How do you punish fraud?

Question

You've just found out that one of your users created another account to vote for his own questions and answers. After checking some data you realized the two accounts do belong to the same person.

Aside from removing the irregular reputation points, how would you punish the user?

Please describe measures that would discourage future rule violations but still encourage the user to continue contributing.

Answer 1

ban by ip in cpanel, that's what I do

Comments

I was looking for something in the terms of preventing another rule violation, mostly because I want every able man asking and answering questions. I'll add this info to the question.

Answer 2

Requiring a unique IP address is not foolproof but might work to some degree. But that depends how many users you have.

One you website has a lots of users then you start recieving complains from users been banned behind the proxy.

The only way is to charge your users some fee.

Some ideas of things to look for are:

Set a tracking cookie (i.e. random hash) and log its value on login, look for multiple logins from the same cookie value

Logins from same IP address/user-agent combination

Logins from same IP address only (less reliable than the previous two bullets)

Accounts with email addresses from free webmail services (Gmail etc.)

Accounts with same password

Answer 3

My opinion.

I think that it is very difficult to prevent voting own posts by multi account. Although stupid spamer who makes accounts by  same IP can block by IP, since It is easy to make accounts different IP, there is no method of proving that each accounts are same person.  Moreover, although user who is doing only vote can be deduced by tracing specific user's action by DB, it is not bad to see only contents without posting. This is same as spectator of sports.

When it becomes clear that it is multiuser, in addition to the method of blocking by IP, there is method of giving minus-bonus-point(-999,999) to the spam user (aided by clone account).

Answer 4

sama55's idea is good IMO - give negative bonus points. If you know your SQL you could go into the database and remove the votes given by the bad users (qa_uservotes table) then recalculate points.

To prevent it happening in the future, here are some possibilities:

1. You can disable up voting until the user has gained a few points. For example if they start on 100 points and get +10 for an upvote, then require 110 points to be able to upvote. That makes it harder for people to create multiple accounts and instantly upvote the other ones. (It also prevents any possibility of spambot automated posting/upvoting.)

2. Make a plugin to prevent a user voting for another user on the same IP. I might do this at some point.

3. Check for duplicate accounts on the same IP in your database (run a SQL query on qa_users to group by createip or writeip). Again, I might make a plugin for this when I get around to it.

4. The next version of Q2A should have some filters or approval of users.

Comments

@Scott: Please add a timestamp (or just the date) to qa_uservotes (best in v1.7). This way we will have many more options for plugins and controlling spam. I ran again into a voting spam issue... the solution would be knowing the time of voting.

We had a discussion here: http://www.question2answer.org/qa/35295/adding-a-date-field-to-qa_uservotes and I am still certain that this is necessary.