How to prevent referral registrations/downloads/visit by IP address?

Question

Is there a way to prevent the same person from referring itself? IP address is obviously not enough to prevent these kind of scammers that know how to game a system like these. So in the current technology, how do you prevent it from happening? I can use sending messages but these process is to extensive for user registration. I can also do credit card validation but it is also very extensive for my system.

I need to track unique visits.. How?

Answer 1

Lets look at this the analytical way.

You need to either know whether the user is already in the system at least one time.

So you need a way of recognizing a user.

There are a lot of different methods. They all vary in convinience and security.

Some of the also are secure but can by their nature not be a unique. For example a person can hold two credit cards or mail accounts.

So I will give you a list of the common ones with their specialities:

• E-Mail validation

very common, very insecure. You can make it better by blocking "junk-mail"-services, but its still very bad. For example you can use youraccount+anything@gmail.com to recieve mail. You can block that too, but there will always be leaks. Anyone can register new mail adresses)

• IP validation

Very insecure. Most poeple have danymic ip adresses and you can use proxies at any time. Only useful when wanting to confirm the same user in a short period of time. And not even that is secure.

• Cookie Validation.

Very insecure for your purpose, but very effective to confirm the same user if its in the users desire. (encrypted token are a secure teqnique)

-- lets get to the really useful stuff --

• Credit card validation

Kinda useful. There are algorithms for common credit cards publicly available to check the validity of a card. But they can be broken. So some1 can generate "valid" credit card numbers. Brute force attacks are also possible. The only way of knowing the validity is making a transaction which costs about 30 cents.

• SMS Validation. Sender numbers can be faked, so it must go the other way round. The user gives their mail adress and you send an sms with a code to enter. There are gatways available, one sms is about 2-4 cents. This teqnique is commonly used and quite useful, however it cannot guarantee that a user doesnt have more than one cell phone or numbers.

• Paper-Mail Validation

Perhapst the most secure way, but rather inconvinient. Send a letter with a code to the person. As long as the mailbox doesnt get hijacked or us mail doesnt miss-deliver its very good. You can even enhance by personal or secured mailing. Google uses that for adsense accounts. The user can fool you by having multiple adresses or have it delivered to a friends place or something or give the name of a co-worker at work keep that in mind.

• System-Serial validation

Download a tool that generates a checksum of the computer parts you have built in. Or just take the HDD serial number. This ensures uniqueness of one pc. But it can be cracked or have the miss comfort that the same user suddenly isnt recognised anymore because the hardware has changed.

• Confirmed mails

There are providers that offer mail adresses that are verified. Meaning the user has with a legally legit way confirmed their identity which is bound to to that adress. There are also providers which ensure uniqueness of users in their system. This is very useful, however not wide spread.

To sum up: SMS is probably the fastest and easiest way.

Answer 2

I think there is no way of making sure they are unique visitors without some extensive system like creditcard validation. Identifying unique visitors on the internet is next to impossible without some kind of non-internet verification. (credit card, digID (dutch), personal call)