Issue: The "was this reply helpful", "I have this problem too" and "was this article helpful" functionality can be automated to place a large number of votes; all the attacker must do is block attempts to set the SUMO_ANONID cookie. Steps to reproduce: 1) Navigate to the specified URL 2) Vote using one of the aforementioned buttons 3) Observe the vote is counted 4) clear cookies 5) repeat steps 1-3 Resolution: It would be nice if we could do something to prevent automated abuse of this feature. Possibilities could include rate limiting requests from a particular IP or implementing a CAPTCHA.
We specifically decided these were too low-interest as a target to care. We could rate-limit voting by IP but there is no particular incentive to automate voting for a question or answer, and that risks punishing legitimate users behind NAT. We're not going put a CAPTCHA on our lowest-barrier method of engagement. Given the type of interaction that recommendation doesn't make sense.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WONTFIX
That's fine. Thanks
These bugs are all resolved, so I'm removing the security flag from them.
You need to log in before you can comment on or make changes to this bug.