I have a hacker attempting to regain access to my server. They have the ability to fake the IP address reported to the server. They will run a script making dozens of requests per minute, attempting to discover / gain access to my server's admin files, and each request reports a different IP address, sometimes in numerical order, sometimes random addresses. Is there any software that will report the "REAL" IP address of the request, that the server's response is directed to, instead of just the address the scripts report to the server, which is being faked? I have blocked literally hundreds of thousands of IP addresses, in the past 8 months, and cannot discover their real IP address. Any suggestions?
Unfortunately, I don't think you can discover the real IP. Especially if they're hopping from one computer to another all the while concealing their own IP.....which sounds like what they're doing.
We have similar issues and are looking at http://www.cloudflare.com as a solution.
One of my friends has a blog who was getting DDoS attacked. He set up cloudflare and all is fine now.
In the meantime, I would make sure all unnecessary ports are closed and your passwords are super strong. I would also remove any unnecessary files from the server being attacked.
When they attack are they attacking via a URL or are they going directly to your IP address? If they're going straight to your IP, can you change your IP to throw them off course.