The IP address is provided to you by your web server which gets it
from the TCP/IP connection between the client and the server. The
three-way handshake makes it impossible to spoof the IP address, so
this scheme works to ensure no dupes, but it causes problems if you
share a connection behind NAT. If someone on your shared connection
votes before you do, you're SOL.
In your rails controllers, you can get the IP via request.remote_ip.
CAPTCHAs, or requiring logins that are email verified... There are a
number of solutions; they all have their pros and cons and which one
is right for you depends on your app...