First of all any advice is very much appreciated.
A stalker has been harassing a person I know quite badly, including threatening her life. This person has been stalking threw medium like LinkedIn & Facebook to the point where she has had to close down her accounts on these websites. When she did this the stalker moved on to emailing family members & friends from hushmail & other services, none of us have any idea who this could be.
I have some basic web/php/linux skills and I host a bunch of sites already, so I created a word-press blog for her with the purpose of luring the stalker to this site, logging the IP address in the apache logs, and at a minimum, finding out their geographic location. Additionally I installed a contact form plugin which also collects IP address information.
To my amazement, the stalker actually found the site, and has now submitted in excess of 12 contact forms with more threatening comments, unfortunately each time it is always the same class C subnet which is obfuscating their true IP address.
We have submitted all this information to the police, and they have said this block of IP address' belongs to a routing company - we are still waiting for more information but it sounds unlikely anything will happen here.
Does anyone has any ideas about what sort of information we could collect, and how? All I can come up with is currently logged in user, and machine name. I intend to try and only collect information if the user is coming from this known subnet, as I do not want to invade anyone else's privacy.