A visitor to our site has posted abusive messages and I wish to block them but I'm not sure there's much I can do besides blocking their IP address (and even that won't help much).
After analysing the logs, I can see the IP address was:
79.147.70.12/12.Red-79-147-70.dynamicIP.rima-tde.net
Is this dynamic IP used for blocking a users location or something? Any help greatly appreciated.
It appears to be a dynamically allocated IP address for a customer of Telefónica who is, as far as I understand, a Spanish ISP.
If what that user did was thoroughly evil to the point of being illegal, then you could complain, launch the judicial machinery, and force them to retaliate on the offender. Otherwise, there is not much to do; you cannot block him efficiently because dynamic IP may change. To some extent, that's what you deserve by accepting that anonymous visitors post messages to your site: if you allow even the worst morons to post on your site, well, they will.
Edit: actually, there is a lot you can technically do, but it would be both illegal and risky. For instance, if the perpetrator comes back and is an amateur (i.e. a real human using a real Web browser) then you could track him with cookies, inject hostile Javascript in what your server sends him, and things like that. But that's uncourteous, somewhat puerile, forbidden by Law (you are not supposed to "fight back"), and has a high risk of collateral damage. Quite possibly, the IP you saw was that of an innocent bystander who just happens to have a computer infected with malware, turning it into a relay host for evildoers.
12.Red-79-147-70.dynamicIP.rima-tde.net is the hostname (from rDNS). 79.147.70.12 is the IP.
All you can really do with an IP is find out who is responsible for the IP block with a whois lookup:
inetnum: 79.144.0.0 - 79.147.255.255
netname: RIMA
descr: Telefonica de Espana SAU (NCC#2007091101)
descr: Red de servicios IP
descr: Spain
country: ES
admin-c: ATdE1-RIPE
tech-c: TTdE1-RIPE
status: ASSIGNED PA
mnt-by: MAINT-AS3352
mnt-lower: MAINT-AS3352
mnt-routes: MAINT-AS3352
source: RIPE # Filtered
role: Administradores Telefonica de Espana
address: Ronda de la Comunicacion s/n
address: Edificio Norte 1, planta 6
address: 28050 Madrid
address: SPAIN
org: ORG-TDE1-RIPE
admin-c: ATDE1-RIPE
tech-c: TTDE1-RIPE
nic-hdl: ATDE1-RIPE
mnt-by: MAINT-AS3352
abuse-mailbox: nemesys@telefonica.es
source: RIPE # Filtered
role: Tecnicos Telefonica de Espana
address: Ronda de la Comunicacion S/N
address: 28050-MADRID
address: SPAIN
org: ORG-TDE1-RIPE
admin-c: TTE2-RIPE
tech-c: TTE2-RIPE
nic-hdl: TTdE1-RIPE
mnt-by: MAINT-AS3352
abuse-mailbox: nemesys@telefonica.es
source: RIPE # Filtered
route: 79.147.0.0/16
descr: RIMA (Red IP Multi Acceso)
origin: AS3352
mnt-by: MAINT-AS3352
mnt-routes: MAINT-AS3352
mnt-lower: MAINT-AS3352
source: RIPE # Filtered
That's the person's ISP. You could try reporting the incident to their abuse mailbox, but they probably won't care. If you really want to go nuclear you could block the whole block, but then you'd have blocked the whole block, possibly for legit users, and the abuser could easily avoid this block with a proxy.
My favourite tactic with these kinds of guys is to create a click-to-block admin utility on my website. When the person is blocked, the site gives a 500. It doesn't tell them that they're blocked. The block lifts automatically depending on how many times you've blocked that IP. (e.g, 1 day, 7 days, 1 month, 1 year)
The nice part about it is that they might not try using a different address. It's especially frustrating if they're trying to DoS you.
There are more advanced techniques, but the idea here is that there's less effort for you to block them than it is for them to change addresses.
A mildly sophisticated attacker can circumvent, but it honestly hasn't actually been a problem for me.
(o.b. answer: it's not worth tracking them down)
Short answer: you can not do anything. (because its a dynamic ip address)
Long answer: you can prevent this behavior by allowing only registered users and users with good history to post any messages, newly registered users can not post messages unless they are reviewed first.
