Well, the problem is in the combination of those: The only thing the php server(or any website hosting server in general) has is the computer's public IP address. So that can be the modem/router that's connected to the provider. Everything past that(individual computers connected with an internal IP address and finally the user account on the computer(which is OS-dependant)) isn't sent to the server and unknown to the php script running on that. The only thing it knows is the IP address(the modem/router itself) and the cookies(which are under control of the webbrowser/user and thus can be manipulated/deleted manually). So there just isn't enough information to block such an user, except when it is 100% guaranteed that every computer on the world is connected to a seperate ISP-connected modem with a public IP, which doesn't change(which it does, due to providers freeing up and reusing IP addresses), which is impossible. So essentially, it's impossible to filter those users out afaik.
Afaik there isn't any way(with current ISP->modem->router->multiple PCs->multiple OS->multiple accounts->multiple browsers(->multiple subaccounts)) to actually block individual users that are doing that, since their paths(everything from and including the modem itself, which is all PHP-servers have afaik, based on the $_SERVER provided data) are unreliable sources.