Hi, not sure if i can say fraudster as its hard to work this one out,
but just to warn you people that we had a customer now sign up 5 times originating from.... Hanoi, Vietnam....

Anyway one of the mail addresses he uses is doanquanghuy@cardvn.net and Yahoo ones what the word kida in it.

The reason why i am posting this he has racked up a huge bill with us and the cc details dont respond to the ip as to where it is and also everyone of them has a differnet ip but it goes back to the same place and uses different names for each sign up.

He uses this in the signups .. TECH4VN in diferent variations ans the phone numbers are bogus.

Anyway just putting ideas for prople if they get a sus order and this things might get you going and start thinking it might help someone...

SLav

Is there a way that a secure order page can detect if the person is using a proxy server or not?

No i dont think so..... None that i found as yet.

No there is no way to tell if there is a proxy, that is the basic goal of a proxy: being transparent.

I believe high-speed connections are not frequent in Vietnam, so he would be using a dial-up, which would make it simple to sign up 5 times with 5 different IPs.

I would try contacting him by phone. If you can't them suspend. Your TOS states that you can suspend an account if the information provided is found to be wrong right? Also, do you activate accounts before the CC is verified? I'd even suggest that you double-check the CC with the CC company, in a more thourougly way that you do normally, since you have a doubt.

Yeah thanks for that......

Yes we tried the phone, as he put a different phone number for each account.
Yes we have a TOS to cover that.
No the cc payments are done before we do anything on the accoutns as we do them manually.
As for checking the cc comapny yeah i dditn think we can do that ......
There are flags everywere, its a shame as if its a genuine acocunt which i cant see how it can be would of been nice :)
Thanks

yes there is a way, sort of.


<?php

if ((isset($_SERVER['HTTP_X_FORWARDED_FOR']))
or (isset($_SERVER['HTTP_VIA']))
or (isset($_SERVER['HTTP_PROXY_CONNECTION']))
or (isset($_SERVER['FORWARDED']))
or (isset($_SERVER['CLIENT_IP']))
or (isset($_SERVER['HTTP_FROM']))) {

echo 'Proxy Found<p>';

}
else {

echo 'Proxy Not Found<p>';

}

?>


This will work for anyone that isn't using an anonymous proxy. Unfortunately that also kills the majority of corporate users as they are often behind a proxy.

To get around the anonymous proxy list all you would have to do is check the $REMOTE_USER variable and compare that with a list of IP's in a DB. To populate that DB with active free anonymous proxy's search arond online there a multiple sites that list hundreds of these.

However, there is a good chance that you wouldn't be able to find the proxy that that user or many other users are on becuase there are hundreds of thousands of them and no way to get everyone of them.

Edited code so that it doesn't stretch the table really wide