So if everyone ever wants to make a competition where people can win something and wanna use a community driven rating system... here i share some experiences:

The bad:
1) First it cant be made secure for 100%
2) to reach a mass of users which filters out all the nonsense ratings is very hard 3) Forget about star ratings in that case... their is always either 5 Stars or 1 Star

The good
1) Dont give them orientation about where they stand... We replaced the "Order by place" view with a random presentation of the TOP 100 (only the top 30 wll win a price)... This really helped because a lot of users lost their interest as soon as they didnt see where they stood.

2) Don't allow votings like: 1x5_Stars 40x1_Star... Just allow users which vote in a fair way...

3) Most of them act a little bit stupid... You'll see them in your logs and can trace down who votes fair and who unfair... Search for patterns...

**GOOD LUCK ;-) **

Have you tried to do browser fingerprinting? Check this open source from EFF: https://panopticlick.eff.org/ Could be used to identify one person similar to 500-1500 in the world (!).

1.Use recaptcha
2. Yes randomize your voting options but not like this:
      -> from vote_id_1 to asdsasd_1, grdsgsdg_2,
      Instead use session variables to set a mask from vote_id_1 to asgjdas87th2ad in the vote form.

The Vote to Promote pattern (you may be aware of it) has a section on how to mitigate against gaming - but it is a tricky one to avoid altogether. Given your actions to date I would consider using weighting, for example consider a reasonable level of voting over a time period, say 10 votes per ting per hour (just an example not a guide) and for surplus votes weight the next 10 at 90% (ie only count 9), the next 10 at 80% and so on. This is Yahoo's advice on gaming within this pattern:

Community voting systems do present a number of challenges. Particularly the possibility that members of the community may try to game the system, out of any number of motivations:

• malice - perhaps against another member of the community and that member's contributions.

• gain - to realize some reward, monetary or otherwise, from influencing the placement of certain items in the pool)

• or an overarching agenda - always promoting certain viewpoints or political statements, with little regard for the actual quality of the content being voted for.

There are a number of ways to attempt to safeguard against this type of abuse. Though nothing can stop gaming altogether. Here are some ways to minimize or hinder abusers in their efforts:

• Vote for things, not people. In keeping with Yahoo's general strategy, don't offer users the ability to directly vote on another user: their looks, their likeability, intelligence, or anything else. It's OK for the community to vote on a person's contributions, but not on the quality of their character.

  • Consider rate-limiting of votes. o Only allow the user a certain number of votes within a given time-period. o Limit the number of times (or the rate at which) a user votes down a particular user's content. (To prevent ad-hominem attacks.)

  • Weigh other factors besides just the number of votes. Digg, for instance, does not calculate their Digg-score solely on the number of votes a submission receives. Their algorithm also considers: "story source (is it a blog repost, or the original story), user history, traffic levels of the category the story falls under, and user reports." They update this algorithm frequently. Consider keeping the exact algorithm a secret from the community, or only discuss the factored inputs in general terms.

• If relationship information is available consider weighting user votes accordingly. Perhaps prohibit users with formal relationships from voting for each other's submissions.

While this is currently a popular pattern on the Web, it is important to consider the contexts in which we use it. Very active and popular communities (Digg is an excellent example) that enable community-voting can also engender a certain negativity of spirit (mean comments, opinionated cliques, group attacks on 'outlier' viewpoints).

How about only allow users who logged in with openid and with reCaptcha before submitting the vote, and monitering the submitter list with same ip address.

You may add captcha to voting form. Also requiring e-mail confirmation will be useful