I'm getting lots of spam from few IPs. How do I find the owner of an IP address and report them to concern parties?
All public IP address on the Internet is registered to ISP or an owner or a larger organization. Each IP address is recorded in the whois database. You can query this database to get owner name, phone, email address and so on the Internet using whois command line client.
Find IP Address For A Host Name
For instance to find the IP address for a www.cyberciti.biz open a command line and type in:
host www.cyberciti.biz
or
nslookup www.cyberciti.biz
Sample Outputs:
www.cyberciti.biz has address 74.86.48.99 www.cyberciti.biz has IPv6 address 2607:f0d0:1002:11::4
74.86.48.99 is IPv4 address and 2607:f0d0:1002:11::4 is IPv6 address for www.cyberciti.biz hostname.
whois - Client For The Whois Directory Service
Type the following command to find out the owner of an IP address called 74.86.48.99:
$ whois 74.86.48.99
Sample Outputs:
OrgName: SoftLayer Technologies Inc. OrgID: SOFTL Address: 1950 N Stemmons Freeway City: Dallas StateProv: TX PostalCode: 75207 Country: US ReferralServer: rwhois://rwhois.softlayer.com:4321 NetRange: 74.86.0.0 - 74.86.255.255 CIDR: 74.86.0.0/16 OriginAS: AS36351 NetName: SOFTLAYER-4-4 NetHandle: NET-74-86-0-0-1 Parent: NET-74-0-0-0-0 NetType: Direct Allocation NameServer: NS1.SOFTLAYER.COM NameServer: NS2.SOFTLAYER.COM Comment: abuse@softlayer.com RegDate: 2007-05-16 Updated: 2007-11-14 RAbuseHandle: ABUSE1025-ARIN RAbuseName: Abuse RAbusePhone: +1-214-442-0605 RAbuseEmail: abuse@softlayer.com RNOCHandle: IPADM258-ARIN RNOCName: IP Admin RNOCPhone: +1-214-442-0600 RNOCEmail: ipadmin@softlayer.com RTechHandle: IPADM258-ARIN RTechName: IP Admin RTechPhone: +1-214-442-0600 RTechEmail: ipadmin@softlayer.com OrgAbuseHandle: ABUSE1025-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-214-442-0605 OrgAbuseEmail: abuse@softlayer.com OrgTechHandle: IPADM258-ARIN OrgTechName: IP Admin OrgTechPhone: +1-214-442-0600 OrgTechEmail: ipadmin@softlayer.com # ARIN WHOIS database, last updated 2009-07-23 20:00 # Enter ? for additional hints on searching ARIN's WHOIS database. Found a referral to rwhois.softlayer.com:4321. %rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5) network:Class-Name:network network:ID:NETBLK-SOFTLAYER.74.86.32.0/19 network:Auth-Area:74.86.32.0/19 network:Network-Name:SOFTLAYER-74.86.32.0 network:IP-Network:74.86.48.96/29 network:IP-Network-Block:74.86.48.96-74.86.48.103 network:Organization;I:SoftLayer Technologies, Inc. network:Street-Address:1950 Stemmons Freeway Suite 2043 network:City:Dallas network:State:TX network:Postal-Code:75207 network:Country-Code:US network:Tech-Contact;I:sysadmins@softlayer.com network:Abuse-Contact;I:abuse@softlayer.com network:Admin-Contact;I:IPADM258-ARIN network:Created:20070708 network:Updated:20071205 network:Updated-By:ipadmin@softlayer.com %referral rwhois://root.rwhois.net:4321/auth-area=. %ok
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 19 comments… read them below or add one }
It doesn’t work if the spammer is sending spams from poor country.
So what is the best solution ?
Ignore him.
Block IP address using iptables or pf firewall.
I never recommend banning IPs, which is never a reliable solution these days.
Even sending abuse report mail to network/ip owner is worthless as these emails are not monitored.
What’s more, even calling that phone number is in vain.
The must-do is to patch your hole.
We have to follow different ways: Block the IP in f/w, Set some rule/policy in Spam control software, black list/while list mailid. For this to be done, we have to understand header of the mail at microlevel. But its a horse race between spammer and mail admin!!!!
>>Block IP address using iptables or pf firewall.
This is useless. Spam originates in hell, but it is your email provider that delivers it to you.
To block spam, you need a spam blocking package… which is dependent on your email client. Or if you run an email server, is dependent on your email server.
Do some googling and see what people recommend for your email situation.
Very great and interesting post. Thanks alot.
How do I stop vicious, pornographic and violent spam being posted onto my website.
I have gone down the road of tracing IP addresses, but they are all from Proxy services.
I have a stat counter which gives me the IP address of all who have visited my site, even for a second, but these eroneous insertions do not show up. They are accessing it somehow else.
I have sent emails to the abuse@ addresses but again with no response.
I have contacted my website builder (BlueVoda) and they say they do not have a script on the guestbook which can stop these things from happening, but gave me some computer jargon about a script opening up in notebook etc….might have well been speaking Klingon!!!
Is there a simple way to stop these insertions. I am worried about them as some are pornographic (offering Eastern Block women doing all sorts of things) and I get a lot of kids looking at my site…and fear they will see these.
I clear at least one a day from my guestbook
Thank you for any help.
Carolyne
Protect your webpage with a Captcha , which is nothing but a type of challenge-response test used by you to ensure that the response is not generated by a bot. See example below:
http://www.cyberciti.biz/faq/php-captcha-class-simple-php-captcha-example/
I just want to know one thing if i have someones I.P. address can I get his or hers personal details by that i.e. email address, name, phone nos, etc
Please i want to find out who has this ip address. The sender has been threatening to pour me acid: 178.239.85.7
It’s somebody with a blackberry in the UK.
178.239.85.7 belongs to RIMBLACKBERRY3 ,……. Research In Motion UK Limited
address:-295 Phillip St., Waterloo, ON, CANADA N2L 3W8
With ip address info, how did you get the person’s name and postal address ?
So where do I type in
“$ whois 74.86.48.99″?
This one traces to:
SoftLayer Technologies Inc.
Dallas Texas
“$ whois” is not working.m having windows 7(64-bit).Now what do i do?
I have some ones IP address… I need to know his/her address email. Can some one help me how can find the details.. plz..?
I am getting dirty, threatening emails from IP 190.58.178.87, 190.58.193.230 &
127.1.0.0 can anyone trace these addresses to person, email, location, anything
please….
Please find the address of this IP address and name and any other info I am being harassed thank u 24.192.137.13 ip address