There is very little you can do - just make the password harder to guess and thats it really. An IP address is a unique number assigned to an internet session - ie. it could be 1 in a trillion computers, and the number is random generally - so no chance of finding who it is tbh