Hello all your hosters, i need a advice what you would do in the following case:
I am running a small webhosting company or at least that's what i am trying. I have to partners actually.
So, at Saturday, 07 i got an order of an dedicated server for $298/month and $99 setup. The guy paid his setup fee per cc and i ordered the server at a local vendor. Because they didn't have any on stock i had to look around and found another vendor which could deliver the server in a short time after building it. Unfortunately the server was more expensive and i had to ask back, if the client wanted to go ahead with the higher cost giving him some facilities like more bandwidth and others.
But there was something suspicious on it because he signed up with, let me say "Mister Nobody" (This is a fictious name, of course). When i got his answers back by email, it came in as from "Mister Suspicious" (fictious as well) saying ok to everything but he needs his server as soon as possible (he signed up with one name and he had another name in his email client?, :eek: ) We gave him the date when we would be able to deliver it to him. The time went by, the cc transaction was accepted (we are using worldpay), the server came in, we set it up and sent an email telling him that his server is ready and we are waiting for his first month payment. Now comes the second suspicious part:
First he always showed hurry and when it came down to any action done by him, it was always friday or saturday and he didn't reply until monday. So, monday came and payment was made on his account but from another "Mister Whatthe****" saying he's his cousin and asking the root login and password to be sent to his cousins email.
The payment by cc from "Mister Whatthe****" for the server was accepted :D so we routed an IP block to his server and sent the root login to "Mister Playboy" (Mister Nobody and Mister Suspicious before!). He changed his name in his email client again but at least the fist name was the same as the one with which he made the cc payment when he signed up with us.
Time went by and we got an email (a part time worker helping us in peak times) from "Mister Playboy" asking to reverse his ip. He was told that he can do this himself running the DNS on his own server but to look at the manual of the server and to ask back if he don't know how to do it. :o , but it was actually stupid what the part time worker has told him because "Mister Playboy's" request to reverse a DNS for him showed already what he wanted to do and anybody else here would have mentioned our TOS. :mad:
The big **** came two days later:
We got an advise from some server owners and from another network (Operating in the same NOC) that there appears to be a problem in our network, because other server owners couldn't accesss their IP's and they checked theirs already. :angry:
We monitor servers for our clients to get their servers back up if they appear to be down before the client actually know about it.
So a alert was ringing and guess who's server it was?
Right, it was "Mister Playboy's" server. We went in and found out that he did not only take the ip block we assigned him, but from another clients!!!! :angry:
We shut the server down and sent an email to Mister Playboy telling him that we'll look at his server within the next hour and that we found out what he had done and that we have to go into the server to cancel the IP's which belong to other customers. And in the future PLEASE ONLY to use his assigned IP's.
We went into the server about 2 hours later (it was a very busy day) to find out that we could not cancel these unauthorized IP's from the control panel because the where some customization made to the server making it impossible to control anything from the control panel. He had taken the IP's not from our customers, but from another ISP operating in the same NOC and using the same backbone. The server was that modified to provide shell hosting (strictly forbidden in our TOS). Load average was 21.97. We made screenshots and sent them to him by email along a message that we have to restore the server to the factory setting and that his server will be back online within the next three hours and told him to look at our TOS and abide to it. This time we wouldn't charge him for the server restore but the next time he would face a fee of $99 per tech hour and that he can hold responsible for damages caused to the network(s). And he's paying $50 less than other clients for the same server!
As i said before, it was a very busy day and his server was up and running 18 hours after discovering the disaster.
We sent an email to Mister Playboy telling him that his server was successfully restored to the factory settings but before sending him the login we asked him to print out our TOS, signing it and to fax it back to us along with a copy of his id card or passport. :D . Next time he would face $99 per tech hour and/or disconnection of the server (of course it will be disconnected in these cases) and immidiate cancellation of the contract (monthly). In case if he want's to discontinue with our services we would have to charge him the the first month for the damage and wasted time caused of his server administration.
We got an email back asking for the login because the one he's got don't work :eek:
We sent him the same email again asking for the documents by fax and since then (saturday midday, yesterday) there's no answer from him. Ok, this was happen last weekend (when we asked for the first payment) as well, so we will see what's going to happen tomorrow, monday. I forgot to say that we know that he got our emails because we got the receipt back as delivered.
But he only was asking back when he could "access his server, it seems to be down" and another one "when could we guys respond him" :D (When we had the receipeds that he got the other mails).
But this story doesn't end here.
When the problem was happen i tried to phone him up but there where no person "Mister Playboy" at this number. So i made a reverse lookup of his phone and there's no entry for him. I checked his "Cousin", Mister Whatthe****, and his cc transaction also was accepted, the address was different, but the phone number and the email of him was the same as the one of his "Cousin" and because i tried to phone him i know that it's wrong. So i made an whois lookup, only to see the same data i already had. I tried to lookup the domain at which he offered shell accounts and this domain is registered to a completely different person in a different country (non US).
I'll see what's going to happen tomorrow and i'll tell you all. But i would like to know how you would react in this situation and what you would do. How are the possibilities for me to keep the money (it was really heavy this case) if he doesn't answer and open's a chargeback? Our TOS is clear and it was one of the heaviest violations we ever had.
Please post your comments. Thx for your time.

