HELP: Tracing abusive IHUG customer...

Forums › One New Zealand (including Vodafone, WxC, Farmside) › HELP: Tracing abusive IHUG customer...

jared342

75 posts

Master Geek

#69857 14-Oct-2010 09:22

Hi guys,

I manage a website for a client who is receiving abusive comments via their comment form. It appears from the content that the person is someone within the same industry.

I've pinged the IP address on the form and it traces back to IHUG.

Is there any way to track down the person responsible? At this stage it's probably not a police matter - just quite abusive and nasty.

Other info I have is:

REMOTE_ADDR: 203.118.163.148
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-us)
AppleWebKit/533.17.8 (KHTML, like Gecko) Version/5.0.1 Safari/533.17.8

What does that tell me? Any clues there?

Thanks geeks.

Lias

5589 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#391658 14-Oct-2010 09:36

Not alot.. It tells you their IP, and that they are most likely a mac user.

Vodafone wont give you any information without police/court involvement, due to NZ's overreaching privacy laws.

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

jared342

75 posts

Master Geek

#391663 14-Oct-2010 09:42

Yeah - I thought this might be the case.

I suppose it narrows it down to IHUG as ISP and machine as MAC which is a start. With a bit of social engineering I can probably send emails to prime suspects, then see if the replies carry the same fingerprints?

Damo-K

67 posts

Master Geek

#391666 14-Oct-2010 09:44

Contact IHUG/Vodafone either via abuse@ihug.co.nz (or abuse@vodafone.co.nz?) - or some other contact mechanisim and provide them with the details. Most ISPs have a clause in their T&C's regarding abuse and being a good netizen but It's likely that no immediate action will be taken - if you're lucky it could be a warning. However, if the claim is serious enough it could be recorded on their account and if they continue such abuse to you or someone else there's at least a record of it.

raab

262 posts

Ultimate Geek
Inactive user

#391667 14-Oct-2010 09:45

Try emailing noc@ihug.co.nz with logs and screenshots of the abuse.

It resolves to ihug.net which from memory is usually a business customer and most likely a static IP. You could just block that IP so they can't access the website

Zeon

3916 posts

Uber Geek

Trusted

#391682 14-Oct-2010 10:35

Lias: most likely a mac user.

Raab's idea is probably the best. Would also send it to the vodafone/ihug NOC too. Are the messages in any way threatening?

Speedtest 2019-10-14

jared342

75 posts

Master Geek

#391684 14-Oct-2010 10:42

Cheers guys, I wouldn't say life threatening - just abuse:

MyLocation: f*** off
Phone: b*&^h
Mobile: 666

Comments: You are s**&, look at the competition. How long do you think you have....

etc

Damo-K

67 posts

Master Geek

#391686 14-Oct-2010 10:49

To be brutally honest, It's not worth it. There will always be people that write crap like that into websites. I guess you can at least be thankful that it was a human and not something that bypassed your captcha/turing test.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

freitasm

BDFL - Memuneh
79299 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#391689 14-Oct-2010 10:57

You have to develop a thick skin when on the Internet. People hide behind "privacy" and "anonymous" identity and say things they would never tell you in your face.

Such is life.

Zeon

3916 posts

Uber Geek

Trusted

#391694 14-Oct-2010 10:59

DoS against the IP?

Speedtest 2019-10-14

raab

262 posts

Ultimate Geek
Inactive user

#391703 14-Oct-2010 11:14

Blocking their IP would cut more deep I think.

IMO the only reason you'd send abusive messages like that is if you felt threatened by the competition

tchart

2380 posts

Uber Geek

ID Verified

Trusted

#391706 14-Oct-2010 11:19

raab: Blocking their IP would cut more deep I think.

+1

It may also lead you to the persons company if you suddenly get emails with "I work at XYZ and I cant access your site..."

Damo-K

67 posts

Master Geek

#391712 14-Oct-2010 11:29

raab: Blocking their IP would cut more deep I think.

Just be wary of this. It'll help in the short-term but if it happens to be a dynamic IP you'll only be causing potential grief to someone in the future who legitimately wishes to visit your site.

raab

262 posts

Ultimate Geek
Inactive user

#391715 14-Oct-2010 11:32

It's an ihug.net IP which is usually static

robbyp

1199 posts

Uber Geek

#391828 14-Oct-2010 15:17

jared342: Hi guys,

I manage a website for a client who is receiving abusive comments via their comment form. It appears from the content that the person is someone within the same industry.

I've pinged the IP address on the form and it traces back to IHUG.

Is there any way to track down the person responsible? At this stage it's probably not a police matter - just quite abusive and nasty.

Other info I have is:

REMOTE_ADDR: 203.118.163.148
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-us)
AppleWebKit/533.17.8 (KHTML, like Gecko) Version/5.0.1 Safari/533.17.8

What does that tell me? Any clues there?

Thanks geeks.

I would have thought the best place to complain to was the ISP. The ISP I thought was responsible for their users, so if there is someone doing something wrong, that should be able to do something about it. I have complained to an ISP in the past, and that did get results. They didn't tell me who it was, but they did say that they had given them a formal warning. However some ISPs will ignore you. It would have been funny if the IP address was linked to their website, and entering that into your web browser displayed the companies website.