Ok, my DNS blacklist (based on the IP’s at http://www-hosting.net/denied.html) is now running. I know the site looks crappy, but I’m not going to waste too much time on something a few people (if anyone) uses. Keep in mind, it’s still in beta testing.

http://bl.cdnhost.net

I think you showed me this one b4. It is good - but I immediately got complaints from genuine customers so had to remove it.

I have started compiling now my own list based on the bogus orders I get.

Originally posted by mlovick
I think you showed me this one b4. It is good - but I immediately got complaints from genuine customers so had to remove it.

I have started compiling now my own list based on the bogus orders I get.

I guess it all depends on the kind of customer you want and where the hosting company is located (looks like your from the UK). Personally, I have only gotten 2 (guess I’m lucky) fraudulent orders within the last year. I think the IP addresses would offer more of a service to Canada/USA based hosts, then overseas due to the reason you stated above.

I’d also like to point out to people that this service does not have to reject orders. Anyone that knows a little PHP could make a custom client that acts like a heads up (warning) when an order is sent. You could tell your client (the script) to email you letting you know “yes this users IP has been blacklisted” and take it from there, maybe with a little more caution then a normal order.

You could do almost anything with it from a complete ban, a warning to the user saying “hey, your banned, so we’re gonna check out this order a little better”. This system is also a little more portable then the single .htaccess that Gary offers.

If this service saves one host a single problem, then the whole hour and a half investment (to create it) will be worth it.

I can imagine integrating this list into our signup form to let us know that it is a "high-risk" order, which means we might want to call the user before setting up their account, etc. Thanks :)

GOod, someone took it over. :)

We have a script that sends the "fraud IP orders" to a "fax order" page, after they place their order...bypassing our regular credit card order form.

We ask them to fax in a copy of a photo ID and top portion of the credit card statement.

--Tina

Originally posted by AffordableHost
We have a script that sends the "fraud IP orders" to a "fax order" page, after they place their order...bypassing our regular credit card order form.

We ask them to fax in a copy of a photo ID and top portion of the credit card statement.

--Tina

lol

the elf, that's a great service you are offering. Good luck with it.

hm funny, i use Chello - cable internet from austria and when i visit your site it says that my IP has been banned? what for?
and since i have a dedicated IP the only thing that i can think of is that someone from my subnet somehow managed to get on that list, but here in Austria laws against CC fraud are really good so i dont think that was possible ( or someone would dare to do it), therefore could you explain me this issue?

heheh i got it you simply block 212. and my ip starts with 212. so your anti-fraud-get-only-good-orders.php scripts blocks around 80 % of Austria too :), which simply blocks all competitors from our market :) way to go man :)) i highly sugest all hosts to implement this ASAP :)

Originally posted by Angel78
hm funny, i use Chello - cable internet from austria and when i visit your site it says that my IP has been banned? what for?
and since i have a dedicated IP the only thing that i can think of is that someone from my subnet somehow managed to get on that list, but here in Austria laws against CC fraud are really good so i dont think that was possible ( or someone would dare to do it), therefore could you explain me this issue?

We block hosts (i.e. 123.123.123.123) whole class C blocks (i.e. 123.123.123.*), whole class B blocks (123.123.*.*) and whole class A blocks (123.*.*.*). You must be blocked on one of the higher levels (a block ban). Someone on the IP block you use must have did a fraudulent order and was banned. The service is only about 24 hours old, and all IP addresses came from the list www-hosting.net offered. Did you check your IP on that list??

Honestly, I don’t really see a point as to why a host would report such an order to any authority since chances are, they’ll just slap the persons hand and the damage has been done (if the hosting company uses automatic signup scripts and has processed the order). The hosting company could cause more damage by submitting the offending IP to a service like this! If you asked any host affected by fraud what they want done, I’m sure they would say “banned” over “slapped”.

As to your other post, if there was more then more 1 fraudulent order, I don’t see any wrong doing by banning whole networks and I stated the service was aimed more towards Canada/USA based hosts simply for this exact fact! If you feel the service blocks IP’s which you think are clean, don’t use the service, get fraudulent orders and put up with the hassles from abusers and/or your processing company. Even if people don’t accept credit cards, this service may prevent a non-paying account. Personally, I would rather lose a few dollars revenue rather then taking the change of getting/processing a stolen credit card, dealing with the processing company, removing the account and sending “abuse” emails to their ISP. Let the customer keep the few bucks and find another host to scam! This is one of the major reasons why I never accepted credit cards, maybe with this list, I’ll consider accepting them knowing I have some level of protection.

Someone on the IP block you use must have did a fraudulent order and was banned.

or it was a simply bad joke by another host?

I agree that this is usefull tool for web hosts, but please do think about where do you get those IP's and from who do you get them(by simply copying from a website that has no idea if these were real fake orders), and if it possible state that austria, greece, ireland and most of the EU is banned just to not let any EU based host use this and loose their potential customers.

