The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Recent flurry of fradulent hosting account orders!

Discussion in 'General Discussion' started by jols, Aug 30, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    We've seen a recent flurry of fradulent hosting account orders as of the past 3 or 4 days, e.g. orders placed using obviously stolen credit cards.

    Wondering if anyone else has also seen this?
     
  2. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    yes!! and the guy was pissed when I confronted him. Funny thing is ..they also signed up with 2 of my resellers ..same exact signup IP ..only different domain and different name.
     
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Yeah and on top of everything else, we have had a majority of these demand shell access right off the bat. So what is it? Cyber-thugs preparing for a massive assult of some kind to commerate the 9/11 aniversary?


    Here are a few of the rules we use as cross-reference in order to okay the new account opening. It's not an exact science but does filter out quite a lot of junk orders:

    (We capture the user's IP in the order form.)

    1-- Does the new customer's IP match, or even come close to the geographic location of the credit card billing address?

    2-- Does the contact phone area code match the geographic location of the credit card billing address?

    3-- If the domain is registered, is it registered to the same name as the customer filling out the hosting order form?


    More than half of our orders lately fail all three tests.

    Does anyone have any other suggested verification methods?
     
  4. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
  5. NightStorm

    NightStorm Well-Known Member

    Joined:
    Jul 28, 2003
    Messages:
    286
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Something to watch out for. If they pay through PayPal, be prepared for a fight with their (PayPal) legal department when/if you terminate the account. We had one a while ago that paid their month, within 10 minutes tried to upload a shell script, and redlighted our domain watch notifier (trying to add "bad" domains). The account was suspended immediately, and within 30 minutes they had opened up a complaint through paypal demanding their money back, claiming that they had not received the services they paid for (likely from, as suggested above, stolen cards or accounts).
    Now, this isn't the annoying part. I would have been more than willing to toss him back his money and CC leo.gov, but Paypal will often freeze an account while working out complaints for fraudulent activities... makes it harder to have the other customers pay when the account won't accept funds, and won't let you transfer money out to pay for the server.
    This is turning into a Paypal rant more than a scammer rant... anyway, be wary of them if they pay through PayPal. It's like another way for them to nail you to the wall if you don't let them hack your server. Little punks.
     
  6. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
  7. NightStorm

    NightStorm Well-Known Member

    Joined:
    Jul 28, 2003
    Messages:
    286
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    *digs through bookmarks*
    Try http://www.whitedoggreenfrog.com/scripts/
    There is (was, anyway... hopefully still is) a few scripts you can use there to help check added domains. It uses surbl URL list checks to see if the domain has been used and blacklisted for spam attacks, or are referenced in spam messages. It's not foolproof, but is a nice additional (emphasis on additional) check along the way, and is a nice break in the long series of security measures that one must go through... since this one essentially does it's own footwork.
     
  8. driverC

    driverC Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    112
    Likes Received:
    0
    Trophy Points:
    16
    Yeah Paypal can really suck in regards to things like that. The worst thing is if a customer signs up and pays yearly. Then forgets to cancel his subscription. Now after he has actually sent another yearly payment by not cancelling his subscription he doesn`t contact you to resolve things in a normal civilized way but he is sending about 10 emails to every email address you got all totally bitchy as if you had raped and killed their children and at the same time do a chargeback and do not only let you sit on the domain renewal costs but in addition to that you have to pay a $15 chargeback fee and Paypal doesn`t do shit about it. Then you end up actually paying for providing a customer with one year of webhosting and reading 10 totally pissed of and stupidly aggressive emails and a Paypal chargeback case that makes you look bad to Paypal. I really love my job if that happens. At least Paypal doesn`t freece my account because I`ve had almost 200K of revenue with them. Seems like they do not freece accounts of that size too quickly. Also I had one customer who just decided that she wanted to charge back the last 4 monthly payments so I ended up paying $60 (!!!) for a chargeback of 4 times $2.95 (which ate up about twice as much money as I ever mad with this customer). Paypal didn`t give a damn about the comments I posted to them and let the customer`s bank rape my wallet.
     
    #8 driverC, Aug 31, 2006
    Last edited: Aug 31, 2006
  9. jsnape

    jsnape Well-Known Member

    Joined:
    Mar 11, 2002
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    16
    This is my standard answer for SSH access, and legitimate customers usually don't mind. The other ones are never heard from again.

    Secure shell access is available to customers by request using the following guidelines:
    We must have a legible photocopy of a valid legal photo ID on file, drivers license number and or Social Security or the financially sensitive equivalent of that information in your country should be blacked out or otherwise masked for your protection before transmitting the copy to us. ID must match the name of the domain owner on file at the domain registrar and if the name is protected by a proxy service SSH access will be refused. SSH cannot be granted to citizens of any country outside of jurisdiction of the Group of Five and Australian Territory until the account has been active and trustworthy for 12 months. SSH is never guaranteed, and could be disabled at any time for any reason and is occasionally disabled server wide and only re-enabled by individual request.

    Never had a problem with PayPal freezing the coount and I've had a couple of disputes lodged over the past five years - but unfortunately have had to enter three times as many myself on service and advertising payments to people who never provided the service and tried to never be heard from again. Or you pay them and get excuses for weeks on end instead of the product.
     
  10. driverC

    driverC Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    112
    Likes Received:
    0
    Trophy Points:
    16
    What`s the point of denying SSH access if you let them use CGI ? Any commands they can execute via SSH can be executed using a CGI script. It takes less than 5 minutes to program a CGI to SSH script. And almost all of the customers I had problems with used PHP or Perl scripts.
     
    #10 driverC, Sep 1, 2006
    Last edited: Sep 1, 2006
Loading...
Similar Threads - Recent flurry fradulent
  1. gizzmo2006
    Replies:
    1
    Views:
    289

Share This Page