I am helping administrate a host.
I found one account which was created today.
We only offer 50MB of space however this person had used a PHP script tio bypass that limit and use 389MB of space.
Thier e-mail address was 123454321@hahayouscrewed.com
hahayouscrewed.com isn't even a registered domain
The name registered with was 12345
:angry:
What should I do?
phpjames
04-26-2002, 08:07 AM
cancel or suspend their account. Turn it off and you will find that they probably wont contact you. If they do explain they have violated the storage policy and if not they are trying to rip you off. In that case check the cc and cancel the account.
Do you allow for instant account setup? Because this sounds like a very good example of why not to offer instant sign ups (Unless for example you have staff available 24 hours a day to monitor them and quickly weed out the bogus ones - as well as having checks in place to determine the existance of domains and email addresses before the accounts are set up).
There probably isn't an awful lot you can do about this person (apart from obviously deleting their account), I think your best bet would be to chalk it up as experience and put in place measures so that it doesn't happen again (i.e. check all orders before setting them up).
Originally posted by phpjames
cancel or suspend their account. Turn it off and you will find that they probably wont contact you. If they do explain they have violated the storage policy and if not they are trying to rip you off. In that case check the cc and cancel the account.
well its a free host, if it was paid there'd prolyl be a fake cc
i am gonna cancel thier account
i forgot to mentoin, they also cheated out 512k file size limit:angry:
Originally posted by HostIt
Do you allow for instant account setup? Because this sounds like a very good example of why not to offer instant sign ups (Unless for example you have staff available 24 hours a day to monitor them and quickly weed out the bogus ones - as well as having checks in place to determine the existance of domains and email addresses before the accounts are set up).
There probably isn't an awful lot you can do about this person, I think your best bet would be to chalk it up as experience and put in place measures so that it doesn't happen again (i.e. check all orders before setting them up).
yup, it has instant setup, if we manualy validated accounts i wouldn't've approved it
I deleted thier account:D
Is there any way to prevent this?
Akash
04-26-2002, 09:31 AM
for a free host with instant setup....nothing really unless you have a staff that's there 24 hours or if you create a script to weed out fake info and integrate it with your signup page.
you should start logging IPs if you haven't already and looking for continuous usage...
(SH)Saeed
04-26-2002, 09:50 AM
roly, why don't you set a open_basedir for your users so that they can not go below a certain directory (e.g. their home directory) ? I would also tweek the script so that it sends them an email on registeration with a link they have to click to activate their account.
beglobal
04-26-2002, 11:04 AM
We run a free host with automatic setup also. Something else you can add that may help is to require a valid email address in order to email the initial password to the user.
Originally posted by (SH)Saeed
roly, why don't you set a open_basedir for your users so that they can not go below a certain directory (e.g. their home directory) ? I would also tweek the script so that it sends them an email on registeration with a link they have to click to activate their account.
there is, thier script had a download the anothera account option which filed, only download to thier dir worked:)
Originally posted by be-hosted
We run a free host with automatic setup also. Something else you can add that may help is to require a valid email address in order to email the initial password to the user.
problem sendmail doesn't work on the server:(
