FALSE SIGNUP'S


Wanted to let everyone know I have received 3 signups since last night with these ip's. The person that is doing this is using false information and I believe stolen credid card numbers, all signups had the following in common:

New Domain Name Requested

Phone Number is not correct for the address given

Bank of America Visa Card

Credit card company Phone # 1-800-933-6262

Signs up for annual accounts

194.108.64.76
209.10.160.227
210.97.79.125

Hope someone find this f***

I realize that this is entirely unrelated to the subject of you're original thread, but I feel that something must be said about you're abusive use of apostrophe's.

Plural's should not be apostrophized! Plural's are not possessive's! Unless there was a single "Signup" which owned a "False", it is utterly wrong to refer to "False Signup's"! Even in the arguable case that the three Signup's to which you refer in your post owned a quantity of "False", the correct construction would have been "False Signups'"!

Sincerely your's,
A writer of the English language.

I think you have to much time on your hands.

Originally posted by webhost
I think you have to much time on your hands.

Don't you mean *two* much time on my hands?

Originally posted by cperciva


Don't you mean *two* much time on my hands?

cperciva, don't you mean *too*?

Anyway, lets get back on topic :)

Very well said, cperciva. :) But to be completely English-compliant, you need to correct your sig like so:

A. There are four colours you need to look out for: Black, White, Grey, and Red. The respective meanings are "Cracker," "Hacker," "Guru," and "Victim."

But anyways webhost, let us know how it goes. Are you planning on seeking this guy out or telling the police?

Starting to make me laugh.

If this guy gets your cc and uses it I hope you know how to spell
"oh sh**"

thanks for the warn webhost.......
looks like 3 more numbers on my htaccess..

Originally posted by 21inchguns
thanks for the warn webhost.......
looks like 3 more numbers on my htaccess..


What numbers do you have on there now? How do you decide?

--Tina

At least you caught him before any real damage was done, 2 out of the 3 ip's (or is that ips?? :D) are actually proxies so it's obvious this person is up to no good trying to hide his identity, problem is he did not check to see if they were anonymous or not and these are not..

Do you have a time frame as to when the orders were placed?? I know someone who can more than likely find out his real ip quite easily..

Thx DigitalXWeb
This is the actual e-mail he used in the sign up forms
tracie@shoba.org I know it works because I e-mailed him and asked him the second time to confirm that he did in deed want the account and he responded back with that e-mail address.


Here are times and date bottom 2 have 2 times because the e-mail I get goes to 2 e-mail accounts.

194.108.64.76

2/3/02
3:19 PM central time us


209.10.160.227

2/3/02
1:33 PM TO 1:39 AM central time us



210.97.79.125
2/2/02
4:47 AM TO 4:55 AM central time us

Originally posted by qslack

A. There are four colours you need to look out for: Black, White, Grey, and Red. The respective meanings are "Cracker," "Hacker," "Guru," and "Victim."

But anyways webhost, let us know how it goes. Are you planning on seeking this guy out or telling the police?

Of course you could argue that the entire premise of the signature is flawed, a Red Hat installation is not necessarily any less secure than any other Linux installation. Red Hat simply has a larger market share, more people are familiar with it -- as well as its flaws -- therefore known weaknesses are often exploited. Those same weaknesses could be exploited in other distributions as well, if they were as well known.

Webhost,
In the last 2 months, i've had a guy submit 9 orders for hosting accounts. Each time, the information is 100% different from the previous order, and all of the credit card information is valid. The only way i've been able to tell each time that it's a false order, is that the credit cards are U.S. cards, and the IP address of the person submitting the information belongs to an ISP in egypt and sometimes to a university in russia. I have to do a lot more investigating now before setting up accounts. The question that i want to know is, how do i protect myself? I've already had 2 people run chargebacks because i didn't catch the guy. He's costing me money, and it's driving me nuts. Is there any way that i can protect myself from the chargebacks? Any help on this would be greatly appreciated.

Also, i spent 2 hours on the phone with the credit card companies reporting the cards as stolen. I asked the guy what they could do to help me out, and he laughed. He said that was the price of doing business and i should get used to it. THey only care about their customers, not the retailers. Hey DigitalXweb, i track the IP address and the time the transaction was processed. How do i track this person down? You said you knew someone, maybe they can help.

This type of fraud causes major problems for alot of hosts I would imagine, I know it costs us thousands a month.

-Brendan

Originally posted by Matt2001
Hey DigitalXweb, i track the IP address and the time the transaction was processed. How do i track this person down? You said you knew someone, maybe they can help.

If you have the info you can just PM it to me, and I will pass it along to the person who might be able to find out who they really are..

Webhost,

I got the info I will see what he can do.. Thanks

Looks like the same luser that I posted about awhile ago:

http://www.webhostingtalk.com/showthread.php?s=&threadid=27184

Looking through my records, I actually found a few orders from this individual that weren't completed.

2001-04-29 10:14:40 from 202.162.192.253
2001-06-01 12:45:52 from 24.218.45.71
2001-06-01 15:05:14 from 202.155.28.185
2001-11-25 14:12:16 from 128.242.227.61

Ok, I have a htaccess full of ips and top level domains to block (.lt etc)

Last week, cpanel came out with new feature to forward a domain's directories etc....it wouldnt work cause i already had a htaccess in my public_html

So i remove it, play with it, add it to our panel....done playing with it....I forgot to put my old htaccess file back

So going though my past signups today, i found 2 signups, both from Lithuania, (lt and ips 212.xx)

I look at my old access fille (at this point, i already put my htaccess file back in place) bang...I got two fraudulent signups (looks like from the same guy) in the 1 week that i did not have my access file in place

Both with different addresses in the USA, both 12 months in advance, both lt domains..

A lesson learned everyday.....

I just found 3 signups from this guy

heres the ips, each time, used a US name / addy

212.59.17.49
213.190.36.78
210.195.24.28

sites he signed up

webnet.lt
webneta.com
visata.lt
plotas.lt

OK guys he has tried again this morning here is ip that it came from
211.20.79.173

Same thing except this time he used a mastercard but all other details the same. Check it here http://211.20.79.173/

This guy also likes to use the name tracie he wanted a domain name tracie.am


Uses this a reply email addy
litha@muach.ws