Restrict number of requests from an IP

I am writing an application wherein its a requirements to restrict the number of logins a user can have from a single IP address (as a way to stop spam). We can't use captcha for some reason!

The only 2 ways I could think of to make this work was to either store in the database, the number of requests coming in from each IP. OR To store a tracking cookie which has the information regarding the same.

Now, the downside of the first mode is that there would be too much of db traffic - the applica开发者_如何学编程tion is going to be used by a ton of people. The downside of storing this info as a cookie is that users can clear them up ad start fresh again.

I need suggestions, if there could be a way wherein the high db traffic and the loose bond with cookie based tracking can be handled.

---

You're talking about "logins" and a web-application therefore you have some sort of a session persisted somwhere. When creating those sessions you need to keep track of the number of active sessions per IP and not allocate new sessions when that threshold is reached.

Without more specific information about your framework / environment, that's about the best answer anyone can provide.

Also be aware that this approach fails in numerous ways because of NAT (network address translation). For example, our office has exactly one public IP address for X hundred people. The internal network is on private IP space.

---

if you want to get the IP and store somewhere, you could use $_SERVER['REMOTE_ADDR'] to get the IP of the user, make a field like "ip" in your database and you make a query in your SQL to check if the IP was used. There are also other ways of tracking, like Flash Cookie, people usually don't know the existance of it, so most people wouldn't know how to clear it.