How To Retrieve the IP Address of a Visitor

One of the site's greatest features is the online email form.  It allows people to very quickly contact somebody without having to open a separate email program.  Thousands of people use this feature for good purposes across the MBSportsWeb network every day.
 
However, every once in a while somebody will use the email form to send a message which contains hurtful and / or hateful, and in extremely rare cases even criminal content; and they will use a fake email address so there is no way to respond.
 
As disturbing as this cowardly act can be towards the recipient, getting any sort of retribution may not be worth the time and effort.
 
However, if there is a desire to try to identify the individual who may have sent that message, there may be ways to locate the IP address of the computer which would have been used to send the message.
 
Note: This may only be possible if the person used the email form on the website.  If they sent a direct email to somebody from their own email program (or from a temporary / fake webmail account) then the IP address will not be captured.
 
Another Note: It is also possible, and relatively easy, to disguise an IP address or to prevent our analytics software from capturing an IP address.  We won't say what they are here because we don't want to give people ideas - but just be mindful that if we can find an IP address it may not be real either.
 
Nearly all MBSportsWeb sites come with an online traffic analytics service called Clicky.  This allows site administrators to track, in real-time, visitors on their site and collect basic technical information about each visitor - including their country of origin, browser, operating system, and IP address.
 
In order to track down a visitor within the Clicky logs for a site, the exact date & time of the email will need to be known.  All emails generated by the site include this information at the top of the message body.
 
With the exact date & time in hand, go to Manage Site Content -> (organization site) -> Real-Time Web Analytics to open the Clicky stats pages.  Use the date range picker in the very top-right of the page to get to the stats for the single date the message was sent.  Then click the "Visitors" tab in the menu, which provides a list of all the visitors to the site in that day and how many "actions" they had.  Those visitors will be sorted by arrival time, so use the pages at the bottom to go backwards in time as needed to find the approximate time the person might have started their visit.
 
Hint: It would take at least two "actions" in order to send the message - one to visit the page containing the link to email somebody and another to use the email form itself.  There might be more than two actions, but there will definitely be at least two.  In the past, people who have abused the email form tend to have relatively short visits so their arrival time will be relatively close to the time the email was triggered.
 
The Clicky visitor log allows for a visitors "actions" to be viewed on the page by clicking the arrow next to their number of actions.  From the window the appears there, if they visited a page with an address starting like "/Utils/SendMail.aspx?..." then that will be the email form on the site.  If the time they visited that page is very close to the time of the email being sent, then chances are that they were the ones who sent the message.
 
From there, click the "View This Visit" link in the top-right of the visitor detail window (above the map).  This page will reveal the IP address of the computer used, their locale (sometimes even the city), their ISP, browser, operating system, and their complete history of actions for that visit.  This page has a save icon in the top-right which can be used to create a PDF document if necessary to provide as evidence.
 
One Final Note:  The IP address of a computer in a school or corporate environment will probably be shared among all the computers in the same building.  Even in a single household if there are several computers under the same roof they would all share the same outside IP address.  It may not be possible to isolate a single computer, and even then, it may not be possible to prove who was sitting behind the computer at that time.
 
 
 

Add Feedback