Actions against fraude

**Pixelation** · 07-28-2004, 05:15 PM

Hello everyone,

Let's share some ideas on how to prevent fraude. By this I mean protecting your webhosting companies against fraudulent payments and getting into trouble with reversed payments etc.

Here's what I do. As you can read on my signup page (http://www.pixelhosting.net/signup.php):

Please note your IP (x.x.x.x) is being logged and checked for IP location. If the location of your IP and the location of your PayPal account do not match, we will be forced to reject your payment. Your IP will also be checked for potentional proxy activity. You don't have to worry about this unless you are using an anonymous proxy server to connect trough. If this is the case, please disable your proxy server and refresh this page.

The email address you enter here MUST be the same as your PayPal address in order to accept your order.
Please try not to use free email services such as Hotmail and Yahoo, it will cause us to investigate your payment more deeply and will slow down the activation of your account.

So then I use this website to track the location of their IP (which is reliable according to my experiences): http://www.geobytes.com/IpLocator.htm
So for example, when the signup form sais someone is from New York and the IP location says Japan, something isn't right

Also the PayPal email must be the same as the signup email, so the account info will be sent to the PayPal email. Some frauders don't have access to that email address. (Adding another email address to the PayPal account will warn the actual owner of that account on the primary address so they don't do that either).

ALOT of frauders are using Yahoo and other free email services (however not all of them) so therefor I ask people to not use Hotmail/Yahoo email addresses if possible, just to scare the frauders off and let them see that we're serious, lol

Haven't received any attempt to fraude since I've put up this system

So it works... I've used to have ALOT of attempts when people tried to purchase the biggest package several times in a row but didn't receive any payment.

Comments, suggestions, etc are welcome.

**Tris** · 07-28-2004, 05:19 PM

Well I use same method as you. IP location compared to credit card location. I generally dont use paypal... but a few of my customers do. I use Authorize.net and they handle a lot of it for me.

But general things like no instant activation helps a lot

**Pixelation** · 07-29-2004, 05:38 AM

instant activation is the worse you can do.
I only use PayPal since a few months ago.

**Tris** · 07-29-2004, 05:52 AM

Instant activation brings scammers along

**Pixelation** · 07-29-2004, 01:51 PM

I used to run a shell accounts company too: www.pixelshells.net (now pointing to my hosting website). The reason why I quit the shell accounts company is because of too much problems with fraude (PayPal and regular Credit Card fraude). Now that I know more about how to handle fraude I wish I could restart my shell company, however I think people will be scared now since I gave up already once

Anyway, if someone is interested is opening a process hosting company (shell accounts, ircd's, eggdrops, etc), feel free to contact me. If I think you're a reasonable guy with experience in the hosting scene, we might form a team and start up a new company

**Tris** · 07-29-2004, 01:56 PM

well I think shell encourages to many hackers etc thats why you get all the fraud.

**Pixelation** · 07-29-2004, 02:05 PM

Yeah I know. But I would prefer the word 'scriptkiddies' instead of hackers

I still believe that it is possible to handle them with anti-fraude actions.

**Tris** · 07-29-2004, 02:15 PM

well hackers use shell as well. Hackers generally arnt bad but script kiddies are. They fit into the cracker part of things..

**Pixelation** · 07-30-2004, 12:48 PM

Hackers can be bad too, it depends... There are 3 types of hackers:
Whitehat hackers (they aren't bad, they just report security leaks)
Grayhat hackers (they are bad and good, they report security leaks but they also abuse it behind your back, while they let you think they are a whitehat hacker)
Blackhat hackers (they are bad and only abuse their skills. some might just use system resources without you knowing, others like to crash your pc and destroy as much data as possible)

Personally I think hackers don't do credit card fraude that much, it's more the script kiddies. Hackers can hack a server and use it for what they need it and even cover the whole thing to make it invisible by the sys admins. Scriptkiddie's mostly hack Windows PC's, and not alot of Linux Servers. Therefor they need to do other things to get a stable shell account: credit card fraude.

**Tris** · 07-30-2004, 12:55 PM

True but if someone is going to hack your server if they want to enough they can. Anything is possible. Even if your system is 100% up to date someone will find a new loop hole in it. Even if you have firewalls. The only way to be 100% secure is to have the machine off the internet and physically turned off

Thread Tools