I already looked at the most popular Django hit counter solutions and none of them seem to solve the issue of spamming the refresh button.
我已经看过最受欢迎的Django热门计数器解决方案,但它们似乎都没有解决垃圾邮件刷新按钮的问题。
Do I really have to log the IP of every visitor to keep them from artificially boosting page view counts by spamming the refresh button (or writing a quick and dirty script to do it for them)?
我是否真的必须记录每个访问者的IP,以防止他们通过垃圾邮件刷新按钮(或编写一个快速而脏的脚本来为他们执行)来人为地提高页面查看次数?
More information
So right now you can inflate your view count with the following few lines of Python code. Which is so little that you don't really need to write a script, you could just type it into an interactive session:
现在,您可以使用以下几行Python代码来扩充您的视图计数。你真的不需要写一个脚本,你可以把它输入到一个交互式会话中:
from urllib import urlopen
num_of_times_to_hit_page = 100
url_of_the_page = "http://example.com"
for x in range(num_of_times_to_hit_page):
urlopen(url_of_the_page)
Solution I'll probably use
To me, it's a pretty rough situation when you need to do a bunch of writes to the database on EVERY page view, but I guess it can't be helped. I'm going to implement IP logging due to several users artificially inflating their view count. It's not that they're bad people or even bad users.
对我来说,当你需要在每个页面视图上对数据库进行一堆写操作时,这是一个相当粗糙的情况,但我想它无法帮助。由于一些用户人为地夸大了他们的观看次数,我将实施IP日志记录。并不是说他们是坏人,甚至是糟糕的用户。
See the answer about solving the problem with caching... I'm going to pursue that route first. Will update with results.
看看有关缓存解决问题的答案......我将首先尝试这条路线。将更新结果。
For what it's worth, it seems Stack Overflow is using cookies (I can't increment my own view count, but it increased when I visited the site in another browser.)
值得一提的是,Stack Overflow似乎正在使用cookie(我不能增加自己的查看次数,但是当我在另一个浏览器中访问该站点时,它会增加。)
I think that the benefit is just too much, and this sort of 'cheating' is just too easy right now.
我认为这样做的好处太多了,这种“作弊”现在太容易了。
Thanks for the help everyone!
感谢大家的帮助!
3 个解决方案
#1
8
Logging an IP is probably the safest. It's not perfect, but it's better than cookies and less annoying to users than requiring a signup. That said, I'd recommend not bothering with saving these in a DB. Instead, use Django's low-level caching framework. The key would be the ip and the value a simple boolean. Even a file-based cache should be pretty fast, though go with memchached as the cache backend if you really expect heavy traffic.
记录IP可能是最安全的。它并不完美,但它比cookie更好,对用户来说不如需要注册。也就是说,我建议不要在数据库中保存这些内容。相反,使用Django的低级缓存框架。关键是ip和值是一个简单的布尔值。即使是基于文件的缓存也应该非常快,但如果你真的希望有大量的流量,那就去memchached作为缓存后端。
Something like this should work:
像这样的东西应该工作:
ip = request.META['REMOTE_ADDR']
has_voted = cache.get(ip)
if not has_voted:
cache.set(ip, True)
#code to save vote goes here
#2
8
There is no foolproof way of preventing someone from artificially inflating a count. Rather, there's the extent to which you're willing to spend time making it more difficult for them to do so:
没有万无一失的方法可以防止某人人为地夸大计数。相反,你愿意花多少时间让他们更难以这样做:
- Not at all (they click refresh button)
- 完全没有(他们点击刷新按钮)
- Set a cookie, check cookie to see if they were already there (they clear cookies)
- 设置一个cookie,检查cookie以查看它们是否已经存在(它们清除了cookie)
- Log IP addresses (the fake a different IP every time)
- 记录IP地址(每次伪造不同的IP)
- Require signin with an email they respond from (they sign up for multiple email accounts)
- 需要使用他们回复的电子邮件登录(他们注册多个电子邮件帐户)
So, in the end, you just need to pick the level of effort you want to go to in order to prevent that users from abusing the system.
因此,最后,您只需要选择您想要的工作量,以防止用户滥用系统。
#3
1
You could send them a cookie when they access it and then check for that cookie. It can still be gamed, but it's a bit harder.
您可以在访问时向他们发送cookie,然后检查该cookie。它仍然可以被游戏,但它有点难。
#1
8
Logging an IP is probably the safest. It's not perfect, but it's better than cookies and less annoying to users than requiring a signup. That said, I'd recommend not bothering with saving these in a DB. Instead, use Django's low-level caching framework. The key would be the ip and the value a simple boolean. Even a file-based cache should be pretty fast, though go with memchached as the cache backend if you really expect heavy traffic.
记录IP可能是最安全的。它并不完美,但它比cookie更好,对用户来说不如需要注册。也就是说,我建议不要在数据库中保存这些内容。相反,使用Django的低级缓存框架。关键是ip和值是一个简单的布尔值。即使是基于文件的缓存也应该非常快,但如果你真的希望有大量的流量,那就去memchached作为缓存后端。
Something like this should work:
像这样的东西应该工作:
ip = request.META['REMOTE_ADDR']
has_voted = cache.get(ip)
if not has_voted:
cache.set(ip, True)
#code to save vote goes here
#2
8
There is no foolproof way of preventing someone from artificially inflating a count. Rather, there's the extent to which you're willing to spend time making it more difficult for them to do so:
没有万无一失的方法可以防止某人人为地夸大计数。相反,你愿意花多少时间让他们更难以这样做:
- Not at all (they click refresh button)
- 完全没有(他们点击刷新按钮)
- Set a cookie, check cookie to see if they were already there (they clear cookies)
- 设置一个cookie,检查cookie以查看它们是否已经存在(它们清除了cookie)
- Log IP addresses (the fake a different IP every time)
- 记录IP地址(每次伪造不同的IP)
- Require signin with an email they respond from (they sign up for multiple email accounts)
- 需要使用他们回复的电子邮件登录(他们注册多个电子邮件帐户)
So, in the end, you just need to pick the level of effort you want to go to in order to prevent that users from abusing the system.
因此,最后,您只需要选择您想要的工作量,以防止用户滥用系统。
#3
1
You could send them a cookie when they access it and then check for that cookie. It can still be gamed, but it's a bit harder.
您可以在访问时向他们发送cookie,然后检查该cookie。它仍然可以被游戏,但它有点难。