Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#81000 - 15/03/2002 06:32 Investigating an IP
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
A site that I run has a guestbook on it. Over the evening, someone left some very nasty messages. I removed one of them that was about 2 minutes old (not a lot of traffic - so nobody missed it). But the first one was up since 10pm last night - so it had to stay. I feel funny moderating the guestbook, but I know that the message was left by a rival site (which isn't too professional if you ask me).

I have the IP of the person (who posted twice under 2 different names but had the same IP). Is there any investigating I can do to find out any bits of info? I looked into one of the domains listed in an email address that the person used, but I'm guessing the email address is fake too....

They weren't vulger, so I'm not looking to contact his/her ISP, but I just want to see if I can get any clues. BTW, I blocked this person's IP from posting again. I'm thinking it was someone with a cable modem since both messages were left outside of work hours. Someone has REALLY got to hate us to logon to our site at 6am before work (and 10pm the night prior) just to talk smack!
_________________________
Brad B.

Top
#81001 - 15/03/2002 06:35 Re: Investigating an IP [Re: SE_Sport_Driver]
genixia
Carpal Tunnel

Registered: 08/02/2002
Posts: 3411
pm me the IP, and I'll take a look..
_________________________
Mk2a 60GB Blue. Serial 030102962 sig.mp3: File Format not Valid.

Top
#81002 - 15/03/2002 07:52 Re: Investigating an IP [Re: SE_Sport_Driver]
robricc
carpal tunnel

Registered: 30/10/2000
Posts: 4931
Loc: New Jersey, USA
I think the site below can tell you who owns this IP. It will probably tell you the offending person's ISP.
http://www.arin.net/whois/index.html
_________________________
-Rob Riccardelli
80GB 16MB MK2 090000736

Top
#81003 - 15/03/2002 09:50 Re: Investigating an IP [Re: robricc]
lectric
pooh-bah

Registered: 20/01/2002
Posts: 2085
Loc: New Orleans, LA
nslookup the IP. The CXA34538746 garbage is the account number. (assuming it's cable.) Contact the ISP and see if they will give you any info.

Top
#81004 - 15/03/2002 09:50 Re: Investigating an IP [Re: lectric]
lectric
pooh-bah

Registered: 20/01/2002
Posts: 2085
Loc: New Orleans, LA
BTW, has to be done in *nix.

Top
#81005 - 15/03/2002 09:51 Super Duper Long Post [Re: robricc]
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
Thanks guys. This person is REALLY getting out of hand.

Here is a little background.... (I'll keep it short.) I do a web site and do live sound (with my empeg! ) for an improv comedy troupe in Detroit. Over the years, a little rivalry has formed with another troupe. It was always profession and most people didn't even know about it. This January, the theater that we rented every week shut down when it changed owners. We have been looking for a new "home". And were recently (last week) invited to perform at a place called the Comedy Castle. This place is top notch and we were invited to perform with some stand-ups. The problem is that the Comedy Castle happens to be the competeing troupe's "home" and they have had an exclusive deal there for almost a decade. We made it known that we would love to be there and they made it known that they were pissed we were allowed to perform for even one night. (This is SO petty I can't believe it!)

Now, I probably didn't help matters when after last week's show I put a Guestbook on our page with the current topic being "Would you like us to perform at the Comedy Caslte again?" We have several hundred subscribers to our mailing list so we were getting some nice compliments. Well... the other troupe found out and got pissed. (Again, this is SO petty.) We suspect that THEY have been posting these smearing comments. Here is what they have posted so far:

In reply to:

Message #1 - Thursday, March 14th 2002 - 10:42:11 PM STILL ONLINE
By: "Steve" - [email protected] (notice the misspelling of "steves@") IP: 68.41.48.90
Saw you guys on Wednesday cuz I'm a big fan of Chris J. Newberg...but was wondering why you don't call yourself Motor City Sketch? Ridley's already has an awesome troupe that does improv every Tuesday, real improv-you should check them out!
(Such a big fan or Newberg that he wrote his name wrong! “J. Chris Newberg”)

Message #2 - Thursday, March 14th 2002 - 11:08:06 PM OFFLINE (this is the one I thought was posted at 6am)
By: "Jack S" - [email protected] IP: 68.41.48.90
(Same IP as Message #1. He is using the same computer traced to a Comcast ISP in Canton, MI)
Just saw you guys at Ridleys and I'm a regular at Comedy castle, and how could I put this nicely? you ruined my week. I didn't laugh didn't smile, you guys need some more practice sorry but I want to be honest. Well I felt better when I asked Mark Ridley for my money back after seeing your "Improv show" the next day, and he was grateful enough to do so, I suggest you guys try a local bar full or drunks before you hit the comedy clubs. (Repition in style/verbage and identical IP’s – this is the same guy.)

