Hello, on my site we regulary have problems with members making fake double accounts, either to avoid certain limitations or to simply harras other users in an anonimus way. Ofcourse me and my moderators try to stop and prevent those situations as much as we can. But the tools I have made for this are not that good enough yet. I can store the ip's that my members have when they login, but sometimes several people log in while being in the same school or local network, and that gives them all the same ip. It would help a lot if I could realy identify every single computer that is used to visit my site. It might sound a bit "big brother" like, but I could use it to make better tracking scripts. For example we could then see that a certain member logins in under the name A, and then several minutes later from the same computer he logs in under the name B. This would be a good hint for us to investigate those accounts.
But so far, the only other value I could log (besides the hostname/ip ) is the browser version. It is some usefull information, but then again you might expect that in a school all computers would have the same software and browers installed, so its not that great either.
So, does anyone knows a way for a php script to tell the difference between 2 different computers ?
(ok, this might not really look like a php question, but I already use php to store the ip and browser version, so it seemed logical to ask here)
The nature of the Internet would tend to work against you in this case. However if you wish to stop people from signing up multiple accounts, you can ask them to supply a valid email address during registration and send username/password to that email address to confirm its authenticity. Make it so that no accounts can use the same email address to register again. Accounts that are found to have broken your rules should be banned (permanently banning the email address as well so they can't sign up again with it).
This may not stop the most determined attempts to wreck havoc on your site (people with catch-all email addresses for example) but should be sufficient to turn away a large portion of casual trouble-makers.
Good idea, but its already implemented. When they want to register, they need to activate their account first by clicking on a link sent in an email. And for every new active account, they need to make a new email adress. Luckily for us hardly anyone knows about catch-all email, we see 99% hotmail accounts in such situations.
And it doesnt stop those trouble-makers, but at least for them its more effort to make a new account, then it is for us to delete them. So in the end, we mostly win this race. But it would be nice if we had more ways to further verify every account.