Well oh well... looks like a case of internet fraud here...

I know, I've been young... (hehe, I'm still young anyway)... these stuff happens, better check with the CC owners to see if they authorized such transactions.

It's good that you refrained from giving him access till he signed the TOS... doubt it will ever come thru to your fax machine tho ;)

Mainly these are ingenius works by teenagers who are so into shell accounts normally for ircbots or hacking purposes. And maybe that's why he's trying to use other people's IP addresses instead of his own ;)

What do YOU think?

Originally posted by auyongtc
Well oh well... looks like a case of internet fraud here...

I know, I've been young... (hehe, I'm still young anyway)... these stuff happens, better check with the CC owners to see if they authorized such transactions.

What do YOU think?

I've been thinking about it and i also think that this fax will never arrive :bawling: (anybody to take this server over? :D )

I'll tell you more about worldpay: First when they fill the cc details in to pay, the payment only is listed as accepted when the owner and all the details are allright. Second, now they must fill in the security number from the back of the card. So they must HAVE the card actually.
After 3 days at worldpay and checking for stolen cards i think the order will be listed as authorized.

How can i find out the phone number of the owner of the card having only his name?
I know he lives in the US, but the street name and city could be wrong couldn't it?
The same as with the second payment (the monthly server cost) it comes from another person claiming to be the "Cousin" of the first one. This payment also was displayed as authorized after three days.

I also have the IP's where they signed up from so i can track these "suckers" (in case all this is fraudulent) and i will contact every possible justice department to kick their asses :smash:

Hi Microsol,

Bit og a bummer really i would kick their ass too, how much for taking the server over? :D

Give me all the details you have on these 2 twats and i will have a think, they must have left soemthing that u can use to trace, AOL accounts, ICq something

Ben

Originally posted by BenDoherty
Hi Microsol,

Bit og a bummer really i would kick their ass too, how much for taking the server over? :D

Give me all the details you have on these 2 twats and i will have a think, they must have left soemthing that u can use to trace, AOL accounts, ICq something

Ben

I have EVERY evidence of them :D , but i would like to wait with details until this case is clear. I already contacted worldpay and asked them to investigate these transactions.

???? Damn it was getting excited about kicking somones head in :D . I hate people that fraud. Anyway ca i have that server free, lol!

Ben

Originally posted by BenDoherty
Hi Microsol,

Bit og a bummer really i would kick their ass too, how much for taking the server over? :D
Ben

I sent you a private mail according to the board rulez :D

i havent got a private message email me bendoherty64@aol.com is u want

But seriously, even tho that the transaction went thru, better check with the cardowners and all... or else you might just get surprised with a chargeback from the real cardowners, kinda sad to receive that, especially if worldpay charges a lot for the chargeback fees.

Maybe you can work things out with the real cardowners like sending them a check as refund instead, if it's really a fraud. And warn them that their card is in fraud circulation ;)

Originally posted by auyongtc
But seriously, even tho that the transaction went thru, better check with the cardowners and all... or else you might just get surprised with a chargeback from the real cardowners, kinda sad to receive that, especially if worldpay charges a lot for the chargeback fees.

Maybe you can work things out with the real cardowners like sending them a check as refund instead, if it's really a fraud. And warn them that their card is in fraud circulation ;)

I checked the domain registered and hosted on the dedicated server of "Mister Playboy". The domain is registered to the same name which was used to make the initial setup payment for the server. Why should they make fraudulent transactions to pay a domain? :confused:
But it comes back to finding out their real phone numbers and addresses having only their names as a point to start with.