Message #3 - Friday, March 15th 2002 - 08:54:55 AM OFFLINE
By: "Jack S", IP: 32.97.239.14
(This IP is provided by AT&T Buisiness Broadband who sells to a lot of companies locally.)
Well I can see what kind of people you are! Thanks for deleting my comments I made about how I said MCI isn’t good enough for the big boys yet in comedy clubs, and should practice at a local bar in front of a bunch of drunks! I’ve never seen a group of people write in there own guest book and try to act like they are fans, And replying to Gilda and Steve, Steve’s right TUT is better then MCI and that’s my opinion so delete this! One more question if MCI is so good and TUT isn’t why don’t you have a home? And why every night I go to see TUT they have a sold out house? Strange….
(This one if my favorite where he refers to the post he made as “Steve”.)

Message #4 - Friday, March 15th 2002 - 09:26:21 AM OFFLINE
By: “Jack S”, IP: 32.97.239.30
(Same LAN.. he basically used another computer at work)
Well I can see what kind of people you are! Thanks for deleting my comments AGAIN I’ve never seen a group of people write in there own guest book and try to act like they are fans, And replying to Gilda and Steve, Steve’s right TUT is better then MCI and that’s my opinion so don’t delete this! One more question if MCI is so good and TUT isn’t why don’t you have a home? And why every night I go to see TUT they have a sold out house? Strange….But hey we are all entitled to are opinion
(For the record, the posts are real. Many guests are friends, but still legit.)




Both the Comcast IP (68.41.48.90) and the work LAN (32.97.239.*) have been blocked from posting to the Guestbook again. Because of dynamic IP’s and there being a trillion computers in the world, this is just a temporary fix.

Now, what I would LOVE to do is prove that someone from this other troupe did this. It would be as simple as nailing down what cities the posts were being made from. Then I could look up the cities that he works in and make the connection. Then I could send an email to the owner of that Comedy Castle and ask him to take care of it privately. I don't want to stoop to their level, but I do want to be able to prove my hunch.

Any suggestions? Should I call the A-Team?

EDIT: No real email address is required to post msg's, so I suspect they are all fake.




Edited by SE_Sport_Driver (15/03/2002 09:59)
_________________________
Brad B.

Top
#81006 - 15/03/2002 09:55 Re: Investigating an IP [Re: lectric]
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
What's *nix? On what grounds could I contact an ISP and get any info? Would I have to say or somehow suggest something in particular in order for them to give me info?

(For example, I know if you dial "0" and say "drop line" and nothing else, the operator will give you the number of the line you are calling from. if you say anything else and THEN "dropline" or ask for it - they won't give it to you.)
_________________________
Brad B.

Top
#81007 - 15/03/2002 10:21 Re: Super Duper Long Post [Re: SE_Sport_Driver]
bmiller
member

Registered: 11/04/2001
Posts: 150
Loc: Sacramento, CA, USA
It sounds to me that a topic like "Would you like us to perform at the Comedy Caslte again?" should be a feedback application and not a guestbook application.

Just my opinion.

Top
#81008 - 15/03/2002 10:24 Re: Super Duper Long Post [Re: bmiller]
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
Okay... I can call it "Feed back" or something. I tossed it together this week end in a real hurry. www.MotorCityImprov.com
_________________________
Brad B.

Top
#81009 - 15/03/2002 10:26 Re: Super Duper Long Post [Re: SE_Sport_Driver]
bmiller
member

Registered: 11/04/2001
Posts: 150
Loc: Sacramento, CA, USA
I just meant you might not want to expose everyones opinion on whether or not you should perform again on your website.
Keep it for internal purposes though.

Top
#81010 - 15/03/2002 10:32 Re: Super Duper Long Post [Re: bmiller]
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
True. I was thinking of that. We have email for that purpose as well. All of the posts have been great except for this faucher.
_________________________
Brad B.

Top
#81011 - 15/03/2002 10:34 Re: Super Duper Long Post [Re: SE_Sport_Driver]
bmiller
member

Registered: 11/04/2001
Posts: 150
Loc: Sacramento, CA, USA
..You tried to milk him, Faucher, didn't you. You sick son of a b!tch...

Top
#81012 - 15/03/2002 10:36 Re: Super Duper Long Post [Re: bmiller]
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
LOL you caught it!

Anyone have any ideas? Too bad I don't know someone that works at Comcast... it would be cool if I could find BBSs that this IP has posted to and get the guy's first name. sigh
_________________________
Brad B.

Top
#81013 - 15/03/2002 10:55 Re: Investigating an IP [Re: SE_Sport_Driver]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31597
Loc: Seattle, WA
What's *nix?

That's a shorthand way of saying any Unix variant, including Linux variants.

