I’ve known for a while that in the case of changing AOL IPs my velocity triggered events could be better implemented. I still trap some situations but things could be much better. Some time ago I also implemented an embedded IP trap in the web site logic of some functions. Today I realized that the multiple per session, ever changing, AOL IP “feature” breaks that logic. Bugger. I need to address the AOL changing IP situation.

Looking back over the logs it appears that:

. gethostbyaddr - not all AOL IPs yield a host name; those that do resolve end in proxy.aol.com.
. UA always seem to contain AOL
. The first three IP octets appear to be constant.

To address the the AOL problem I’m currently thinking about changing to a technique where I identify AOL visitors based on UA (and maybe host name), use only the first three octets of AOL visitors IPs and possibly appended with a hash of some sort per session. That would restore velocity traps to full function and I could re-implement the IP logic trap.

Any suggestions? Help would be much appreciated.

Cheers,
Phred