From my experience, IP Numbers normally, do not change from log-in to log-in.

There may be certain instances, but overall they remain the same and therefore are your best method of tracking via your access_log files.

hm I thought almost all ISPs give you a "dynamic ip" unless you specifically sign up for "static ip" service

Most large ISP's in the US will assign a different IP each time a user logs into their system. Only if you pay extra for a static IP will it remain the same. Roadrunner cable and SBC/Yahoo DSL all assign me a new IP each time I log into their system.

yeah...damn

so are there any solutions that work?

> Roadrunner cable and SBC/Yahoo DSL all assign me a new IP each time I log into their system.

Are not both of those always on connections and therefore do not require repeated log-ins?

Not trying to belabor the point, it's just that with all the emphasis that has been placed on IP Numbers [google.com] here at WebmasterWorld, I fail to ever recall reading anything about the frailness of using IP Numbers to ban nefarious visitors.

well what about all the millions of people that have dialup? that's always different each time they log on right?

are there any solutions for this that work?

You can't count on IP as a unique identifier. I get a new IP _every_ time I reboot my router or modem + whenever my ISP feels like it.

Yes, they are always on. However, anytime you have to reboot your system, they must log back on and that gives you a new IP number. Hope that helps.

There has got to be something we are missing here. I've rebooted a bunch of times, both router and cable modem and not once have I had to re-log in, much less have a different IP Number each time. Dumping all my cookies periodically verifies this premise by showing me as the same visitor IP Number, until I log in (to WebmasterWorld) of course.

And, to the best of my knowledge we are not on a dedicated IP Number.

Maybe the distinction lies in who I'm talking about. Such to say, the nafarious ones are usually on faster connections, I don't know.

For years I've been banning via IP Number with great success. The only times I see anyone return for the same file, or series of files, has been via the same IP Number and thus were fed the traditional 403 and I scan my access_log files manually too. Believe me, not much gets past me in that regard.

I'm glad it's working for you. I'm just speaking about my experience with cable/dsl connections I've had. Even though you don't see the login with the cable modem, you are logged in each time you reboot your system. Your provider must have plenty of IP numbers to go around, so they just let you keep the same one over and over again. However, that can be changed at their level if they wish.

On DSL, my computer goes through a visible login each time I reboot my system and its usually a different IP each time. Not all the time, but most of the time.

P.S. pendanticist, are you using a wireless connection via Linksys or others? These systems will assign a Proxy IP that starts with 192.#*$!.xx that will remain the same all the time. This is not the real IP address, just one for your computer. Your ISP assigns the real IP address, but many computers will show the 192.xxx.xx as the IP.

Your biggest group to worry(?) about are AOL users. It is common knowledge that AOL uses MANY proxy servers for their users, which could cause:
- A different IP every time a user comes to your site
- A different IP every visit to a new page

Yes, the 2nd case is drastic, but it's very possible. It all depends on the load balance for that user's proxy server. In conclusion, relying on IPs may not be the *best* way to go. I would look into a solution involving cookies, where you set your own IDs.

well, how would that work with cookies? There still would be no way to track the user without requiring them to "login" right?

I'm trying to figure out a way to just track what kinds of articles and photos my users are most interested in on my blog. So I want to be able to also see which article/photo led to clicking on the next one, which would require some way of differentiating between users. And nobody is going to take the time to register an account and login just to view my blog.

Cookies don't reguire a log in. Google and just about every business site uses them without log in. However, the consumer can turn cookies off. Then you have to decide if you want to let them into your site or not.

Do you have access to a database?

Do you have any knowledge of a server-side scripting language?