Web Hosting Talk






PDA

View Full Version : Credit card fraud

Rewdog
12-04-2001, 08:54 PM
I suggest if there is anything every suspicious about a customers order, make sure you follow up and call that phone number! This guy did his hosting order in mostly caps, and it just seemed a bit suspicious to me. I called up the phone number and asked for the name that was provided. There was a guy there named Mike who had his wallet stolen. I suggest looking out for the following guy if he is trying to order.

61.9.126.13
xtension@pinoymail.com
domain xtension.com.ph
using a Mike name.
Quill
12-05-2001, 01:09 AM
Phillipines eh? take a look at his ip address. .ph and the email domain pinoymail. I bet he must from the phillipine
Rewdog
12-05-2001, 02:15 AM
yeah I know, I've contacted many people and I'm tracking him down, pretty fun :)
cmoats
12-06-2001, 12:31 AM
Hi guys,
I agree with you. If you see an order that looks a little bit strange you should check it out. Cobalt Racks has seen its share of credit card fraud. However, we have not had any problems in a long time. Most of our problems came from malaysia. You should see the bogus information they tried to pull over our eyes.

Chris
Cobalt Racks.
anna
12-06-2001, 05:19 PM
We had a number of cc frauds for a while, and they were all coming from asia-pacific ip addresses (which is controlled by apnic.net). I found that apnic controls the following IP ranges:

61.0.0.0 - 61.255.255.255

202.0.0.0 - 203.255.255.255

210.0.0.0 - 211.255.255.255

218.0.0.0 - 219.255.255.255

So at the top of our order form (which automatically charges the credit card), we put the following php code block:


if ((substr($REMOTE_ADDR, 0, 3)=="61.") || (substr($REMOTE_ADDR, 0, 4)=="202.") || (substr($REMOTE_ADDR, 0, 4)=="203.") || (substr($
REMOTE_ADDR, 0, 4)=="210.") || (substr($REMOTE_ADDR, 0, 4)=="211.") || (substr($REMOTE_ADDR, 0, 4)=="218.") || (substr($REMOTE_ADD
R, 0, 4)=="219.")) {
header ("Location: https://host.myserver.com/other_order_form.html");
}


This will redirect anyone coming from an asian-pacific IP to another order form, which is just a secure formmail script that we can look over before processing. We have stopped the vast majority of our fraudulent orders from being processed! The few legit orders we get from those IP ranges can still be processed (albeit a little slower), but the fraud ones are shut down.

BTW, I'm so paranoid about getting more fraud attempts that I'm not going to say what host I am with.