I agree with Steve theres definitely the possibility of them using compromised systems, in which case it will be almost impossible to know in advance.
If I recall correctly there used to be decent money to be made in this kind of business as well as in the renting of botnets to perform DDOS a while back. Storm comes to mind, although I'm not sure what has become of the rbn since then. Steve Totaro wrote: > I think it is less of known proxy, sysadmin, or misconfigured machine > issue and more of a compromised system, zombie issue. > > I know last Tuesday was a HUGE M$ "patch Tuesday", not sure if any of > those exploits could be used for proxy or port redirection but if not > directly, they can probably be used to open a hole big enough to drive > a truck into let alone remote execution of a little bit of code to > insert such a hidden service. > > http://news.cnet.com/8301-1009_3-10015517-83.html?hhTest=1&part=rss&subj=news&tag=2547-1_3-0-20 > > Not to mention all the bootleg copies of Windows that will not be able > to update and those that just won't bother. > > We are not even talking about Malware, worms, or viruses here which is > what most people fear and feel "protected", even allowing their emails > to append some nonsense about being "scanned and virus free". So was > Subseven or basically any new virus at zero hour. > > http://blog.wired.com/27bstroke6/2008/04/zombie-computer.html > > Anyways, on to how to combat it. I think the only real way is to have > human intervention. A phone call to speak with the card holder would > probably cut it back drastically. > > I think it was Gafachi that sent me a credit card authorization form > via snail mail which I thought was strange at the time but obviously > prudent with rampant fraud. This way they verify the mailing address > to some degree, get a signature, and have some paper trail. While it > could still be fraudulent, I think most would be eliminated. There > are easier targets and with the explanation about fighting fraud along > with the snail mail authorization form, I would totally understand. > > Thanks, > Steve Totaro > > On Mon, Aug 18, 2008 at 6:52 PM, Nitzan Kon <[EMAIL PROTECTED]> wrote: >> Thanks for the reply Igor. :) >> >> I googled a little bit, and I don't see keeping lists as a viable >> option. There is basically an infinite number of proxies out there >> so it is impossible to block them all until after the fact. :( >> >> What I am going to try, is write something inside my payment >> modules to try and connect to common proxy ports on the REMOTE_ADDR, >> and if was able to connect to say port 80 - make a note on the IP >> address that it is most likely a proxy. >> >> The code is pretty simple, but the side effect is a delay in serving >> the page while the ports are being tried. I set it to a timeout of 1 >> second for each port to avoid this as much as possible, but we'll see >> how well this works... >> >> Also, it is possible that some proxies use non-common ports, or >> are not open to the public, in which case this approach will fail. >> >> I'll let you all know the results after we tested it for a while... >> >> Thanks, >> >> -- Nitzan >> >> --- On Mon, 8/18/08, emist <[EMAIL PROTECTED]> wrote: >> >>> From: emist <[EMAIL PROTECTED]> >>> Subject: Re: [asterisk-biz] Fraud. (here we go again) >>> To: [EMAIL PROTECTED], "Commercial and Business-Oriented Asterisk >>> Discussion" <[email protected]> >>> Date: Monday, August 18, 2008, 6:06 PM >>> Hello Nitzan, >>> >>> As to how they do it its not very hard to proxy http >>> requests(or any >>> other request for that matter). There are plenty of >>> publicly available >>> proxy servers as well as servers that aren't intended >>> to be used by the >>> public but due to the sys-admin's misconfiguration they >>> are open to the >>> outside world. Most modern browsers can be configured to >>> use proxy >>> servers directly and tools exist such as proxychains that >>> let you proxy >>> pretty much any type of traffic through socks proxies. >>> >>> As to how to stop it...thats sort of a hard question. Maybe >>> you could >>> find sites with public proxy listings and write a script to >>> flag any >>> deposits made from any of the ips listed, but this >>> won't help against >>> non-publicly disclosed proxies. >>> >>> Regards, >>> >>> Igor H. >>> >>> Nitzan Kon wrote: >>>> Hi list! :) >>>> >>>> We've got hit with a guy in Vietnam who's >>> creating accounts with >>>> stolen American credit cards. Usually they are really >>> easy to stop, >>>> but this guy is matching the IP address to the credit >>> card address. >>>> Anyone knows how they do that? I am 100% sure they are >>> located in >>>> Vietnam as their SIP IP address is 222.252.42.118. So >>> somehow they >>>> go through a proxy or something to fake the IP >>> location. Any idea >>>> how they do that - and more importantly - how to stop >>> that on a >>>> systematic level? >>>> >>>> Thanks! >>>> >>>> -- >>>> Nitzan Kon, CEO >>>> Future Nine Corporation >>>> www.future-nine.com >>>> >>>> _______________________________________________ >>>> --Bandwidth and Colocation Provided by >>> http://www.api-digital.com-- >>>> AstriCon 2008 - September 22 - 25 Phoenix, Arizona >>>> Register Now: http://www.astricon.net >>>> >>>> asterisk-biz mailing list >>>> To UNSUBSCRIBE or update options visit: >>>> >>> http://lists.digium.com/mailman/listinfo/asterisk-biz >> _______________________________________________ >> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >> >> AstriCon 2008 - September 22 - 25 Phoenix, Arizona >> Register Now: http://www.astricon.net >> >> asterisk-biz mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-biz >> > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > AstriCon 2008 - September 22 - 25 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz > _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
