like rewarding the person who most consistently picks images the majority of the crowd also picks.

Like recaptcha does, you can rely on a majority of a statistically random sample of people telling the truth. But if you don’t get a big enough number of people voting on each image (and if you’re a new site you won’t) it will be possible for people to game the system if you just randomly select client <-> choice mappings. You need your site to deliberately seek to present each choice to as diverse a range of clients as possible.

I don’t think I could ever get the site to be popular enough to just take a sample of the results. This is gonna be a purely personal site with a very limited appeal to anyone beyond the monthly reward.

Meh. Maybe I’ll just make the damn site invite-only or something. It’s really just a means to an end, and I don’t need a lot of visitors so much as a dedicated few.

You could have them mail you paper ballots - LOL.

Heh. Actually, now that this idea has been backburnered a bit, I can let on what it’s for.

I hate editing my portfolio because I really only know the photos I like. And even then, after staring at my own photos for countless hours, I’ve kinda become numb to what works and what doesn’t.

My hope was to sift my library down to 200-300 photos, then dump them all into a “Hot or Not” site where users would be served two random photos and would decide which they liked. After a few thousand votes or so, I’d have a better idea of which were the more popular/powerful images.

Of course, as much as we all love to cast judgment and we love to look at pitchers, I’d need a little more incentive in order to keep the votes coming in. Hence the idea of giving the month’s top voter one signed, matted and framed print of their choice. And hence the need for some semblance of anti-gaming, so that some script kiddie out there isn’t borking everything.

It isn’t even the fact that he’d be getting the photo for free that bugs me so much as the fact that gaming the site would completely invalidate the results. And even though I could filter out scripters after the fact, I’d still have to be able to identify which votes were bogus, and that’d be a pain in the ass. Simpler (in theory, at least) to make the system hard to game.

Simple logic-based captchas that rotate from a database of hundreds. “Is water wet or dry?” “Which number is larger, three or eight?”

No one’s gaming that, they’re not hard to decipher, and you get your accuracy.

Ooh, that would work. Every now and then, before sending them on to the next pair to vote on, you stick a quick Voight-Kampff test in there to make sure they’re human.

Even if you do all that you still can’t detect people clicking randomly on either choice with the aim of winning your prize, rather than providing good data.

… or “click the picture of the kitten to submit”, and show five pictures, only one of which is a kitten.

If they pick a non-kitten more than once, you ban their IP for 24 hours.

You don’t need the human check when people are submiting entires, you need it before you award the prize.

I would give a tiny chance equal to 1 in (1 days clicks * 30) that a user will win a prize on each entry. If someone hits that chance then they get a redirect that collects their information. You can apply whatever human checker you want to that redirect. If they fail it (or timeout) then the prize goes unclaimed and people continue to try to win it. If they correctly fill out the form they get the prize and it is unavailable for the rest of the month.

This was you aren’t adding annoying human checks for 99.9% of the people that are voting on your site.

Just do an invite only based thing. You don’t need thousands of random people, when you can have a hundred decent folk. People from here and family would be great for that.

Funny how the best and most elegant solutions are often the simplest ones. I think I’ll go with that. Bonus is that it saves me the hassle of trying to code all these countermeasures.

I’ll be one of your volunteers if you’d like too :)