Should a membership site store a user's REMOTE_ADDR?

Occasionally, when I am signing up on a site where I want to be a paid member, there is a message on the sign-up page that says something like this: 'Your IP address of 123.345.567.789 has been logged.  We will prosecute all instances of fraud."
Is the IP address really that useful for finding a user in case of irregularity?  Should I be storing a user's REMOTE_ADDR in my database when they sign up?  Especially if the monetary amounts involved are very small?
Thanks for any insight.
StevenMilesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mrcoffee365Commented:
It's spam-blocking.  You aren't meant to worry about it if you are a normal user.

Your web server logs already store the IP address of people who come to your site.  Whether you want to save it and use it yourself in the user profile is up to you.
0
mrcoffee365Commented:
Wait -- I should say, it's social spam blocking.  Storing the IP address doesn't block spam, but it acts like that FBI warning at the beginning of DVDs, telling you that it's wrong to make a copy of the DVD.  Maybe it deters some people.
0
StevenMilesAuthor Commented:
Hi, mrcoffee,
If the address isn't of any real use, though, I'd rather not store it.  I suppose in the case of some problem, one can just delete that user's account.  Can you really find someone through his IP address, though?
0
mrcoffee365Commented:
>If the address isn't of any real use, though, I'd rather not store it.
Makes sense to me.

>Can you really find someone through his IP address, though?

Kind of.  If the person has DSL, then there's a dynamic IP address assigned to their computer, and it would be possible to track down.

AOL users come through a bank of computers, none of which are their own, so in their case you'd have to have the user information (not IP address) and a search warrant for AOL to look through their records to find the user who connected to you.  AOL might be able to use the IP address to narrow their search, but obviously it wouldn't identify someone all on its own.

With an IP address, all you can say is that this machine was the named source of the access to your server.  It might resolve to one person, or it might resolve to a whole company or an ISP.  Also, IP addresses can be spoofed, so it might not even be the originating machine, if the bad guy is really a bad guy.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StevenMilesAuthor Commented:
Thanks, mrcoffee
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.