โ† Back to All Articles

๐Ÿ›ก๏ธ How I Tracked and Blocked a Fake Article Submission on ausjournal.com

By Dr Pritam Gajkumar Shah admin@cyberpritam.com Posted on 14 May 2025
Area of Article:
Digital Forensics and Indenity Traces

By: Dr.Pritam Gajkumar Shah
Area of Article: Web Security and Admin Tips
Posted on: 14 May 2025


๐Ÿ” Introduction


Web security is not just about firewalls and SSL certificates. Even small features like a public submission form can be exploited. In this real case, someone misused the article submission form on my journal site ausjournal.com. Here is the complete journey of how I investigated it using cPanel, identified the attacker’s IP, traced their location in Brazil, and protected the system from further misuse.


๐Ÿงพ Step 1: I Noticed a Suspicious Article


One of the articles looked like gibberish and stood out immediately on the published tech articles page.



Clearly, someone was testing or abusing the system by submitting randomly generated content.


๐Ÿ“Š Step 2: I Investigated with cPanel Visitor Logs


Next, I logged into my web hosting control panel (cPanel) and went to:


Metrics → Visitors


This only gave me a list of visitors but didn’t show the person who posted the article.


๐Ÿ“ Step 3: Downloaded Raw Access Logs


So, I went one level deeper and opened:


Metrics → Raw Access Logs

I downloaded these log files:


accesslog_ausjournal.com_5_14_2025.gz
sslaccesslog_ausjournal.com_5_14_2025.gz


I extracted them using 7-Zip and opened in VS Code. Then I searched using the keyword:


submit_tech_article.php


๐Ÿ”Ž Step 4: I Found the IP Address Behind the Submission


Here’s the entry that showed who made the POST request:


187.110.235.242 - - [14/May/2025:00:28:15 +0530] "POST /submit_tech_article.php HTTP/1.1" 302 -

The user then immediately viewed the articles, confirming they were checking their own submission.


๐ŸŒ Step 5: I Traced the IP Using IP2Location


I pasted the IP into IP2Location. Here’s what I found:



Country: Brazil
City: Tauá, Ceará
ISP: DB3 Serviços de Telecomunicações S.A
Proxy: No (this is a real user)


๐Ÿง  Tip: If the IP was a proxy or VPN, it would be harder to trace. But this user used a direct ISP connection.

๐Ÿ” Step 6: I Blocked the User Immediately


To stop this user from further posting, I blocked their IP address by editing my .htaccess file:




Order Allow,Deny

Allow from all

Deny from 187.110.235.242

This prevents them from using the form again.



 


๐Ÿ“ Final Thoughts


This event reminded me how even small websites need strong security. A single unprotected form can allow bad actors to misuse your platform. But with the help of logs, IP tracing, and smart prevention steps, any website admin can stay in control.


๐Ÿ”‘ Keywords


IP Trace

cPanel Security

submit_tech_article.php

Fake Article Protection

PHP Admin Tools

ausjournal

If you're a webmaster or educator and have a similar story, feel free to share it on ausjournal.com to help others stay secure online.

๐Ÿ“Ž Related Articles