How do you prevent gaming of page views?

Asked 2/3, 2011 at 17:35 Answered 2/3, 2011 at 17:56

Say I have a site with pages. Pages are ranked based on the number of times they have been viewed. It is good for a page to be highly ranked because it will make it show up higher in my search results. Hence, the author of a page may try to game the system to increase that particular page's views.

So how do you prevent that while still keeping a quasi-accurate count?

I have come up with the following "scheme":

A user can only affect the page view once per session. This is what I would normally expect. If a user returns to the site later and views the page again, it should count as another page view.

The problem is that this makes the page view increment vulnerable to a script that clears its cookies before each request. The easiest solution to this problem would be to save the ip-address and only allow the same ip-address to increment page count once. This however has several major drawbacks; First of all, this would potentially take up a lot of storage, and second of all would prevent users on big LANs from incrementing page count. Lastly, a user cannot revisit a page and increment the page view more than once from the same ip. I can live with that, but would rather live without it.

The best method I can come up with off the top of my head would be to save the last X ip-addresses, and not let anyone from these ip-addresses affect the page view count. This would effectively stop any (simple) script from raising the page view count. Furthermore it would probably be a good idea to add a delay to the display of actual view count (basically keeping two counts and a datetime field for when the "display" count was last updated with the "actual" count, something I believe is done on the SE sites).

This is not a perfect solution, so I would be happy to hear your suggestions and/or comments.

Mute answered 2/3, 2011 at 17:35 Comment(3)

Furthermore it would probably be a good idea to add a delay to the diplay of actual view count <- aka buffered display or cached output – Jezebel 2/3, 2011 at 17:49

Have a "are you a douchebag user?" test before allowing them on the site. If they fail, don't let them in. :-) – Conductor 2/3, 2011 at 17:54

@glowcoder, hehe, but would the site have any users at all then? – Mute 2/3, 2011 at 17:59

Don't prevent: monitor and handle.

I would use a very different approach. Let the page views stay the same, but have reporting in place to looks for view-gaming. If a page gets gamed, you can find out who is responsible, give them a warning and a page-view penalty. If it continues, ban them.

Conductor answered 2/3, 2011 at 17:56 Comment(6)

Wouldn't it be even better to both monitor/handle and prevent? +1 – Mute 2/3, 2011 at 17:58

That depends. Is gaming currently a problem? I mean, are people currently gaming the system very often and it needs to be prevented? There's no need to put a system in place that will prevent a problem that isn't happening. – Conductor 2/3, 2011 at 18:1

I think that's a good point. Gaming behavior should be fairly obvious if you know what your're looking for. Figure out what it would take to game your system, then figure out patterns of behavior that would signal that someone was gaming, and then you can take action. – Any 2/3, 2011 at 18:2

@glowcoder. No, it's not currently a problem, the system is in the development phase and I just wanted to throw in some simple prevention mechanism. It's not like it's a huge effort to implement, but your point is good none the less. – Mute 2/3, 2011 at 18:18

@Richard, is parsing log files really that much easier though? – Mute 2/3, 2011 at 18:19

@Klaus: I don't know about easier or not, but I think it is more reliable . . . i.e. you will NEVER get the page views completely figured out (there really is no way to positively I.D. someone if they have cookies disabled, or have cleared their cache), but I think you can, with a high degree of accuracy, pinpoint gaming activity. – Any 2/3, 2011 at 18:23

I think that you should consider the reported characteristics of the browser as well. Browser fingerprinting has been done before and is well publicized. You can then figure out some pretty advanced heuristics on determining whether the same user is trying to game you. But don't publicize that you're using browser fingerprinting of course. Also, it won't stop incognito mode, but I'm just trying to give you one more avenue of thought to follow, in addition to your current IP oriented strategies.

Jezebel answered 2/3, 2011 at 17:45 Comment(0)

Recommended topics

Hot tags