There is a web site that has banned a client of mine. If he signs up for an account at this site with computer 'A' his account is immediately cancelled. If he signs up for an account with computer 'B' there's not a problem. (the site is unable to identify him) I would like to be able to do this with my site. (ie: identify a user by his computer) I can identify environmental variables but this doesn't seem to be what this site is using. I'm not sure how to even tag this question. Any help is appreciated.
#!/usr/local/bin/perl
print "Content-type: text/html\n\n";
print "<pre>\n";
foreach my $key (sort keys(%ENV)) {
print "$key = $ENV{$key}<p>";
}
print "</pre>\n";
I understand you correctly, that your client is using computers A and B inside the same network so that the requests come from the same IP, correct?
On the server side - this is what you are doing - you can only identify a user by their IP address. Everything else (cookies, user agent information, language preferences, ...) is sent on a voluntary basis and unreliable.
Repeat your experiment with JavaScript disabled and the remote side will probably fail to identify the user. With JavaScript you can collect an astonshing amout of information about the user's hard- and software: OS, plug-ins installed, fonts installed, screen resolution, properties of the graphics hardware (by painting to a canvas and analyzing the result), properties of the audio hardware, and lots of other stuff. See https://github.com/Valve/fingerprintjs2 for an impression of what is possible.
You can then send all that information in an AJAX request back to the server and react upon it. But this approach is also inherently limited:
But practice shows that this approach is quite successful.