Protecting against fraudulent reviews

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
directone
Forum Newbie
Posts: 2
Joined: Mon Jun 04, 2007 12:15 am

Protecting against fraudulent reviews

Post by directone »

What's the best way to get some medium level security for my web site's product reviews. What I want to protect against is someone logging in from one computer with multiple user names and writing lots of rave reviews about their own product.

I know a cookie can help, but don't most people disable or clean cookies these days?

Anyone know how amazon et.el. do this kind of thing?

What about eBay's shill bidding algo. Is this in the same field.

Looking for some jump off points to get my research going. Even clues on the right keywords to search for would be great.
Any help greatly appreciated.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

I'd create a sort of rating system for the users themselves. Keep track of the time the user has been a member, the average review score that they give, and base how much affect they have on the overall score on that.

As for preventing them from even writing the review.. That sounds unfair.
User avatar
maliskoleather
Forum Contributor
Posts: 155
Joined: Tue May 15, 2007 2:19 am
Contact:

Post by maliskoleather »

log the IP address of each comment posted, then when say, 2 or more post(reviews) by the same IP show up, have it throw a flag to the admin or something, so that it can be checked out. Or just plain deny more than one comment on an item by the same IP.
User avatar
TheMoose
Forum Contributor
Posts: 351
Joined: Tue May 23, 2006 10:42 am

Post by TheMoose »

The length of membership isn't exactly reliable, though. If a client has been a member for 8 years but is spamming their product, those reviews should be considered irrelevant. Likewise, if a client has been a member for a day, but provides a valid review of a product, it should weigh a little more than someone who's spamming reviews.

You can cookie a product, but that isn't reliable. You can track IP, but again, unreliable. I'd suggest something like Newegg and a lot of other sites. Don't restrict reviews, but instead have a rating of the specific review itself. People can click "Was this review helpful?", yes/no, and given a certain limit, hide that review. Say if 40% of the total number of votes (either pro/con) for ALL reviews on that product clicked No to a review, you hide that review because it was deemed irrelevant, or invalid. You should still allow them to go to that review, however, by means of a "show all reviews" type setup.
directone
Forum Newbie
Posts: 2
Joined: Mon Jun 04, 2007 12:15 am

Post by directone »

There seem to be lots of sites that can remember your settings even if you have cookies disabled or cleaned up by a sweeper.

I'm thinking of sites like amazon and ebay that bring up things like "Hello, mr.user! (Not you? Sign in)"

How do they do that if not with cookies?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Likely, IP. They may do a bit more intensive look or tracking, but it most likely is based on IP.
User avatar
AKA Panama Jack
Forum Regular
Posts: 878
Joined: Mon Nov 14, 2005 4:21 pm

Post by AKA Panama Jack »

Most sites key the review the the invoice for the item that was sold.

In otherwords only people who actually bought the product from you would be able to post a review on the product. You give them the option to post a review for up to 30 days after the item shipped. You key it to the invoice and product number in the invoice with ship date.

Not that hard and prevents spamming as only buyers can actually post a review.
christus
Forum Newbie
Posts: 5
Joined: Wed Jun 06, 2007 2:03 pm

Post by christus »

Unfortunately that model would restrict a buyer of the same product from another site from posting a useful review.
User avatar
AKA Panama Jack
Forum Regular
Posts: 878
Joined: Mon Nov 14, 2005 4:21 pm

Post by AKA Panama Jack »

christus wrote:Unfortunately that model would restrict a buyer of the same product from another site from posting a useful review.
If you don't do something similar your product reviews will be overtaken by link spammers fairly quickly. Then you need to have someone full time going through and deleting review spam everyday. I know from experience. :)
Rovas
Forum Contributor
Posts: 272
Joined: Mon Aug 21, 2006 7:09 am
Location: Romania

Post by Rovas »

My idea one: register users that review and one review per user it can edit later if he wanted. It' s much more simpler to implement and many sites do this. You can propose prizes for members or rebates, etc to attract registered users.
Post Reply