Give fraudlabs.com a try, it will give you a score based on address, phone, bank phone, ip, ip country and then you can set the threshold of when to manually approve or check the transaction. They give you 90 free checks per month.
Sent from my wireless handheld. On Aug 18, 2008, at 7:56 PM, "Steve Totaro" <[EMAIL PROTECTED]> wrote: I think it is less of known proxy, sysadmin, or misconfigured machine issue and more of a compromised system, zombie issue. I know last Tuesday was a HUGE M$ "patch Tuesday", not sure if any of those exploits could be used for proxy or port redirection but if not directly, they can probably be used to open a hole big enough to drive a truck into let alone remote execution of a little bit of code to insert such a hidden service. http://news.cnet.com/8301-1009_3-10015517-83.html?hhTest=1&part=rss&subj=news&tag=2547-1_3-0-20 Not to mention all the bootleg copies of Windows that will not be able to update and those that just won't bother. We are not even talking about Malware, worms, or viruses here which is what most people fear and feel "protected", even allowing their emails to append some nonsense about being "scanned and virus free". So was Subseven or basically any new virus at zero hour. http://blog.wired.com/27bstroke6/2008/04/zombie-computer.html Anyways, on to how to combat it. I think the only real way is to have human intervention. A phone call to speak with the card holder would probably cut it back drastically. I think it was Gafachi that sent me a credit card authorization form via snail mail which I thought was strange at the time but obviously prudent with rampant fraud. This way they verify the mailing address to some degree, get a signature, and have some paper trail. While it could still be fraudulent, I think most would be eliminated. There are easier targets and with the explanation about fighting fraud along with the snail mail authorization form, I would totally understand. Thanks, Steve Totaro On Mon, Aug 18, 2008 at 6:52 PM, Nitzan Kon <[EMAIL PROTECTED]> wrote: Thanks for the reply Igor. :) I googled a little bit, and I don't see keeping lists as a viable option. There is basically an infinite number of proxies out there so it is impossible to block them all until after the fact. :( What I am going to try, is write something inside my payment modules to try and connect to common proxy ports on the REMOTE_ADDR, and if was able to connect to say port 80 - make a note on the IP address that it is most likely a proxy. The code is pretty simple, but the side effect is a delay in serving the page while the ports are being tried. I set it to a timeout of 1 second for each port to avoid this as much as possible, but we'll see how well this works... Also, it is possible that some proxies use non-common ports, or are not open to the public, in which case this approach will fail. I'll let you all know the results after we tested it for a while... Thanks, -- Nitzan --- On Mon, 8/18/08, emist <[EMAIL PROTECTED]> wrote: From: emist <[EMAIL PROTECTED]> Subject: Re: [asterisk-biz] Fraud. (here we go again) To: [EMAIL PROTECTED], "Commercial and Business-Oriented Asterisk Discussion" <[email protected]> Date: Monday, August 18, 2008, 6:06 PM Hello Nitzan, As to how they do it its not very hard to proxy http requests(or any other request for that matter). There are plenty of publicly available proxy servers as well as servers that aren't intended to be used by the public but due to the sys-admin's misconfiguration they are open to the outside world. Most modern browsers can be configured to use proxy servers directly and tools exist such as proxychains that let you proxy pretty much any type of traffic through socks proxies. As to how to stop it...thats sort of a hard question. Maybe you could find sites with public proxy listings and write a script to flag any deposits made from any of the ips listed, but this won't help against non-publicly disclosed proxies. Regards, Igor H. Nitzan Kon wrote: Hi list! :) We've got hit with a guy in Vietnam who's creating accounts with stolen American credit cards. Usually they are really easy to stop, but this guy is matching the IP address to the credit card address. Anyone knows how they do that? I am 100% sure they are located in Vietnam as their SIP IP address is 222.252.42.118. So somehow they go through a proxy or something to fake the IP location. Any idea how they do that - and more importantly - how to stop that on a systematic level? Thanks! -- Nitzan Kon, CEO Future Nine Corporation www.future-nine.com _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
