TLott
12-30-2003, 05:07 PM
Hello,
I've been operating ServerSeed.com hosting for the last several months, been doing fairly well, too. I've was surprised at the lack of fraudulant or even questional orders - almost two hundred clients in the last couple of months and not one that I didn't feel confident about. Guess that's a testament to well-targetted advertising.
But, it happened.
Earlier this month I received a "suspect" signup with to my largest plan:
jcamz.com (he later parked kcamz.com, I believe)
cr**ik@email.nu
Cecilia Pa***io
310-***-4949
****2 President Ave.
Harbor City, CA 90710 (US)
He paid via PayPal.
IP: 68.121.191.185
This was on 12/9/03
Well, I processed it (had no solid reason to deny his registration), and flagged it to keep an eye on. Everything was fine and dandy for a week or so, didn't appear to have anything on the page.
Then, I received not one, but two emails to my abuse addy accusing the guy of spamming his website to users on AOL Instant Msger and Yahoo IM. These two people claimed to be parents (claiming their children were led to the site). I loaded up his site, and it did appear to be a quasi-porn webcam page. I immediately suspended his account.
Now, my suspended page has a listing of probable reasons for suspension and a link to my support email to request further info. Well, in 5 minutes I received 10 emails from mostly foreign/Spanish speaking people - all asking to see the webcam, and the like. It became obvious to me that this guy was indeed mass spamming users over AOL/Yahoo. So I decided to terminate his account and fire off an email, to which I received no response. (The orig account is still sitting suspended on the server - but he changed the jcamz.com DNS to point elsewhere).
Fast forward to today.
Noticed another signup awaiting processing, took a look at it. And what do I see? A signup from someone with the same last name and similar domain:
livecamzz.com
Ronnel Pa***io
r****l@email.nu
68.121.229.221
Same address/phone as the first signup.
Just a different name & email l addy.
This time he also ordered domain registration. (I'm reselling through Enom).
This time I immediately canceled his account, but being the idiot I am sometimes, I accidently processed it through the API queue. (And his domain got registered). Shot off an email to Enom 5 minutes later explaining the situation. If they reverse registration, fine. If not, I'll pocket the $7.95. No biggie to me. Preferable to hosting the guy. Before I could send him an email, he sent me one labeled "URGENT!" - asking why he couldn't log into the billing system to enter in his credit card info (appears this time he was going to use CC instead of Paypal).
Anyway, I have no clue how this guy found me. I'm not exactly advertising mainstream. So I figure he must be looking through hosting directories and signing up at random.
Just a heads up in the rare chance someone gets a signup for a webcam page... might be this guy. He's trouble.
(This is fairly simple, went into too much detail I think). Larger hosts probably get users like this every day, but it was a notable occurrence for me :).
I've been operating ServerSeed.com hosting for the last several months, been doing fairly well, too. I've was surprised at the lack of fraudulant or even questional orders - almost two hundred clients in the last couple of months and not one that I didn't feel confident about. Guess that's a testament to well-targetted advertising.
But, it happened.
Earlier this month I received a "suspect" signup with to my largest plan:
jcamz.com (he later parked kcamz.com, I believe)
cr**ik@email.nu
Cecilia Pa***io
310-***-4949
****2 President Ave.
Harbor City, CA 90710 (US)
He paid via PayPal.
IP: 68.121.191.185
This was on 12/9/03
Well, I processed it (had no solid reason to deny his registration), and flagged it to keep an eye on. Everything was fine and dandy for a week or so, didn't appear to have anything on the page.
Then, I received not one, but two emails to my abuse addy accusing the guy of spamming his website to users on AOL Instant Msger and Yahoo IM. These two people claimed to be parents (claiming their children were led to the site). I loaded up his site, and it did appear to be a quasi-porn webcam page. I immediately suspended his account.
Now, my suspended page has a listing of probable reasons for suspension and a link to my support email to request further info. Well, in 5 minutes I received 10 emails from mostly foreign/Spanish speaking people - all asking to see the webcam, and the like. It became obvious to me that this guy was indeed mass spamming users over AOL/Yahoo. So I decided to terminate his account and fire off an email, to which I received no response. (The orig account is still sitting suspended on the server - but he changed the jcamz.com DNS to point elsewhere).
Fast forward to today.
Noticed another signup awaiting processing, took a look at it. And what do I see? A signup from someone with the same last name and similar domain:
livecamzz.com
Ronnel Pa***io
r****l@email.nu
68.121.229.221
Same address/phone as the first signup.
Just a different name & email l addy.
This time he also ordered domain registration. (I'm reselling through Enom).
This time I immediately canceled his account, but being the idiot I am sometimes, I accidently processed it through the API queue. (And his domain got registered). Shot off an email to Enom 5 minutes later explaining the situation. If they reverse registration, fine. If not, I'll pocket the $7.95. No biggie to me. Preferable to hosting the guy. Before I could send him an email, he sent me one labeled "URGENT!" - asking why he couldn't log into the billing system to enter in his credit card info (appears this time he was going to use CC instead of Paypal).
Anyway, I have no clue how this guy found me. I'm not exactly advertising mainstream. So I figure he must be looking through hosting directories and signing up at random.
Just a heads up in the rare chance someone gets a signup for a webcam page... might be this guy. He's trouble.
(This is fairly simple, went into too much detail I think). Larger hosts probably get users like this every day, but it was a notable occurrence for me :).