Tracing IP's to Users

Shelle

don't know much if anything about all this. But here is my situation, perhaps someone can help.

This person has been harassing me online. He keeps coming back at me through emails and my website under different names. What I need to know (so that I can be sure when a new name is him or not) is if it's possible to trace the IP back to a user name/computer. and how I'd go about this.

Shelley

NYSiRacer

Use getenv("REMOTE_ADDR") to get his IP Address and save it to a file or in SQL, then do an ip address check (query the file or SQL) when people enter your site, if ip is found, send him to somewhere else using header("Location: http://somewhereElse.com");.
You can't block him if he uses dynamic ip addressing, but you can get his ip address and notify his ISP... If you use Windows, use the tracert command tracert 127.0.0.1 (replace 127.0.0.1 with his ip address)

And if you want to harass him too, I wrote a little script that'll send as many e-mails as you specify in the configuration, and the recipient can not block the sender's address because it uses random characters as sender's address. This script (evilMail) can be found here, that ought to annoy the xxxx out of him.

bretticus

By all means, don't Spam anyone ;-) You'll just get yourself into trouble with your ISP when they complain.

Just log those ips addresses and contact his ISP, you can find out where he's coming from using tracert and then looking up the routers domain name and finding his ISP, allthough, it's often easier to query the ip address or addresses (the case that he is using DHCP...dialup) with a whois (if you have access to a *NIX terminal...there may be Windows versions or Web-based services for whois) and find out who "owns" the block of ip addresses that his IP fits in. Usually when you find the ISP you can write to abuse@{ispdomain} and report them. In the mean time if you have some server configuration control (like .htaccess with Apache) you can block them at the Web-server. Or even better, at a firewall or router if you have access to that (maybe your ISP can handle that for you if you can prove that you're being molested and his ISP does nothing.) And yes....you could do a quick fix and write an include file for each page in yoru site that checks getenv("REMOTE_ADDR") or $_SERVER["REMOTE_ADDR"] (same thing) and if it matches the netblock of his ip address, simply redirect to losers.com ;-)

Good luck!

http://visualroute.visualware.com/