But.. you’re not. ;)
Let me preface this post with a little story. When I was about 16, I attended a church. One day I found an anonymous letter in my letterbox which was pretty unpleasant – *though I don’t remember any of the details now. The person thought they were anonymous, but when I gave the letter to the church pastor, he recognised the handwriting – and thus anonymous was found to be a nasty beyotch named Michelle. No offense to people named Michelle, but I’ve found it a bit hard to trust people with that name ever since. It’s not you. It’s me. Its my stuff.
So when Kelley posted on her blog that someone calling themselves “concerned” had written her a nasty letter full of unpleasantness, I commented could she please give me some information and maybe I could track down who wrote it. And because I am awesome and have mad skillz, I did manage to track down the writer. And now Kelley knows who it is, and I assume it won’t be too long before the entire interwebz knows who it is also. Word like that tends to spread.
Everywhere you go, everything you do, you leave behind a few vital details. Like your IP address, the time you visited, what browser and operating system you run. Your IP address can be used by the police and your internet service provider (and by scambaiters like me who know what they are doing) to track you down. That is how they arrested all those pedophiles not so long ago – there was a page on the internet that a lot of pedophiles visited, and the federal police came knocking on the door of the people who visited it.
For example, here is a line from a server log – me visiting Kelley’s blog and my browser grabbing her Favicon.
121.44.XX.XX – – [20/Jul/2008:11:41:34 -0500] “GET /favicon.ico HTTP/1.1” 404 25192 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16”
Note – I have XX out a couple of the numbers, because I am on a static IP address and I have been on it for a decently long time, and I don’t want to give that IP address to the scammers because it can be used to do port scans and other rather nefarious activities.
So every website you visit your browser sends a whole heap of GET requests off to the server, and the majority of servers log all of this information. Also, when you visit a blog and leave a comment, most blogging software keeps a record of the IP address. This is always worth keeping somewhere in case you need it another time – mine all go to a gmail account so I can easily search it and don’t have to worry about storage.
When you visit forums – say for example the Aussie Bloggers forums – your IP address is logged. If you were to leave a message that was abusive, the forum admins might report that to your Internet Service Provider. And for those of you who think you can use a proxy to access the forums and leave abuse – sorry, we get *both* IP addresses, the proxy and your real one. So there is nowhere to hide.
Also, interestingly, when you send emails (unless you know what you are doing like I do, otherwise I would not be emailing the scammers) your IP address will appear in the header of those emails.
So, when you think you are anonymous and you send an anonymous email to someone – say Kelley, for example – what happens if you’re not actually anonymous, and you can be traced? Well, I guess what happens is, I know who you are. And I do know who you are, Concerned. Will I tell people? Maybe I will. Hope that keeps you awake at night.
Would you like a piece of unsolicited advice “Concerned”? If I were you (which I would NEVER be, I believe anonymous letters are lame and horrible and creating bad Karma for yourself) I would confess that you did this on your blog now. People might feel sorry for you if you do that. Probably not too many, but maybe you can manage to tell enough of a sob story that you can keep a few friends.
And here’s some more advice. Get a life. I can’t believe you spent at least 4 hours solid viewing Kelley’s website. For those of you interested, here’s just one hour of the viewing – of course to save you headaches I have just put the time and the get request.. You need to add +10 (or so) to the actual times – so this happened between 7pm and 8pm Australian Eastern Standard Time.
[07/Jul/2008:09:02:58] GET /page/25/ HTTP/1.1
[07/Jul/2008:09:10:06] GET /page/26/ HTTP/1.1
[07/Jul/2008:09:17:47] GET /page/27/ HTTP/1.1
[07/Jul/2008:09:21:09] GET /page/28/ HTTP/1.1
[07/Jul/2008:09:28:04] GET /page/29/ HTTP/1.1
[07/Jul/2008:09:33:18] GET /page/30/ HTTP/1.1
[07/Jul/2008:09:39:53] GET /page/31/ HTTP/1.1
[07/Jul/2008:09:43:53] GET /page/32/ HTTP/1.1
[07/Jul/2008:09:48:46] GET /page/33/ HTTP/1.1
[07/Jul/2008:09:51:05] GET /page/34/ HTTP/1.1
This person read back 56 pages. In order. Over 24 hours. Viewing the log made the hair on the back of my neck stand on end.
So if you happen to have a blog that is hosted by me, and someone sends you an “anonymous” email, please contact me immediately and I will give you instructions on how to get me the info I need from the email. Whatever you do, don’t delete the email. I know that might feel like the right thing to do because when you get an email like this it feels horrible, but identifying people like this is one of the best ways to stop people from doing this kind of stuff. They might not stop with just one anonymous letter.
*I seem to be having some problems with my memory but that is a whole ‘nother post for another day.. ;)
Makes me wish you were hosting my blog :) Seriously though, it is good to know that these meanies can’t get away with being anonymous. For goodness sake people – if you have something to say, at least have the decency to sign your own name….
Oh Snos, SCARY stuff. Poor Kelley, as if she doesn’t have enough on her late.
I’m gonna email you right ow as I’ve been thinking about something similar the past couple of days.
how about… a simple anti-virus with firewall to protect against port scans?
Also, how about not doing all this nasty stuff in the first place, “Concerned” and similar ^_^ be nice to your fellow humans :p then you’ll have nothing to hide from the authorities.
Why is it that people who want to say nasty things are always called “Anonymous”? I have never understood why anyone would send a mean e-mail or comment. If you don’t like something, just move onto the next blog! Legitimate debate is one thing; anonymous meanness is another thing altogether.
la la la la – I would love to believe that there aren’t really people like that in the world, and am constantly surprised when people do such nasty stuff – nice to know that there are ways an means for “the pastor to recognise the handwriting”.
I linked to you from Kelley’s blog. I like that you were so vicious in your comment.
Anyway, I’ve looked back over a few of your posts and find you even more fascinating. I loved all the info about what to do in a plane crash and everything.
I’ll be stopping by more often!
Natovr – just so you know, your comment ended up in Akismet. I fished you out when I spotted it. ;)
Unfortunately an anti-virus / firewall does not protect you from people scanning your ports – once they know your IP address they know where to scan. While I’m sure our security is up to snuff, these people come up with new stuff regularly and why take the risk? Besides, they’re my private orifices, and I’d like to keep them away from prying eyes.. ;) I’m no Britney flashing her ports everywhere she goes. Decorum is very important.. ;) Even when we’re just talking about ports on a computer VS the celebrity meat purse kind of ports..
Thanks for your comments all, it hasn’t been a particularly fun week with this and a couple of other events that happened. I appreciate your support. ;)
Well done for managing to track down ‘concerned anonymous’, snos. You set a good example to us all by the way you are always helping others out.
I am so sorry Snos, I thought I commented on this. Thank you again for your help :)
Unfortunately however tracking by IP isn’t as easy as it once was since most of the world is on dynamic IPs now. Without the cooperation of the service providor and the ability to view their logs – it’s more and more difficult to match up the address to an actual human being. Not always impossible, but certainly more difficult. Often the best you can do as mere mortals is match a particular bad deed to another set of logs and use that to cross check other public data sources and sometimes get lucky. If you’re in law enforcement, you can usually get a street address from the service provider.
Gone are the days when I tracked a hacker through several systems in the states, a couple in Europe, onto the DECnet, back onto the ARPA in Washington D.C, then ultimately to a dial-in phone line at a University in Sweden. I was able to obtain a name and address for the account attached to the dialup thanks to one of the University computers.
Oh, and I was sitting at a gas station in the middle of Utah with a 1200 baud modem and a portable terminal in the middle of the night. I was darn proud of the accomplishment, but the Swedish authorities were clueless, didn’t understand the crime – and so no arrests were ever made.
Then there were the mischievous students in Minnesota. Breaking into multiple computers and wiping files doesn’t make you many friends. Those of us who were known sysadmins on the net of the time could call one another on the phone and get another sysadmin to tell us who was connected to a particular port at a particular time. You don’t have that level of cooperation anymore. I made the San Francisco Chronicle front page when they went to jail.