x
  • IP Copied!
    Click to Copy IP
    0 Players Online
  • Join our Discord!
    0 Users Online
  • [Preventing Bumping In Voting] Do you see any flaws in my idea?

    Discussion in 'Discussion' started by Sky_Trade, Oct 24, 2017.

    1. Sky_Trade
      Offline

      Sky_Trade Active Member

      Joined:
      Oct 17, 2017
      Messages:
      40
      Likes Received:
      6
      Hi everyone!

      I am thinking about sending an email to http://minecraftservers.org (on the contact page) on my idea to stop bumping.

      Toggle spoiler to see my draft
      Hi there,

      I would like to help you stop people from voting for an account that is not theirs.
      Here is my plan:

      + Adding the following command /voterpassword <password> to your plugin

      * Modify a login to their website: [MinecraftUsername] [Password from the command]

      + You would use their minecraft player-id then translate it to their username just in case people change their in game name

      - [also if a player doesn't use /voterpassword then anyone can still vote on their account]

      It would be awesome if you add this :)
      *Name Censored*
      Things I want to see in the comments:
      1. Better drafts of my email
      2. Thoughts on if the owners/maintainers of http://minecraftservers.org will reply or even think about adding it to their website/plugin
      3. If you can see a flaw or something that can't be implemented (will it work)
      4. Other relevant stuff

      Thanks in advance for your input.
       
      Last edited: Oct 26, 2017
    2. Chipemunk
      Offline

      Chipemunk twink

      Joined:
      May 23, 2016
      Messages:
      852
      Likes Received:
      310
      The problem is if you make it too complicated to vote it will just put people off. I also don't think they will go to so much effort to stop vote bumping.
       
      • Like Like x 1
    3. Sky_Trade
      Offline

      Sky_Trade Active Member

      Joined:
      Oct 17, 2017
      Messages:
      40
      Likes Received:
      6
      1. That is why I left this in the draft
      and if you get bumped so you don't get a rank, then you are obv gonna use this
      2. I would go through any amount of effort to resolve my last flaw ;P
       
      Last edited: Oct 26, 2017
    4. Acceptation
      Offline

      Acceptation ❤️ Discord Moderator Premium

      Joined:
      Jun 29, 2017
      Messages:
      8,019
      Likes Received:
      1,071
    5. Sky_Trade
      Offline

      Sky_Trade Active Member

      Joined:
      Oct 17, 2017
      Messages:
      40
      Likes Received:
      6
      Thanks!
       
    6. lokadd
      Offline

      lokadd Experienced Member

      Joined:
      Aug 18, 2017
      Messages:
      531
      Likes Received:
      173
      agreed
       
    7. BlueExplorer
      Offline

      BlueExplorer Experienced Member

      Joined:
      Mar 4, 2016
      Messages:
      238
      Likes Received:
      45
      Yes overall I would agree that there needs to be some kind of a security feature in place to prevent your account from being taken over.

      The single largest concern I have is that they probably will not implement any changes and they will just ignore your idea. I suspect that they do not want to limit anyone from voting and may be concerned that adding any form of a password will only make it more difficult to use their website. Remember they are making money off the ads and so the more people to use their services the better for them.

      I honestly suspect that there are not too many other sites out there, like MineVerse, that are as generous and give out such generous rewards tied to voting. I've seen others, but most of them are just one reward per month, and some are from a random drawing. My point is that overall, I think there is very little concern with bumping? I could be wrong too. But I suspect its not a problem on servers that offer no rewards.

      I honestly do not follow the logic of your request. Is that all the "same" single solution or are you offering a few different suggestions there? I do think you need to simplify the point you are trying to make so they can better understand the need for the request, and then better understand what changes they can make to help you bring about those changes.

      I've been thinking about this too for a number of months.... let me see if I can put together what I've had in mind... this is just a rough draft too... so use with caution. ;)

      Hope this is useful and best of luck!

      Blue

      - - - - - -

      Greetings, to whom it may concern, I would like to bring to your attention a very specific issue we are experiencing with your website and a possible unobtrusive solution that could solve them.

      The issue we are having is that a number of individuals are wrongfully voting for other people's accounts, on servers they do not play, in order to attempt to alter that player's rewards, both a daily voter reward, and also a monthly top voter reward.

      I propose to prevent unauthorized voting through the use of an optional passcode that can be entered within the name field as the standard minecraft username. The format will be as follows, and is optional, but still provides a high degree of protection.

      <username>:<passcode>

      The passcode should not be a full password. All it needs to be is a number between 4 and 8 digits in length.

      The intended way this should work is that if someone enables a passcode for their account, their vote will only be counted if their name is immediately followed by a colon and then the passcode. If no passcode is provided, or the passcode is wrong, then the system should indicate that the cast vote was successful and ignore the vote request. This would be to prevent others from figuring out what the real code may be.

      I cannot provide a fool-proof way to properly identify who actually owns the accounts, but inspiration can probably be drawn from how namemc.com validates their users. If a similar methodology is provided to login, then this method should be used to change or remove the passcode so there would be no need to maintain accounts or passwords. Optionally, these passcodes can be setup to only be valid for a few months at a time to help with forgotten passcodes and players that cannot figure out how to log back in.

      If a player chooses not to add a passcode then their accounts will behave as they do currently.
       
    8. Sky_Trade
      Offline

      Sky_Trade Active Member

      Joined:
      Oct 17, 2017
      Messages:
      40
      Likes Received:
      6
      [​IMG]
      See the passcode box? Ideal setup for implementation.
       
    9. BlueExplorer
      Offline

      BlueExplorer Experienced Member

      Joined:
      Mar 4, 2016
      Messages:
      238
      Likes Received:
      45
      That may work... but I like my screen print below better (includes my accounts too)... ;) lol Also I added a link "Learn more about Passcodes" which should help provide more information for those who are wondering about it... kind of to help remove some confusion?

      Ok... so the reason why I was suggesting it to be a simple single field is for a few reasons:
      1. less changes they have to make to their website
      2. Less changes they have to make to their server's back end... they don't have to add any new fields to watch/load/deal with. Its still just the same as before. All they need to do is to split the username field on ":" and if there is a second part to it, then perform the simple test.
      3. The passcode field may not be treated like a password field by all browsers. Therefore if it is separate, as you have shown, your browser may not store that passcode for you and you may have to enter it each and every time to go to vote. That could make it a deal breaker for most users, especially the first time they forget it.
      4. If you have more than one account that you vote for on a daily basis, it may be difficult to remember the passcode for each account. If its all in one field, then the browser will remember it for you since its part of your username. Also less clicks and less selections.
      5. Having a second field for passcode may cause confusion since users may think they must provide a "password" in order to vote and may not try to vote without it. The field placeholder could say "Optional Passcode" but it could be seen as a potential barrier that could make the site more difficult to use.

      Either should be good, but I can see a single field, including the optional passcode, could keep it super simple.

      If you do submit your suggestion with the second field, consider changing the placeholder to "Optional Passcode" to make it a little clearer that it is optional. And add a "Learn more about Passcodes" link to help with the learning curve and to get more people to use them. :)

      Best of luck!
      Blue

      [​IMG]
       
    10. Sky_Trade
      Offline

      Sky_Trade Active Member

      Joined:
      Oct 17, 2017
      Messages:
      40
      Likes Received:
      6
      Agreed.
      which is why the passcode option is 'optional' -if you do not add a passcode in-game then you do not need to enter a passcode on the website. You choose, same or passcode
      The votifier plugin was made for a reason, to encourage people to vote. There is mainly no point in voting if there are no rewards.
      Its the same solution.
      /voterpassword <password> submits the password to their website associated with your username, so if someone tries to vote for you the website will ask for a password
      This is awesome, but I'm not keen on the whole username : password thingy. Two boxes, username and password is how other websites go at it, why not this one?
       

    Share This Page