Hi,

I think somebody wants to push us out of business. We are getting like 6 new hosting orders per hour. All of them include domain registration (usually just less than 10% customers register domains with us). And all of these orders are for our larger plans. Sign-up form fields like "Referred By" are absolutely identical. I'm afraid 2CO will cancel our account. What actions should I take?

Greetings:

FYI: Under H-Sphere using signup guard, and having good moderation rules vs. auto provisioning would resolve this issue.

That stated, document each one, contact the issuing bank to report the fraud, try to find the real owner of the card, and alert them.

Then let 2CO you are aware of the problem; and are working on it.

Thank you.

you could almost also just contact 2checkout so that there helping you and so they NOW you wanna be lagit and real and profitable like them

Yea. just contact 2CO and block that IP address from there those requests are comming (of course if they are not kinda lammers they will find a way around that, but anyway sometimes worth trying). And don't forget to update us on this case:) Good luck!

Well each order comes from different host, belonging to aol network. Email addresses usually are First_&_Last_Names+[few_random_characters]@aol.com or @yahoo.com.

I also have the real IP of that guy (its the only non-us IP I found in order logs), but it belongs to some library in Ukraine.

It may even take a few days to get reply from 2CO. Should I cancel these orders now or should I wait their reply?

We also had some trouble from Ukrainian Universities. They have some really tough students there.

Well if you are 100% sure that those were fraudulent sales, then cancel. But I would contact 2CO. It never took days for me to get a reply from them:)

I've opened a support ticked at 2CO's helpdesk. Hope to hear from them soon.

I wish you good luck. Could you also send here that IP from Ukraine?

Thanks. The IP is 194.146.142.18

HAHA! I think I know this IP :) I had it with me before.. I'll recheck it and tell you again

It started again. I just received one more exactly same order.

Maybe it is an off-topic post, but maybe it's strange but lots of the hosts companies I encounter are all made by ceonex. Just like this one you said above: liquid design. They all have similar UI.

Hello, Karolis

Why dont you contact 2CO's fraud department at 1-877-294-0273 they will get to that right away. We had some fraud order going on also, so we Decided to call the fraud department instead of waiting 2 days for our ticket to be answered. Also try some thing like FraudGate if your billing script accepts them.

Good Luck

Cant you call the owner up and verify there purches?

I'll call cardholders to verify orders.

I've already heard about FraudGate, but our billing script doesn't support it. Now, when we received as many fraudulent orders, I'll modify payment plug-in and make it work with FraudGate myself, if that continues.

I am not sure if someone has mentioned above don't allow clients signingup with free email addys like yahoo or hotmail -- again not sure if you have this feature available in your billing script.

Just use iptables to drop that IP address, or better yet that IP range. Voila, no more fraudulent orders.

Yes, cancel the questionable orders. Unless the addresses and phone numbers all match up to people at a Ukrainian university, they're all fraudulent.

:D Bailey

Originally posted by ThinkSupportAdmin
I am not sure if someone has mentioned above don't allow clients signingup with free email addys like yahoo or hotmail -- again not sure if you have this feature available in your billing script.

That mainly guy uses AOL email addresses, so this wouldn't help in this case.

Originally posted by bithost(NET)
Just use iptables to drop that IP address, or better yet that IP range. Voila, no more fraudulent orders.

He uses different proxy servers each time.


Well, I've already learned to recognize his orders, so it's no longer a problem. I simply cancel them as soon as I discover :)

Hello,

I use modernbill, with the fraud protection as an extra and it works perfectly for us. Before we had fraud protection we did get stung by fraud. It will not happen again though :)

Chris

block all *.aol.com

I have fraud problems from *.aol.com