有什么聪明的方法可以保护自己免受sybil攻击吗? (除了cookie，用户代理字符串，ip地址) [英] is there any smart way to defend yourself against sybil attacks? (apart from cookies,user agent strings,ip addresses)

问题描述

你好！
我正在设计一个网站，该网站的功能之一就是论坛.在这个论坛中，用户可以投票赞成/反对对方的帖子.
我的大问题是:如何阻止一个用户创建多个帐户并投票支持自己的帖子?
当他们创建登录名时，我无法要求提供信用卡信息来认证用户，因为这会阻止很大一部分用户.但是，有没有什么聪明的方法可以防御sybil攻击呢? (除了cookie，用户代理字符串，ip地址)

任何建议将不胜感激！

hello!
I am designing a website, and one of the features of the site is a forum. In this forum users get to vote up/down each others posts.
My big question is : how do I stop one user from creating multiple accounts and voting up his own post?
I cant ask for credit card info to certify users,when they create a login because that would deter a large section of the users. But is there any smart way to defend yourself against sybil attacks? (apart from cookies,user agent strings,ip addresses)

Any advice would be very much appreciated!
Thank you in advance!

推荐答案

您可能可以通过禁止人们使用免费电子邮件域(例如hotmail或gmail)进行注册来缓解这种情况.

您可能还可以进行一些取证评估，以查找从相同ip地址登录的帐户，然后禁用除最旧帐户以外的所有帐户(假设最旧的帐户将是原始帐户).

CodeProject遇到这种问题.

You can probably mitigate it by not allowing people to register with free email domains, like hotmail or gmail.

You can also probably do some forensic evaluations to find accounts that login from the same ip address, and then disable all but the oldest of those accounts (assuming the oldest account is going to be the original one).

CodeProject experiences this kind of problem.

这篇关于有什么聪明的方法可以保护自己免受sybil攻击吗? (除了cookie，用户代理字符串，ip地址)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！