Assistance Pinpointing an Anonymous User

Posted on 2006-04-06
Last Modified: 2010-04-11
Ladies and Gentlemen,

       I am an executive for a small non-profit enterprise.  One of our affiliates is being confronted with slanderous attacks stemming from the "comments" form on their website "contact us" page and through an anonymous <My> poster. We believe these attacks are coming from a single individual. A NuVox Communications branch in Greenville, SC. provided the IP Address employed to address our web site. The email address inserted at our web site is <>; we believe it is fictitious.

Our associates made several attempts at contacting this individual for their name via their <My> site without success. My goal is to contact the person and try to address these issues with out any litigation, if possible.

Our enterprise would be grateful, if anyone can provide sources that can help us LEGALLY pinpoint this person outside of seeking a legal remedy. Thank you for your prompt and expert response in this urgent matter and have an excellent day!

Very Respectfully

Question by:SOPS07
    LVL 9

    Expert Comment

    You could start by entering the IP address in the WHOIS database.  It mightlead you to some useful information.
    LVL 42

    Expert Comment

    if you have the IP address, then you have the identity of the computer/internet account from which the posting came.

    you can do a lookup to see what company owns the IP. has this capability.  use the WhoIS function.  the results will probably also give you a way to contact the internet service provider (ISP)
    you would need to contact the ISP and see if they can tell you the information you are looking for.

    in many cases, the ISP will refuse.  i know the RIAA had to sue ISP's in order to get the identities of people who were using peer to peer services for downloading music.
    LVL 5

    Expert Comment

    LVL 1

    Expert Comment

    Contact the ISP and Myspace lodge a formal complaint these companies.  They may be able to take actions of their own to eliminate this problem.
    LVL 23

    Accepted Solution

    There's nothing you can do.  The sender is most likely to be using a SPAM relay to send these emails, and as such, the sending IP will only take you to an insecure mail server that the sender happens to be abusing.  
    The police are unlikely to help either, unless the email is relating to illegal content (terrorism, child porn, drug trafficking), but it's more than likely they would already know about this, as they monitor most of the major internet trunks in the world for stuff like this all the time.
    I learnt to accept offensive emails a long time ago - it's either that, or no emails at all...
    If you're keen on finding out more about tracing email headers, look at  This will let you cut and paste the entire mail into a website, and will give you the IP address of the insecure relay.  But where do you go then?  You're stuck...
    LVL 4

    Assisted Solution

    Regarding the page.

    CAVEAT: This is a lot of information, and it really all hinges on if the attacker's myspace page has some customization on it, rather than the drab default page.  This is all information I've collected for use in a seminar I'm putting together for high-school and junior high students.  All in the hopes of educating them on how to protect themselves in the digital age, however I thought a deeper technical look might assist you in this instance.

    You stated this person has a page on Myspace?  Depending on how much this individual has customized their webpage, you might be able to gather additional information from items placed on the page.

    Myspace doesn't allow you to host any files on their server (except for the items under the "pics" section), so in order for you to have the fancy background images, you need to host them somewhere else.  These images are usually hosted at a free image hosting site like  You MIGHT get lucky in that this person got cocky and is hosting the images on their personal server or on a server belonging to their company (which would give you another avenue of investigation).

    You can try to open the top level of the directory where the images are hosted to see if they have accidentally allowed the public to view the files, you might get super lucky and find pictures of your possible offender, or at least images that might assist you in narrowing down your list of suspects.

    For example, if the picture of their background is hosted at photobucket, and the url for it is you can try entering just the into your browser and see if there are more pictures available for public viewing.

    Additionally, If there are images posted that are of the JPG standard, you might be able to open them in an advanced image viewer and read the EXIF information within the picture.  EXIF is basically extra info that digital cameras put into a picture, and it can sometimes give you a timestamp of when the image was taken, what model of camera was used, and the settings on the camera on the time the picture was taken.

    Why is the EXIF information important?  Well, if the user has password protected the photobucket album, you can't see any of the images UNLESS YOU KNOW THE FILENAME.  Therefore, if the images follow the standard naming convention of the digital camera manufacturer, you can use yet another program to auto-download images based on the possible combinations on the filename.

    P.S. As you had stated, these are all completly legal methods, and simply involve a more intimate knowledge of the technologies involved.

    LVL 4

    Expert Comment

    Have you had any success with any of the methods posted thus far?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now