I've just put a Rails app live on heroku.com which services some touchscreen kiosks and have had my first taste of malicious users with some bogus service bookings. I would like some suggestions on audit data which I can log to help me to track down or otherwise discourage or prevent such malicious activities.
Some brief background - I have designed a Rails based website which is targeted towards the Tourist industry and allows customers to book accommodation and other tourist related services such as boat trips. We run this application on touchscreen kiosks (think 6.5 foot tall units with 40" touch screens) and email notifications of bookings to service providers.
What I'm looking for is suggestions on things that I can record at the point of bookings (and other transactions) taking place so that I can help to authenticate valid bookings and record details which can be used later to trace these bogus bookings. I might then add this information to a black-list to block these machines from creating further problems.
I'm already recording the request.remote_ip address but would ideally like to be able to record the hostname of the remote_ip as well since the IP address might change dynamically. Is this possible? Should I create a random key and store it as a cookie to identify each client machine uniquely?
I'm not looking to prosecute every person who makes a bogus booking, I just want to be able to discourage, prevent or track such malicious activity and would appreciate any suggestions on how best I can do this.
Many thanks, Craig.
