Search robots pressing my button...? Can I prevent that?

Question

I have a site with content that can be "liked". Not using any api for this, its a custom like button, simply incrementing the "like" stats for the piece of content.

Now, I have a views counter, on each page load, and a like button. Upon pressing the like button, it gets disabled for any consecutive likes for that page life cycle.

I am experiencing an issue, where my likes are more than my views.. which in theory should not be able to happen. I have since implemented some java code to de-wire the button (hide the element basically), and I have also added some server side code for robots that ignore java.

Ons server side button press, I set a session variable, and exit out of any consecutive events that get raised if this session variable is set for that instance of the page.

I have gotten it down to at maximum two or 3 events that get fired when I rapidly click on the button to past back. Only after the 2nd/3rd run has enough time lapsed to recognise the session variable, and the event code is ignored. Before my session var trick, you could rapidly click the button 10 times, and it would increment 10 likes before the page eventually posted back and disabled the button.

So, down to 2 or 3 isn't bad, But I am consistently getting more likes than views on some content.

• My views are counting fine, I double checked that.
• My likes definitely only catch the first disable/session var trigger/event after a couple of unwanted event fires... (rapidly clicking)
• I suspect its search engines maybe following links...?

Supplementary info: jquery button disable:

<script type ="text/javascript">
    function pageLoad() {
        $('#<%=vidUpB.ClientID%>').click(function () {
            $(this).css("display","none")
        });
    }
</script>

Any ideas?

Answer 1

When bots find POST request to some url, they like to send GET request there to peek around. If they like what they see, the link can get cached and you can get additional GET requests for that url from time to time. Nasty bots don't follow robots.txt, only way how to deal with them is to put some unobtrusive captcha in their way - like require like request to be POST request and check that hidden input field remains empty.

<asp:TextBox ID="txtKeepEmpty" runat="server" style="display:none" />
<asp:Button runat="server" OnClick="btnLike_Click" Text="Like" />

protected void btnLike_Click(object sender, EventArgs e) {
  if (IsPostBack && 
    Request.HttpMethod == "POST" && 
    string.IsNullOrEmpty(txtKeepEmpty.Text)) {
    // update
  }
}

Also session storage is based on session key - which is a cookie. Every time user delete session cookie he start a new session. When he disable cookies for good (some users are doing that) it will create new session for every request he fire.