I'm getting lots of spam from few IPs. How do I find the owner of an IP address and report them to concern parties?
All public IP address on the Internet is registered to ISP or an owner or a larger organization. Each IP address is recorded in the whois database. You can query this database to get owner name, phone, email address and so on the Internet using whois command line client.
Find IP Address For A Host Name
For instance to find the IP address for a www.cyberciti.biz open a command line and type in:
host www.cyberciti.biz
or
nslookup www.cyberciti.biz
Sample Outputs:
www.cyberciti.biz has address 74.86.48.99 www.cyberciti.biz has IPv6 address 2607:f0d0:1002:11::4
74.86.48.99 is IPv4 address and 2607:f0d0:1002:11::4 is IPv6 address for www.cyberciti.biz hostname.
whois - Client For The Whois Directory Service
Type the following command to find out the owner of an IP address called 74.86.48.99:
$ whois 74.86.48.99
Sample Outputs:
OrgName: SoftLayer Technologies Inc. OrgID: SOFTL Address: 1950 N Stemmons Freeway City: Dallas StateProv: TX PostalCode: 75207 Country: US ReferralServer: rwhois://rwhois.softlayer.com:4321 NetRange: 74.86.0.0 - 74.86.255.255 CIDR: 74.86.0.0/16 OriginAS: AS36351 NetName: SOFTLAYER-4-4 NetHandle: NET-74-86-0-0-1 Parent: NET-74-0-0-0-0 NetType: Direct Allocation NameServer: NS1.SOFTLAYER.COM NameServer: NS2.SOFTLAYER.COM Comment: abuse@softlayer.com RegDate: 2007-05-16 Updated: 2007-11-14 RAbuseHandle: ABUSE1025-ARIN RAbuseName: Abuse RAbusePhone: +1-214-442-0605 RAbuseEmail: abuse@softlayer.com RNOCHandle: IPADM258-ARIN RNOCName: IP Admin RNOCPhone: +1-214-442-0600 RNOCEmail: ipadmin@softlayer.com RTechHandle: IPADM258-ARIN RTechName: IP Admin RTechPhone: +1-214-442-0600 RTechEmail: ipadmin@softlayer.com OrgAbuseHandle: ABUSE1025-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-214-442-0605 OrgAbuseEmail: abuse@softlayer.com OrgTechHandle: IPADM258-ARIN OrgTechName: IP Admin OrgTechPhone: +1-214-442-0600 OrgTechEmail: ipadmin@softlayer.com # ARIN WHOIS database, last updated 2009-07-23 20:00 # Enter ? for additional hints on searching ARIN's WHOIS database. Found a referral to rwhois.softlayer.com:4321. %rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5) network:Class-Name:network network:ID:NETBLK-SOFTLAYER.74.86.32.0/19 network:Auth-Area:74.86.32.0/19 network:Network-Name:SOFTLAYER-74.86.32.0 network:IP-Network:74.86.48.96/29 network:IP-Network-Block:74.86.48.96-74.86.48.103 network:Organization;I:SoftLayer Technologies, Inc. network:Street-Address:1950 Stemmons Freeway Suite 2043 network:City:Dallas network:State:TX network:Postal-Code:75207 network:Country-Code:US network:Tech-Contact;I:sysadmins@softlayer.com network:Abuse-Contact;I:abuse@softlayer.com network:Admin-Contact;I:IPADM258-ARIN network:Created:20070708 network:Updated:20071205 network:Updated-By:ipadmin@softlayer.com %referral rwhois://root.rwhois.net:4321/auth-area=. %ok
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 10 comments… read them below or add one }
It doesn’t work if the spammer is sending spams from poor country.
So what is the best solution ?
Ignore him.
Block IP address using iptables or pf firewall.
I never recommend banning IPs, which is never a reliable solution these days.
Even sending abuse report mail to network/ip owner is worthless as these emails are not monitored.
What’s more, even calling that phone number is in vain.
The must-do is to patch your hole.
We have to follow different ways: Block the IP in f/w, Set some rule/policy in Spam control software, black list/while list mailid. For this to be done, we have to understand header of the mail at microlevel. But its a horse race between spammer and mail admin!!!!
>>Block IP address using iptables or pf firewall.
This is useless. Spam originates in hell, but it is your email provider that delivers it to you.
To block spam, you need a spam blocking package… which is dependent on your email client. Or if you run an email server, is dependent on your email server.
Do some googling and see what people recommend for your email situation.
Very great and interesting post. Thanks alot.
How do I stop vicious, pornographic and violent spam being posted onto my website.
I have gone down the road of tracing IP addresses, but they are all from Proxy services.
I have a stat counter which gives me the IP address of all who have visited my site, even for a second, but these eroneous insertions do not show up. They are accessing it somehow else.
I have sent emails to the abuse@ addresses but again with no response.
I have contacted my website builder (BlueVoda) and they say they do not have a script on the guestbook which can stop these things from happening, but gave me some computer jargon about a script opening up in notebook etc….might have well been speaking Klingon!!!
Is there a simple way to stop these insertions. I am worried about them as some are pornographic (offering Eastern Block women doing all sorts of things) and I get a lot of kids looking at my site…and fear they will see these.
I clear at least one a day from my guestbook
Thank you for any help.
Carolyne
Protect your webpage with a Captcha , which is nothing but a type of challenge-response test used by you to ensure that the response is not generated by a bot. See example below:
http://www.cyberciti.biz/faq/php-captcha-class-simple-php-captcha-example/
I just want to know one thing if i have someones I.P. address can I get his or hers personal details by that i.e. email address, name, phone nos, etc
Please i want to find out who has this ip address. The sender has been threatening to pour me acid: 178.239.85.7