Email Tracking

[l0gaN]

Hello all,

I did some searching on this but came up empty. So let me know what you think.

On our website there is a form for contact us. When someone sends us a msg from that form it doesnt include their email info since it is using our SMTP to relay the msg.

So when someone comes in and types a nasty msg or something vulgar then sends it with a bogus address is there a way to trace an email like that back to find out where it originates from?

We have checked the logs on server for the times the email says it was sent so we get an idea of where the IP is from. there is not much traffic then when that msg is sent there are a few IP's in the log. One leads to an ISP... blah blah... but is there a way to trace back to determine where the email originates from?

Thank you for your help...

[streaker69]

Hello all,

I did some searching on this but came up empty. So let me know what you think.

On our website there is a form for contact us. When someone sends us a msg from that form it doesnt include their email info since it is using our SMTP to relay the msg.

So when someone comes in and types a nasty msg or something vulgar then sends it with a bogus address is there a way to trace an email like that back to find out where it originates from?

We have checked the logs on server for the times the email says it was sent so we get an idea of where the IP is from. there is not much traffic then when that msg is sent there are a few IP's in the log. One leads to an ISP... blah blah... but is there a way to trace back to determine where the email originates from?

Thank you for your help...

If they're using a webform on YOUR server to send you mail, then the mail comes from YOUR server, and no where else. What you need to do is what I set up on a couple of websites. Everytime an email is sent through the webform, the IP address of the person that filled out the form is logged to a database. The IP address can be gotten using basic HTML functions and inserted into a database using basic SQL commands.

This will work as long as they're not using an anonymous proxy server to browse your site.

[l0gaN]

Streaker,

Do you happen to have that code snippet handy?

the problem is that i don't want just their IP addie, because most likely the IP will lead to an ISP and not to them unless it is static....

So i want to get some info stored in cookies or header info, from their computer when they click that button.

what do you think?

[streaker69]

Streaker,

Do you happen to have that code snippet handy?

the problem is that i don't want just their IP addie, because most likely the IP will lead to an ISP and not to them unless it is static....

So i want to get some info stored in cookies or header info, from their computer when they click that button.

what do you think?

You cannot pull information off of their computer, only things that are available via standard HTML commands. Doing anything else would be considered illegal access to a protected system.

I would think that the best thing you can do is to just ignore abusive emails, after all, you can't be on the inturweb with a thin skin. Unless they're threatening you with physical violence, then ignore it. If they do threaten you or something along those lines, then report them to their ISP, if their ISP fails to do anything about it, then report them to the NetBlock Owner, and your local LE Office.

[l0gaN]

so do you have the code snippet for logging the ip addie?

[streaker69]

so do you have the code snippet for logging the ip addie?

What language do you need it in?

[l0gaN]

just the basic HTML or PHP code would be fine
the site is in flash not sure if that makes a difference to you...

thank you

[streaker69]

just the basic HTML or PHP code would be fine
the site is in flash not sure if that makes a difference to you...

thank you

The only code I have is written in VbScript. The HTML code for it can be found at www.asp101.com under Server Variables. The SQL stuff you'd have to figure out how to do that in PHP, as I'm not a php programmer.

[imported_wyze]

just the basic HTML or PHP code would be fine
the site is in flash not sure if that makes a difference to you...

thank you

Put something on your form processing page that looks similar to this:

<?php
$adminaddress = "your@email.com";
$siteaddress ="http://www.yoursite.org";
$sitename = "Your Site";
$private_net_ip_masks = array( '10.0.0.', '192.168.', '127.0.0.', '172.16.0.' );
if( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '' )
{
$ipStrings = explode( ',',$_SERVER['HTTP_X_FORWARDED_FOR']);
foreach($ipStrings as $k => $v)
{
if( empty($v) )
{
unset( $ipStrings[$k] );
}
else
{ // set the first one we find as the default. Little dirty, but it works.
if(!isset($ipString)) $ipString = $v;
}
}
}
if( isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] != '' )
{
$ipStrings[] = $_SERVER['REMOTE_ADDR'];
if(!isset($ipString)) $ipString = $_SERVER['REMOTE_ADDR'];
}
foreach($ipStrings as $k1 => $ip)
{
foreach($private_net_ip_masks as $k2 => $pip)
{
if(strpos($ip, $pip) === 0)
{ // local ip
unset($ipStrings[$k1]);
break;
}
}
}
if( !empty($ipStrings) )
{
foreach( $ipStrings as $v )
{
if(!empty($v))
{
$ipString = $v;
$is_local_ip = false;
break;
}
}
}
else
{
$is_local_ip = true;
}
$ipArray = explode('.', $ipString);

// Spit out the results
$browser =$_SERVER['HTTP_USER_AGENT'];

$bfanme =$_POST['bfanme'];

// Gets the date and time from your server
$date = date("m/d/Y H:i:s");
// Gets the IP Address
//Process the form data
mail("$adminaddress","Page hit - $ipString", "$ipString has successfully filled in the form\n
------------------------------------------------------------\n
Logged Info :
------------------------------------------------------------\n
Using Browser Type: $browser
IP Address: $ipString
Date/Time: $date","FROM:$adminaddress");

end;

?>


That script will send you an email with the IP and hostname once they submit.

Hope that helps!

[l0gaN]

Thank you SWC

that is great. I appreciate it.

Streaker, thank you too. This will give me something to think about.