Guess it's kind of a bad shortand, since the name "Linux" doesn't really end with "nix", but you get the idea.
_________________________
Tony Fabris

Top
#81014 - 15/03/2002 12:16 Re: Investigating an IP [Re: tfabris]
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
So I'd need access to the server and it would have to be running *nix for me to get the guys Comcast account number?
_________________________
Brad B.

Top
#81015 - 15/03/2002 12:19 Re: Investigating an IP [Re: SE_Sport_Driver]
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
One thing I did find with his home IP is "bgp945768bgs.canton01.mi.comcast.net" as the domain name... is the bgpXXXX the account number? Canton is a town around here...
_________________________
Brad B.

Top
#81016 - 15/03/2002 12:21 Re: Investigating an IP [Re: SE_Sport_Driver]
robricc
carpal tunnel

Registered: 30/10/2000
Posts: 4931
Loc: New Jersey, USA
no, nslookup is just a way of getting the name out of an IP address. For example:

[robricc@spmicro robricc]$ nslookup 68.41.48.90

Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 209.94.100.100
Address: 209.94.100.100#53

Non-authoritative answer:
90.48.41.68.in-addr.arpa name = bgp945768bgs.canton01.mi.comcast.net.

Authoritative answers can be found from:
41.68.in-addr.arpa nameserver = NS01.JDC01.PA.comcast.net.
41.68.in-addr.arpa nameserver = NS02.JDC01.PA.comcast.net.
NS01.JDC01.PA.comcast.net internet address = 66.45.25.71
NS02.JDC01.PA.comcast.net internet address = 66.45.25.72
_________________________
-Rob Riccardelli
80GB 16MB MK2 090000736

Top
#81017 - 15/03/2002 12:22 Re: Investigating an IP [Re: SE_Sport_Driver]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31597
Loc: Seattle, WA
It is more likely that the address is one of the Comcast local terminal servers.

Just to express my opinion, I think you're starting to border on serious privacy infringement by publicly discussing this person's account details here on this forum.
_________________________
Tony Fabris

Top
#81018 - 15/03/2002 12:25 Re: Investigating an IP [Re: SE_Sport_Driver]
robricc
carpal tunnel

Registered: 30/10/2000
Posts: 4931
Loc: New Jersey, USA
I would assume the name is broken down like so:

bgp945768bgs = Random crap (maybe something the identifies when the IP was given to the user?
canton01 = An office in Canton delegates these IPs
mi = they are in Canton, MI
comcast.net = ultimate owner of this block of IPs
_________________________
-Rob Riccardelli
80GB 16MB MK2 090000736

Top
#81019 - 15/03/2002 12:28 Re: Investigating an IP [Re: tfabris]
robricc
carpal tunnel

Registered: 30/10/2000
Posts: 4931
Loc: New Jersey, USA
Tony, I agree with you. If I were this person, I would probably be pissed an IP I was using was being scrutinized in a public forum like this.


Edited by robricc (15/03/2002 12:29)
_________________________
-Rob Riccardelli
80GB 16MB MK2 090000736

Top
#81020 - 15/03/2002 12:29 Re: Investigating an IP [Re: tfabris]
eternalsun
Pooh-Bah

Registered: 09/09/1999
Posts: 1721
Loc: San Jose, CA
Actually, the origin of the *nix bleep was back in the day when the word Unix was trademarked and for use specifically by AT&T's variant and any appearance otherwise will call AT&T's army of lawyers on your ass. Things have lightened up considerably since then.

Calvin

Top
#81021 - 15/03/2002 12:40 Re: Investigating an IP [Re: tfabris]
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
Agree. No one respond to this thread. I just asked that Tony delete it. I didn't mean for it to get this far. I don't t think I'm doing too much snooping, but someone may use this info for a bad use. I don't want to stoop to, or below this guys level. I also don't want anyone doing me "any favors" by messing with this guy. I was just trying to learn how this stuff works and would like to put an end to what this guy is doing - but this may backfire.

My appologies.
_________________________
Brad B.

Top
#81022 - 15/03/2002 12:44 Re: Investigating an IP [Re: SE_Sport_Driver]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31597
Loc: Seattle, WA
I'm not going to delete the thread because there's nothing here so far that's not already publicly exposed to someone who knows how to use the tools. But I don't think it should be taken any further.
_________________________
Tony Fabris

Top
#81023 - 18/03/2002 15:50 Re: Investigating an IP [Re: SE_Sport_Driver]
redbutt2
member

Registered: 12/01/2002
Posts: 141
Loc: San Diego, CA
Check out a program called Sam Spade from Blighty Design. This is a freeware program that is designed to help you figure out who to complain to...it doesn't let you hack anyone...this is great for reporting spammer.


Edited by redbutt2 (18/03/2002 15:53)
_________________________
We need a bigger boat.

Top