Better credit card validation, I would think, with billing address and 3 digit code on back of card, would be the best bet. It might also be a good idea to match the billing zip code with the IP address location, at least to the country. It is easy to use an open wifi, tor, and/or a http proxy to hide one's IP address. It is also easy to use tor and a dns to get an exit node in the same region as the billing address. If you are lucky you might get a stupid user making the transaction from a real IP; give the information to the authorities when you report the crime.
You could block tor and many known proxies in iptables which would likely avoid a considerable amount of fraud imo, though this is not friendly to those who enjoy their privacy. Chris... On Thu, Jul 5, 2012 at 9:20 PM, Todd Lyons <tly...@ivenue.com> wrote: > On Thu, Jul 5, 2012 at 6:39 PM, Randall Whitman <909li...@whizman.com> wrote: >>> Any way to "capture" the ip address from the http request or something >>> like that? It is a java application running under tomcat with apache as >>> the web server. >> By default, the client IP address is the first field of the Apache >> access log file. A clever attacker will spoof it, else use a >> compromised botnet rather than one's own machines. > > I'll nitpick a little here. You can't spoof the endpoint of a valid > TCP connection. They may proxy it through some open proxy, but it > will be the IP of the proxy, and most proxies, even open proxies, will > add a HTTP header that indicates what IP it's proxying for. > > ...Todd > -- > The total budget at all receivers for solving senders' problems is $0. > If you want them to accept your mail and manage it the way you want, > send it the way the spec says to. --John Levine > _______________________________________________ > LinuxUsers mailing list > LinuxUsers@socallinux.org > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers -- "As we open our newspapers or watch our television screens, we seem to be continually assaulted by the fruits of Mankind's stupidity." -Roger Penrose _______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
