I have an online contest where people vote for a sports team by filling out an html form.
When looking at the data on any given day, we notice that we often get hundreds of votes per hour coming from the same IP address. Yesterday we got hundreds of per hour from 111.111.111.111 and 222.222.222.222. Then today, we get hundreds of votes per hour from 333.333.333.333 and 444.444.444.444 and 555.555.555.555. I automatically suspect foul play such as a bot, or perhaps a team of employees from the same building voting on behalf of other users.
However, when i ran an sql query to show votes per hour, I noticed that the votes from these IP addresses spiked around noon and late nights between 9pm and midnight. I'd imagine this is consistent with real user voting behaviour, because people want to vote during their non-work hours.
I'm confused, the IP addresses seem to imply foul play, but the votes per hour seem to imply legitimate votes.
So my question is: Is it possible for entire cities and towns to use the same IP address? I'd like an explanation on how IP addresses work so that I can determine if it is an effective way to detect foul votes.
IPs are not shared as much today as they were 20 years ago. Fact is, so many different IPs are issued that the IPv4 pool is being drained out and we are close to having to resort exclusively to IPv6 to expand the IP pool.
Anyway, this is definitely fool play. Input a limit on each IP and a ban after too many attemps to vote from the same place and you should be fine. Depending on your system/implementation, you could use cookies, look client details (navigator used, etc...),... to separate multiple users with the same IP.