RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
I got an email from a Web client of mine. He had received a hundred emails with death threats through the contact form on his site, and I had to try to track down who they came from.
After poring through the raw server logs for a while, I found the record. The individual had used some mail flood application for MacOS and just had it send the same message a hundred times. (Reminder to myself: Add that User Agent to the banned list in the .htaccess file and find out why the mail flood protection didn't kick in.)
The IP was a dynamic IP belonging to Charter, so I sent the messages and that portion of the logs to abuse @ Charter and to my client in case he wanted to go to the cops with it. But then I looked at the logs again and found that the individual had arrived on the site by doing a Google search for his own name, which led to an old customer testimonial about him on my client's site.
As it happens, it turns out he was a disgruntled ex-employee with an ax to grind. I guess he didn't know that the server logs reveal not only which site referred a visitor, but also what search terms were used if the referrer was a search engine. Long story short, not only his IP, but also his name are in the server log.
I doubt anything will come of it. My client's kind of a laid back sort of guy, and the ex-employee probably just got home drunk from a bar when he decided to do it (it happened around midnight last night). I don't know if Charter will do anything, either. Still, were it not for the threatening nature of the messages, it would have been mildly amusing that he left a trail to himself in the server logs.
Rich
After poring through the raw server logs for a while, I found the record. The individual had used some mail flood application for MacOS and just had it send the same message a hundred times. (Reminder to myself: Add that User Agent to the banned list in the .htaccess file and find out why the mail flood protection didn't kick in.)
The IP was a dynamic IP belonging to Charter, so I sent the messages and that portion of the logs to abuse @ Charter and to my client in case he wanted to go to the cops with it. But then I looked at the logs again and found that the individual had arrived on the site by doing a Google search for his own name, which led to an old customer testimonial about him on my client's site.
As it happens, it turns out he was a disgruntled ex-employee with an ax to grind. I guess he didn't know that the server logs reveal not only which site referred a visitor, but also what search terms were used if the referrer was a search engine. Long story short, not only his IP, but also his name are in the server log.
I doubt anything will come of it. My client's kind of a laid back sort of guy, and the ex-employee probably just got home drunk from a bar when he decided to do it (it happened around midnight last night). I don't know if Charter will do anything, either. Still, were it not for the threatening nature of the messages, it would have been mildly amusing that he left a trail to himself in the server logs.
Rich
Last edited: