Built-in anti-spoofing technology
By default, the system can detect multiple responses from the same IP address and flag this behavior as "ballot box stuffing" or "spoofing", requiring the participant to sign in with their social media account before proceeding.
This setting is controlled on the main customer settings page, but can be enabled or disabled on specific projects by toggling the "Require login if multiple responses received from same IP address" option on the settings tab:
It can be advantageous to disable this feature on non-controversial topics, or on internal employee surveys, since most staff will have the same IP address from the organization's central network.
Built-in DDOS Attack Mitigation
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices.
From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.
By default all application pages are protected by Cloudflare DDOS protection. This layer secures your sites and API access while ensuring the performance of legitimate traffic is not compromised.