有一种流行的方法叫做“画布指纹”，在这篇科学文章《网络永不遗忘》中有描述: 野外的持久跟踪机制。一旦你开始寻找它，你会惊讶于它被使用的频率。该方法创建一个唯一的指纹，该指纹对于每个浏览器/硬件组合都是一致的。

本文还介绍了其他持久跟踪方法，如evercookie、respawning http和Flash cookie以及cookie同步。

更多关于画布指纹的信息:

完美像素:HTML5中的指纹画布 https://en.wikipedia.org/wiki/Canvas_fingerprinting

假设您不希望用户拥有控制权，那么您就不能这样做。网络并不是这样工作的，你能期望的最好的是一些启发式。

如果你可以强迫访问者安装一些软件并使用TCPA，你可能会成功。

我觉得饼干可能就是你要找的东西;这是大多数网站唯一识别访问者的方式。

The suggestions to use cookies aside, the only comprehensive set of identifying attributes available to interrogate are contained in the HTTP request header. So it is possible to use some subset of these to create a pseudo-unique identifier for a user agent (i.e., browser). Further, most of this information is possibly already being logged in the so-called "access log" of your web server software by default and, if not, can be easily configured to do so. Then, a utlity could be developed that simply scans the content of this log, creating fingerprints of each request comprised of, say, the IP address and User Agent string, etc. The more data available, even including the contents of specific cookies, adds to the quality of the uniqueness of this fingerprint. Though, as many others have stated already, the HTTP protocol doesn't make this 100% foolproof - at best it can only be a fairly good indicator.

一个技巧:

Create 2 Registration Pages: First Registration Page: without any email or security check (just with username and password) Second Registration Page: with high security level (email verification request and security image and etc.) For customer satisfaction, and easy registration, default registration page should be the (First Registration Page) but in the (First Registration Page) there is a hidden restriction. It's IP Restriction. If an IP tried to register for second time, (for example less than 1 hour) instead of showing the block page. you can show the (Second Registration Page) automatically. in the (First Registration Page) you can set (for example: block 2 attempts from 1 ip for just 1 hour or 24 hours) and after (for example) 1 hour, you can open access from that ip automatically

请注意:(第一注册页)和(第二注册页)不应在分开的页面。你只写了一页。(例如:register.php)，并在第一PHP样式和第二PHP样式之间切换

你可能想尝试在evercookie中设置一个唯一的ID(它可以跨浏览器工作，见他们的常见问题): http://samy.pl/evercookie/

还有一家叫做ThreatMetrix的公司，被很多大公司用来解决这个问题: http://threatmetrix.com/our-solutions/solutions-by-product/trustdefender-id/ 它们相当昂贵，而且他们的其他一些产品也不太好，但他们的设备id运行良好。

最后，还有这个开源jquery实现的panopticlick的想法: https://github.com/carlo/jquery-browser-fingerprint 它现在看起来很不成熟，但可以扩展。

希望能有所帮助!