I don't think we would have ever set the server up. It seems the customer was very suspicious from the beginning. Also, you should have the customer sign and mail/fax the TOS/contract BEFORE you actually set the server up, not afterwards.

Just some friendly advice.

Originally posted by Planet Z
I don't think we would have ever set the server up. It seems the customer was very suspicious from the beginning. Also, you should have the customer sign and mail/fax the TOS/contract BEFORE you actually set the server up, not afterwards.

Just some friendly advice.

I think it's very clear stated that with the signup the customers agrees to our TOS linking to it. Anyway there's are actually just a few hosts (very few) out there allowing egg-drop and irc bots and shell accounts.

Originally posted by microsol
I think it's very clear stated that with the signup the customers agrees to our TOS linking to it.

Perhaps so. But that won't hold any weight legally or with your merchant account provider.

That leave still the question how to find out about the real customers. Any serious headhunters willing to find out? Maybe taking screenshots of any single detail to be used as evidence? If you want to help to find out contact me by ICQ (in my details) and i can give you more details to start with. :smash:
Thx

PS: I forgot something:
Would you post details on this board? I mean there can be many legal issues involved making things public.

Originally posted by microsol
Would you post details on this board? I mean there can be many legal issues involved making things public.

No. The customer's information still shouldn't be posted publicly (IMHO), both because of privacy and legal concerns. However, if they've done something illegal (credit card fraud), you should certainly pass the information on to the proper authorities.

I did some more investigations. This includes whois lookups of all the domains involved and reverse lookups of the phone numbers and screen shots. There are no entries for them (Mister Playboy and Mister Whatthe****). But i found some ppl in the area (not exactly the address they filled in when buying) which carry the same name or initials. Mister Playboy's details in the whois lookup are exactly the details he used when he signed up with us. Wrong phone and no results with reverse lookups. Curiously many domain details involved where changed today!
I am shure the sucker hangs around on these board and is watching this thread. Look man, i'll tell you something: I AM AFTER YOU AND I'LL DISCOVER YOU!
:smash: And: If there's something wrong you can be shure about that: :uzi: If there's nothing wrong you still violated our TOS and we gave you a hand (not charging you anything for the trouble and damage caused or terminating your account). Looks like you don't want our hand, so :smash: Come on tell us all on the board what are your point's of view and depending on it i will post evidence in here.

I'll keep you all updated.

This is going to be better:
I just got an spam email to our support email address warning that there is an virus around. But that's not all:
The email is coming from him. I am shure about it because the x-orginating ip is in the same block as the one he signed up with. Then there are about 200 recipients of this spam mail, all in the same country he registered some domains. I am really going to be upset! :angry: :angry: :angry: :angry:

Hi again :cool:

Today is tuesday, and guess how the story goes on.
It's actually no story anymore because the fax didn't come in :laugh: like we all thought. I still don't have any reply from worldpay although i know they've got and read my email, telling them about these suspicious transfers. :mad:
I really would like to know what the &%$!?$! is going on because i would like to prevent ourselfs from a chargeback and would like to make a partial refund of the money. It's for shure that there's a chargeback coming because he's got no balls to contact us and to ask us friendly (it wouldn't make any difference for him anyway :D ). How are chances for me to keep at least a part of the money if it comes to a chargeback (if this was a real transaction without any fraud)? I mean we have all the evidence that he screwed the whole server up and a part of other servers by taking unauthorized IP's. We sent the emails with receipts return to us, so we know that he's got the email we sent him. We've got screenshots of all necesary details. What do you think?


PS: Any host offering dedicated servers interested in the details to prevent being the next victim, just send me a private message and i am happy to send you the names and other details of these guys.

Hello everybody.
Here are the news of the story. I could not believe my eyes but that's the email i just got, from the same email address he ordered from:

Dear Host,

This user is using your account for hacking purposes. He has used a fake credit card to sign up for the account.

I work for another hosting company. He tried to sign up for an account with us, but the order looked a little strange.

So we hacked into his e-mail box. Low and behold, correspondence with 15 hosting companies about his servers and fake credit cards.

Sincerely,

Another Hosting Company


Hmm, tell me your thoughts please!
:eek: :eek: :eek: :eek::eek: :confused: :confused: :confused: :confused:

what do different hosts do as far as fraud protection? other than the obvious stuff such as AVS and telephone verification? what are some of the other hosts doing?

