Possible solutions for keeping track of anonymous users

I'm cu开发者_运维百科rrently developing a web application that has one feature while allows input from anonymous users (No authorization required). I realize that this may prove to have security risks such as repeated arbitrary inputs (ex. spam), or users posting malicious content. So to remedy this I'm trying to create a sort of system that keeps track of what each anonymous user has posted.

So far all I can think of is tracking by IP, but it seems as though it may not be viable due to dynamic IPs, are there any other solutions for anonymous user tracking?

I would recommend requiring them to answer a captcha before posting, or after an unusual number of posts from a single ip address.

"A CAPTCHA is a program that protects websites against bots by generating and grading tests >that humans can pass but current computer programs cannot. For example, humans can read >distorted text as the one shown below, but current computer programs can't"

That way the spammers are actual humans. That will slow the firehose to a level where you can weed out any that does get through.

http://www.captcha.net/

There's two main ways: clientside and serverside. Tracking IP is all that I can think of serverside; clientside there's more accurate options, but they are all under user's control, and he can reanonymise himself (it's his machine, after all): cookies and storage come to mind.

Drop a cookie with an ID on it. Sure, cookies can be deleted, but this at least gives you something.

My suggestion is:

1. Use cookies for tracking of user identity. As you yourself have said, due to dynamic IP addresses, you can't reliably use them for tracking user identity.
2. To detect and curb spam, use IP + user browser agent combination.