Results 1 to 10 of 10

Thread: Email Tracking

  1. #1
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default Email Tracking

    Hello all,

    I did some searching on this but came up empty. So let me know what you think.

    On our website there is a form for contact us. When someone sends us a msg from that form it doesnt include their email info since it is using our SMTP to relay the msg.

    So when someone comes in and types a nasty msg or something vulgar then sends it with a bogus address is there a way to trace an email like that back to find out where it originates from?

    We have checked the logs on server for the times the email says it was sent so we get an idea of where the IP is from. there is not much traffic then when that msg is sent there are a few IP's in the log. One leads to an ISP... blah blah... but is there a way to trace back to determine where the email originates from?

    Thank you for your help...
    The wise man can pick up a grain of sand and envision a whole universe. But the stupid man will just lay down on some seaweed and roll around until he's completely draped in it. Then he'll stand up and go: Hey, I'm Vine Man.

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by l0gaN View Post
    Hello all,

    I did some searching on this but came up empty. So let me know what you think.

    On our website there is a form for contact us. When someone sends us a msg from that form it doesnt include their email info since it is using our SMTP to relay the msg.

    So when someone comes in and types a nasty msg or something vulgar then sends it with a bogus address is there a way to trace an email like that back to find out where it originates from?

    We have checked the logs on server for the times the email says it was sent so we get an idea of where the IP is from. there is not much traffic then when that msg is sent there are a few IP's in the log. One leads to an ISP... blah blah... but is there a way to trace back to determine where the email originates from?

    Thank you for your help...
    If they're using a webform on YOUR server to send you mail, then the mail comes from YOUR server, and no where else. What you need to do is what I set up on a couple of websites. Everytime an email is sent through the webform, the IP address of the person that filled out the form is logged to a database. The IP address can be gotten using basic HTML functions and inserted into a database using basic SQL commands.

    This will work as long as they're not using an anonymous proxy server to browse your site.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default

    Streaker,

    Do you happen to have that code snippet handy?

    the problem is that i don't want just their IP addie, because most likely the IP will lead to an ISP and not to them unless it is static....

    So i want to get some info stored in cookies or header info, from their computer when they click that button.

    what do you think?
    The wise man can pick up a grain of sand and envision a whole universe. But the stupid man will just lay down on some seaweed and roll around until he's completely draped in it. Then he'll stand up and go: Hey, I'm Vine Man.

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by l0gaN View Post
    Streaker,

    Do you happen to have that code snippet handy?

    the problem is that i don't want just their IP addie, because most likely the IP will lead to an ISP and not to them unless it is static....

    So i want to get some info stored in cookies or header info, from their computer when they click that button.

    what do you think?
    You cannot pull information off of their computer, only things that are available via standard HTML commands. Doing anything else would be considered illegal access to a protected system.

    I would think that the best thing you can do is to just ignore abusive emails, after all, you can't be on the inturweb with a thin skin. Unless they're threatening you with physical violence, then ignore it. If they do threaten you or something along those lines, then report them to their ISP, if their ISP fails to do anything about it, then report them to the NetBlock Owner, and your local LE Office.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default

    so do you have the code snippet for logging the ip addie?
    The wise man can pick up a grain of sand and envision a whole universe. But the stupid man will just lay down on some seaweed and roll around until he's completely draped in it. Then he'll stand up and go: Hey, I'm Vine Man.

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by l0gaN View Post
    so do you have the code snippet for logging the ip addie?
    What language do you need it in?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #7
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default

    just the basic HTML or PHP code would be fine
    the site is in flash not sure if that makes a difference to you...

    thank you
    The wise man can pick up a grain of sand and envision a whole universe. But the stupid man will just lay down on some seaweed and roll around until he's completely draped in it. Then he'll stand up and go: Hey, I'm Vine Man.

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by l0gaN View Post
    just the basic HTML or PHP code would be fine
    the site is in flash not sure if that makes a difference to you...

    thank you
    The only code I have is written in VbScript. The HTML code for it can be found at www.asp101.com under Server Variables. The SQL stuff you'd have to figure out how to do that in PHP, as I'm not a php programmer.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by l0gaN View Post
    just the basic HTML or PHP code would be fine
    the site is in flash not sure if that makes a difference to you...

    thank you
    Put something on your form processing page that looks similar to this:

    <?php
    $adminaddress = "your@email.com";
    $siteaddress ="http://www.yoursite.org";
    $sitename = "Your Site";
    $private_net_ip_masks = array( '10.0.0.', '192.168.', '127.0.0.', '172.16.0.' );
    if( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '' )
    {
    $ipStrings = explode( ',',$_SERVER['HTTP_X_FORWARDED_FOR']);
    foreach($ipStrings as $k => $v)
    {
    if( empty($v) )
    {
    unset( $ipStrings[$k] );
    }
    else
    { // set the first one we find as the default. Little dirty, but it works.
    if(!isset($ipString)) $ipString = $v;
    }
    }
    }
    if( isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] != '' )
    {
    $ipStrings[] = $_SERVER['REMOTE_ADDR'];
    if(!isset($ipString)) $ipString = $_SERVER['REMOTE_ADDR'];
    }
    foreach($ipStrings as $k1 => $ip)
    {
    foreach($private_net_ip_masks as $k2 => $pip)
    {
    if(strpos($ip, $pip) === 0)
    { // local ip
    unset($ipStrings[$k1]);
    break;
    }
    }
    }
    if( !empty($ipStrings) )
    {
    foreach( $ipStrings as $v )
    {
    if(!empty($v))
    {
    $ipString = $v;
    $is_local_ip = false;
    break;
    }
    }
    }
    else
    {
    $is_local_ip = true;
    }
    $ipArray = explode('.', $ipString);

    // Spit out the results
    $browser =$_SERVER['HTTP_USER_AGENT'];

    $bfanme =$_POST['bfanme'];

    // Gets the date and time from your server
    $date = date("m/d/Y H:i:s");
    // Gets the IP Address
    //Process the form data
    mail("$adminaddress","Page hit - $ipString", "$ipString has successfully filled in the form\n
    ------------------------------------------------------------\n
    Logged Info :
    ------------------------------------------------------------\n
    Using Browser Type: $browser
    IP Address: $ipString
    Date/Time: $date","FROM:$adminaddress");

    end;

    ?>


    That script will send you an email with the IP and hostname once they submit.

    Hope that helps!
    dd if=/dev/swc666 of=/dev/wyze

  10. #10
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default

    Thank you SWC

    that is great. I appreciate it.

    Streaker, thank you too. This will give me something to think about.

    The wise man can pick up a grain of sand and envision a whole universe. But the stupid man will just lay down on some seaweed and roll around until he's completely draped in it. Then he'll stand up and go: Hey, I'm Vine Man.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •