AutoRank PHP has several methods of cheat protection including complete IP tracking, banned IPs, proxy detection, sessions, and cookies. Here we will discuss how they work, and what type of cheating they prevent. We will also discuss the cheat log so you can understand how to interpret it.
Complete IP Tracking
The first method of cheat protection is complete IP tracking. Put simply, a log of IP addresses is kept for each member. Each time a new click is sent, the script checks the IP logs to see if that IP has clicked through before. If it has, the click is not counted and a cheat is (optionally) recorded in the cheat log. In setup.php you can tell the software how often it should clear the IP logs. If you only want one hit per IP per day, set that value to 86400. To keep the software execution times and sever load low, we recommend that you clear the IP logs at least once each day.
The IP tracking used by AutoRank PHP is different than that used by most competing software. Most other scripts keep a single IP log which is then used for all members. What this means is that once an IP clicks through for one account, it will not be able to click through for any other accounts. Does that sound fair? Well it didn't to us, so with AutoRank PHP it is possible for a single IP address to give a hit to each account.
Each time a surfer comes to your site through the in.php script a new and unique session ID will be generated. You will be able to set the amount of time that session is valid for. Once a surfer has clicked on a link to your site, they will have x number of seconds to click on one of the sites in your list before the session expires. If the session expires before they click, the hit will not be counted. If the session does not expire before they click, the hit will be counted and the session will be deleted - no one else will be able to use that session.
The software allows you to ban IP addresses that you suspect of cheating. Any hits coming from these IP addresses will be rejected, if you have the banned IP option enabled.
In order for an incoming hit to be credited to an account, the surfer must first click on an outgoing link in your list of sites. This acts as a buffer so that a hit isn't instantly counted when a surfer comes to your site through in.php, and allows for better tracking of real live surfers.
What this does is look at the HTTP headers sent with a request to determine if the surfer is using a proxy to make the request. If the headers are there, the hit is ignored. Please note that this is not 100% effective against proxy servers. In our research we found that only about 60% of proxy servers send the extra HTTP headers that are required to determine if it is a proxy server.
Why block proxy servers? Using proxy servers is a way that many automated hitbots will use to increase their hit count. Using a different proxy server for each hit will change the IP address of the hitbot, and the software will think that it is coming from a new user. Because there are many publicly accessible proxy servers, obtaining a large number of unique IP addresses is possible - hitbots can theoretically produce several thousand false hits per day using public proxy servers.
What about valid proxy requests? Some ISPs today do use proxy servers, which means that if you enable the proxy filtering some valid hits will not be counted. This is a side effect of the proxy filtering, but we feel that you would rather block out a few valid hits in order to protect yourself from hundreds or thousands of invalid hits. This may lower your overall total in hit count, but the distribution should be fairly even over all of your members, thus giving a fair ranking result.
In this section we will discuss the entries you will find in the cheat log.
This cheat message indicates someone with the listed IP address clicked through more than one time for an account.
This cheat message indicates someone used the same browser to click through more than one time for an account.
This message indicates that the user trying to send a hit was using a proxy server to make their request. These cheat messages will only appear if you have the proxy filtering option enabled. In some of these messages you will find 2 IP addresses, with one in parenthesis. The first IP address is the IP address of the proxy server, and the second one in parenthesis is the IP address that this request was forwarded for. This allows you to see the real IP address of the person making the request. Please note that not all proxy servers will provide the second IP, so some of these cheat messages will only contain the IP of the proxy server.
This message indicates that the surfer clicked on an outgoing link after the session had expired. This is probably not something to be worried about unless you see it happening many times for the same account.
This message indicates that the surfer tried to use a session ID that had already been used. Session IDs can be used only a single time.
This message indicates that the surfer is using a browser which is not supported by the software. 99% of todays browsers are supported, so this will mostly filter out hitbots trying to send you bogus hits.