Help me keep my game from being gamed
December 14, 2013 8:23 AM Subscribe
I'm developing a website where people try to be click number X (sort of like radio call-in contests) to win a prize, and am looking for advice on ways to make it harder for someone to cheat.
posted by signal to Computers & Internet (13 answers total)
The mechanics are:
1- user logs on to the website
2- clicks on big button
3- the site responds with "you are click #X". If it's, say, number 100,000, user wins prize.
So far my ideas to make it less cheatable are:
A- Users have to identify with their national ID number. The payout will be to the person with the matching national ID card, so you couldn't make sockpuppets (or you would need 1 real person per sockpuppet or fake IDs).
B- If the same user clicks more than once every 15 seconds or so, the minimum time between clicks increases progressively (or they have to input a captcha?) so as to rule out bruteforce attacks.
C- Each pageload is associated with a one-time unique hash associated with the user, which is included in the click POST, and has to match.
My backend is Django 1.6, deploying on Heroku.
Any ideas, criticism or obvious holes are welcome.