if interested, i can help with proxy detection if you decide to do it next year ( just leave a mail or irc contact saying you need help with it, and you might get messaged ), however it is probably too late for this year.
You will need to block:
- check for standard port 80/8080/3128 if proxy is running on them
- check against many of the public proxy blacklists
- check for Tor exitpoint nodes
- check for known SOCKS proxies ( by blacklist )
- check for known/common SOCKS4/5 and verify if there are any open ones running
- improved captcha to be much more random and harder to do ( or use one of the public, well trusted captcha systems )
- save a session ID/cookie on the users PC once he first visits the generate page, this will make it harder for the attacker to automate without coding some tools
- if that is not enough, make a custom application people can run to generate a hashed hardware ID of their PC(and NIC), this shouldn't really worry people as a hashed id cannot lead to anything more than identifying their PCs uniqueness. Of course digitally sign this information. Could even make a challenge/response system, similar to popular anticheat applications. Please understand, that no matter how good one makes this it is still crackable.
- Make various heuristic mass voting detection apps, this will make the attacker randomize their voting patterns
This would make it much harder to proxyvote, however this is not unbeatable, and a system to beat these ideas could be made if one wants it bad enough.