diff --git a/pkg/controller/photo/certification.go b/pkg/controller/photo/certification.go
index f4c2ea2..064d231 100644
--- a/pkg/controller/photo/certification.go
+++ b/pkg/controller/photo/certification.go
@@ -2,6 +2,7 @@ package photo
 
 import (
 	"bytes"
+	"fmt"
 	"io"
 	"net/http"
 	"path/filepath"
@@ -165,8 +166,25 @@ func Certification() http.HandlerFunc {
 				log.Error("Certification: failed to notify admins of pending photo: %s", err)
 			}
 
-			// Log the change.
-			models.LogCreated(currentUser, "certification_photos", currentUser.ID, "Uploaded a new certification photo.")
+			// Log the change. Note the original IP and GeoIP insights - we once saw a spammer upload
+			// their cert photo from Nigeria, and before we could reject it, they removed and reuploaded
+			// it from New York using a VPN. If it wasn't seen in real time, this might have slipped by.
+			var insights string
+			if i, err := geoip.GetRequestInsights(r); err == nil {
+				insights = i.String()
+			} else {
+				insights = "error: " + err.Error()
+			}
+			models.LogCreated(
+				currentUser,
+				"certification_photos",
+				currentUser.ID,
+				fmt.Sprintf(
+					"Uploaded a new certification photo.\n\n* From IP address: %s\n* GeoIP insight: %s",
+					cert.IPAddress,
+					insights,
+				),
+			)
 
 			session.Flash(w, r, "Your certification photo has been uploaded and is now awaiting approval.")
 			templates.Redirect(w, r.URL.Path)