All Help Files > Tracing the Origin of IP Addresses

Tracing the Origin of IP Addresses

In the Tendenci event logs you will see several IP addresses. IP Addresses identify the computer a particular activity allegedly took place on.

The server IP address is used to identify which server is the host for your website. Because the servers are behind a firewall (like all servers these days) this will be an internal IP address that does not resolve directly on the Internet. Call for more on that.

The "user IP Address" is the computer doing the action (most of the time, more on this below).

A few things you can do with the "user IP Address" include.

  1. Use a trace application like NeoTrace to determine the probable location of the originating IP address. No trace does a nice job of visually showing you the "hops" between your computer and the destination. I like Neotrace to quickly determine where latency, the slowdowns, are occurring. This explains why a website can be fast for one person but slow for another - the paths are different and a bottleneck exists for one of the two people.
  2. Use a command-line utility like tracert to or ping to see if that IP address responds. Most computers will NOT reply to a ping but tracert works on numerous networks at least up until the gateway. The Wikipedia page on tracert is helpful with tracert examples.
  3. Use sites like the ones below to learn more about the IP address owner. Of course, you have no way of knowing the location prior to doing a look-up, but the good news is ARIN will point you at Apnic if it doesn't own the IP address itself. So here are two starting points.
    1. Arin.net to look up who owns a given IP Address in the Americas.
    2. Apnic.net to look up who owns a given IP Address in Asia.
  4. You can test how your own IP Address looks on the Internet using Gibson Research's Shields Up web test utility. This won't give you any information about your Tendenci site, but it is very informative and a great place to start to learn more about IP Address security.

A few other thoughts - most attacks and nefarious activity on your site will be from spoofed IP addresses (meaning faked) or from zombie computers that are carrying out the orders of another computer entirely. In other words, pretty much you lose without calling in a network administrator.

Still - you can do preliminary research and record links (links!) to relevant content. Just don't bet the farm on the accuracy of your research. Things are not as they appear on the Internet, unfortunately. So do some research and then call in your ISP to let them continue the defense.

 

 

Contact us to upgrade to Tendenci

The open source solution chosen by associations around the world.

Want to talk? (281) 497-6567

Sign up for Tendenci - The Open Source AMS

No per user pricing. Unlimited admins.

Demo Now

Have Questions?

Contact us!

Site Search



Recent News

I agree

Our site saves small pieces of text information (cookies) on your device in order to deliver better experience and for statistical purposes. You can disable the usage of cookies by changing the settings of your browser. By browsing our website without changing the browser settings you grant us permission to store that information on your device. See our Privacy Policy