Quote:
Originally posted by rowan
What can you do? Referers are not an accurate method of authentication. You would need some sort of secret system to generate unique keys between trades to solve this problem. With so many trade scripts around there will probably never be such a standard.
Something along similar lines... for several hours I had a single IP doing HEAD requests every few seconds with the referer URL being one of my trades. I have little doubt it was someone deliberately trying to fuck up his site - the trading scripts either auto disable him for a bad raw:unique ratio, or if they count prod on raws then his productivity falls so much that the trade hardly returns anything to him.
|
What you can do?
Easy... do not disable the trade, but block the IP that is acting weird, and just log what happened so the TGP owner can decide for himself what he will do with the situation. Prevent the possible cheating from affecting your TGP, but do not overreact.
A single thing you know for sure is that if you can easily detect something as cheating, chances are that someone is doing it deliberately to fuck shit up.
Putting the decision of whether someone is cheating or not in the hands of any of the trade scripts out there at present does not work... most simply aren't advanced enough for that.
Scripts that auto-disable trades all by themselves are too easy to manipulate. Do you really want every scriptkiddie out there to have the ability to bring your site to a complete halt within a matter of minutes?