The other alternative of course is to pre-stuff all passwords created by the users with something you control, and thus make sure that the customer HAS to come to YOUR manage.cgi (which also prestuffs passwords), and then log all manage.cgi changes..
Thus capturing new passwords, etc. I think its in the RSP's right to do this...of course, I've been wrong before, actually, Chuck can say...prolly more than once.. :) J -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Friday, January 04, 2002 9:17 AM To: [EMAIL PROTECTED] Subject: RE: Who owns tradingsportscards.com? Oh yes, it is actually easy to figure out: I tracked my second 10 year from this AM - customer's card comes from Michigan, phone number questionable - still busy - we are trying to reach them - but always busy - but our credit card processor also sends IP address - which traces back to philippines I think they figure this: grab a stolen card, register the domain, as soon as it is registered go manage it and change owner info on it to themselves (they originally place the credit card holder as domain owner so everything would look kosher) Once they appear as domain owner on whois - it is quite difficult to wrestle that domain away and most registrars simply write it off We are not a big registrar so any multi year registrations are looked at and sceened for security - since we already lost few thusand dollars on fraud cheers Genie > ** Original Subject: RE: Who owns tradingsportscards.com? > ** Original Sender: Robert Kidd <[EMAIL PROTECTED]> > ** Original Date: Fri, 04 Jan 2002 08:12:59 -0800 > ** Original Message follows... > > Hi Genie, > > Forgive me for being naive or perhaps a little thick but why would someone > use someone else's credit card to register their web site for ten years. > Surely they know they would get caught and cannot use the web site. I can > see someone buying a tangible item that thye can caryy away and use at > their leisure but web site is a public thing. How can they get a way with > it or even believe they could? Isn't it like buying insurance under false > pretenses: when it comes time to use it the insurance policy is found to be > invalid. > > I just don't understand why and how so many (9/10!) of these could happen. > Perhaps I am missing something. > > Curious Bob > > At 06:36 AM 1/4/02 -0800, you wrote: > >>We just had two 10 year registrations this morning. > >>I already called the Canadian customer and he confirmed that > >>he did not attempt any domain registrations. > >> > >>- out of ten 10 year registrations only one would prove to > >>be legit - > >** --------- End Original Message ----------- ** > cheers Genie Livingstone Magi Inc 511 G 5th Street San Fernando, CA 91340 818 365 0664 http://www.buildyoursiteonline.com http://www.eyeondomain.com http://www.magiinc.com
