@avi Hard to say, they could be doing it through cookies, if you upvote a deal, the upvote of that deal is saved into your cookies, then if you try again in the same browser, it knows you've done it already, however this is also circumventable by changing browsers and deleting your browser cookies. You can make it hard for someone to fake votes, but you can't stop it.
I think a mixture of email confirmation, cookie usage, limiting who can upvote and downvote (need to post a deal in order to vote for other deals, or something like that) and keeping an eye on activity would deter enough people not to bother trying to fake the votes.
You'd have to post the deal, log out, clear your entire browser cache, cookies, history etc, create an email account, sign up, verify your account, upvote, then do the whole thing again, the time taken isn't worth it, it would be easier to hire a team of people in the east to do it for you (similar to likes on facebook or views on youtube), and you can't stop them unless you place blanket IP bans on subnet ranges. Which, if you're only concentrating on one place, then that would be fine.
I already re-installed onto a new server. I was only testing .. If I do reproduce I will make sure to provide stacktrace. I do appreciate you looking into this. I will make sure in the future that I can provide more details.