How to catch a Spammer?

The procedure is simple: take a prepared E-Mail address which contains IP, date and time of the website access. Hide this address inside the HTML-Code, that a normal visitor cant see it, and wait until you receive Spam by this E-Mail address. On the basis of IP, date and time of the website access, we can find out the spammer's provider to take steps against the spam, on the condition that the spammer does not use an anonymizing proxy server like Tor or JAP.

Example:

Your current IP is: 38.107.191.104 and you have accessed this website at date: 07/31/2010 time: 14:13:21

These 3 informations are enough. Now we use a small PHP-Script to create the mailto-Link. To hide the link inside the browser, we leave the link text (between <a> and </a>) free. First of all we use the PHP-functions date() and time() to create a formatted date and time output, and the Server variable $_SERVER['REMOTE_ADDR'] to get the actual IP.

Result: the HTML-Code contains just about the following link:

Now we try to reduce the length of our mailto-link, because a spammer could ignore a long E-Mail link. First, we use the PHP-function time() to get the Unix-Timestamp, which contains the number of seconds elapsed since midnight UTC of January 1, 1970. Then we use dechex() to convert the timestamp into an 8 characters long (4Byte, 32Bit) hexadecimal value. At last, we use ip2long() to convert the IP into a 32Bit long value, and dechex() to convert the value into an 8 characters long (4Byte, 32Bit) hexadecimal value.

Result: the HTML-Code contains just about the following link:

That should be enough. Ok, we could also remove the string info and both hyphens, to get a 6 characters smaller E-Mail address. In future, we could use the PHP-functions long2ip() and hexdec() to convert the string back into the previous values.

Proxy or real IP?

With the following PHP-script we try to find the real IP behind an open proxy:

Note: on the condition that the spammer does not use an anonymizing proxy server!