We learned of it. There's no more dedicated server going out without having a copy of the buyers driving licence or id and without having our TOS signed by him. As for the hosting packages, i don't think anybody would commit fraud buying a hosting package worth $3.90 or $6.90 a month.
Of course there will always be a small percentage trying it but it cost me only to click on "delete site".
And for the sucker who did the fraud to us: You know who you are. We contacted your local police station (yes we know where you are from, cause you are too stupid!!!). You should count on a visit of them!!!!! :smash: :smash: :uzi: :uzi:

Contact me at herps@ewsnl.com

I deal with these jackasses all the time,
I might be able to help you out...

This is why it's good to have friends in high places, it's also a good reason to travel overseas. Next time a little punk messes with you, you should get a translator and take a "vacation". You'd be suprised the information that $10 of American currency can buy overseas.

You'd be suprised the information that $10 of American currency can buy overseas.

Hehe :D , i think i don't really have to go overseas to get the info i need. But anybody interesting to hack this suckers account to get some more info for me? (I am not so good in illegal things :D ) , if the info is not deleted yet from the one who send me the email from his account?

Acually, I would think people would be more likely to commit fraud on a 3 or 6 dollar package. Mainly because its cheap, and if someone gets their statement they might over look it. There is no point to get id's for small hosting packages, not cost effective, and a huge hassle I would guess. By the way, where do you check who owns a ip.

Originally posted by davidb
By the way, where do you check who owns a ip.

http://www.arin.net
http://www.ripe.net
http://www.icann.org
:)

Originally posted by microsol
Dear Host,

This user is using your account for hacking purposes. He has used a fake credit card to sign up for the account.

I work for another hosting company. He tried to sign up for an account with us, but the order looked a little strange.

So we hacked into his e-mail box. Low and behold, correspondence with 15 hosting companies about his servers and fake credit cards.

Sincerely,

Another Hosting Company



why would another hosting company "hack" other people

Originally posted by node9


why would another hosting company "hack" other people

I am asking that myself, but since the header shows that the email comes from the same email account i tend to believe it. Nobody had the information who the guy is and who i am. So what :eek:

hehe every try 411 or the phone book or any web site that would do a look up on a name to find the address/phone number of the person in question?
good luck:D

it doesnt prove anything that it was sent from the same person.i bet you they are trying to frame the other email account, but I could be wrong.to show u how i could send email from anothers account without hacking it, PM me and i will gladly show u how.

Hello,

I think that he was doing the following.

a. Obviously using a fake CC

b. Using the servers acquired to either send SPAM or host illegal
files/information. My guess is SPAM, which would account for the allocation of all these IP addresses.

Many spammers choose to send SPAM to America Online users. To combat this, AOL blocks bulk E-mail coming from certain IP's at a time. E.g. only 10 e-mails per hour from 1.2.3.4. To combat this spammers will somehow allocate a ton of IP addresses and set the server to send 2-3 e-mails each time from each IP, then move on to the next.

I am pretty sure that they can afford the complex mailing software behind this by buying it with stolen credit cards, or monies earned from the illegitimate companies sponsoring their SPAM.

Either way, you handled the situation very well, however you were to lenient on his part. A customer who disrupts service to countless other customers, some not even yours, should not be given a second chance and should have been terminated right away.

Regards,
Dan

Sometimes you have to look past the dollar signs in your eyes. In other words, you KNEW something was strange about this order...something didn't "feel" right. However, you saw an order for a new server and probably didn't want to offend your new customer and lose the sale. Instead you wait until AFTER you have major problems with this guy before you try to call the number he provided you with.

Learn from this experience. If something seems "off" about an order...call the person, require a faxed ID and a copy of the most recent credit card statement. For a dedicated server sale, you should also get a signed ORIGINAL of the contract snail mailed to you.

--Tina

Please note that original post was submitted 5 1/2 months ago (07-15-2001). Not all that urgent anymore I'd reckon.

Whoops, I just noticed it listed and replied.

Never bad that people want to help, I just thought I'd point that out :D

Ack! that is funny!

Haha! I could have posted my reply if I haven't read this. I wonder what is the update on this case?

:)

Originally posted by Chicken
Please note that original post was submitted 5 1/2 months ago (07-15-2001). Not all that urgent anymore I'd reckon.

I hope they got the dude.

... of the problem is that

1) Obviuosly a crappy cc-merchant was used who was unable to distinguish fraud from real business

2) That they could get to the other users IPs which I cannot understand at all :confused: