Limiting anonymous ratings intelligently?

Question

This is an odd one for me. I have a client who wants a 5 star anonymous rating system for their site. I decided instead of using somebody else's solution now would be a good time to dig into backbone/underscore, using this as a jumping in point.

The issue is that I'm not sure how I should rate limit anonymous connections to avoid abuse of the rating system?

My initial thought was to do 1 rating every 2 seconds, 15 ratings a minute, and 200 an hour allowances to each IP. This has the issue of possibly limiting those under a large NAT though. I could fix that with mixing in the user agent, but then I run into the issue that they can easily fake that every request to circumvent the entire limiting system. I could try cookies, but again, they're easily removed.

Any thoughts on a proven solution for this? Thanks

Answer 1

I suggest to identify different anonymous users by combination of IP and user agent. About rate limiting - 1 rating every 2 seconds is too often, how about 1 rating per day?