:)

/me laughs @ site

It is frustrating aint it elf?

sometimes WHT reminds me of a bunch of whiney geeks at a lan when their pings are bad

no offence to those whiney geeks who goto lans and complain about latency

more newbie than geek perhaps *shrugs*

The list is useless. I think AffordableHost's is the most affective method. You just simply block a whole block of IP? That's now how it's done. Most IPs do not provide static IPs to their customers, but dynamic IPs. So people who just happen to get the other person's IP will be banned? It might not be a problem now, but since the internet becomes so crowded it will be a problem.

Why would anyone also trust other host's blacklist? They aren't even regulated.

Maybe you should take 5 minutes of your life to investigate your client and the order info.

:)

Look, if the host wants to do it, let them, as they can and will. It's not your fault they will save fraud. Yes, they may loose a few legit. people, but for the price of chargebacks, bandwidth, it's not worth it. I totally agree with denying people to your site from those ip's. :)

I'm not telling them not to do it. Maybe look into better solutions? Loose few legit? Well that one legit customer can be your biggest one. I don't think you would want to loose such client.

Every good cause has its drawbacks. :) I feel they outweigh, and the hosts must too. :)

No offence, but this way of doing it is a crock of crap. In any 24 hour period a single IP may be used 50+ people, if not more. So if you take a /24 then we're talking about a potential 12,750 people in a 24 hour period. For some countires where the fraud rate is very very high, then it may be worth it, but when it comes to European countries it's madness. All it takes to spot a fraudulant order 99.99% of the time is:

1) Check the signup IP matches the billing country of the CC
2) Check that the phone number matches the area of the CC address
3) Check the address details on any domains listed if they want to transfer and compare with the CC address
4) If you suspect anything then ask for some form of proot that they are the owner of the CC - people who have nothing to hide won't mind.

Yup -- those are 4 steps I always take. However, as for the list, I would never deny an order based on it, but -- I might raise an eyebrow based on it. Sometimes that raised eyebrow can be the difference between allowing or denying an already suspicious order.

Originally posted by Shyne
The list is useless. I think AffordableHost's is the most affective method. You just simply block a whole block of IP? That's now how it's done. Most IPs do not provide static IPs to their customers, but dynamic IPs. So people who just happen to get the other person's IP will be banned? It might not be a problem now, but since the internet becomes so crowded it will be a problem.

Why would anyone also trust other host's blacklist? They aren't even regulated.

Maybe you should take 5 minutes of your life to investigate your client and the order info.

:)

IP's are not blocked, they’re just marked as blocked! The hosting company can do whatever they want based on the list. A simple add-in to your signup script could alert you to a listing, maybe process the order with a little more caution. I'm sure I said that in another post here!

If you don't trust the list, don't use the list. Simple as that!

I agree some should take a little more time when activating accounts, however, if you’re going to be scammed, your going to be scammed!

Originally posted by Angel78


or it was a simply bad joke by another host?

I agree that this is usefull tool for web hosts, but please do think about where do you get those IP's and from who do you get them(by simply copying from a website that has no idea if these were real fake orders), and if it possible state that austria, greece, ireland and most of the EU is banned just to not let any EU based host use this and loose their potential customers.

:)

By all means, if you think you can do better (by providing IP's), please do! I used the list simply as a starting point since most of the people on that tread enjoyed his work. And for the last time,

This service is aimed more towards Canada/USA based hosting companies!

Why? Simply because it marks many overseas IP’s as blocked.

Bad joke? I don’t think so.

Originally posted by Shyne
The list is useless. I think AffordableHost's is the most affective method. You just simply block a whole block of IP? That's now how it's done. Most IPs do not provide static IPs to their customers, but dynamic IPs. So people who just happen to get the other person's IP will be banned? It might not be a problem now, but since the internet becomes so crowded it will be a problem.

Why would anyone also trust other host's blacklist? They aren't even regulated.

Maybe you should take 5 minutes of your life to investigate your client and the order info.

:)

Forgot to add:

But you would still need a list of IP's to process orders like AffordableHost does. Since this service is DNS based, you could configure your signup scripts to do such!

Originally posted by hosticle
/me laughs @ site

It is frustrating aint it elf?

sometimes WHT reminds me of a bunch of whiney geeks at a lan when their pings are bad

no offence to those whiney geeks who goto lans and complain about latency

Not frustrating, just a pain in the a**. Somebody like me starts a service that maybe someone will use, and the people jump all over it "it's crap, don't use it or why bother". But, a few bad posts are good too. :D

I don't think people understand how portable this list is! By portable I mean how many things you could do with it. As I stated before, you could use it as a blocking service, a warning service or just as a trial service (hidden) in your signup scripts that is only there to see if it meets your needs as a hosting company! You could do almost anything with it, blocking is just one idea!

If people don't want to use it, don't! I really don't care nor do I care if it blocks the whole class A block 212. If it was added, then I'm sure www-hosting.net had a reason for adding it. I don't think a person would publish a list just to damage signups, but maybe he did.

And on my site (not the blacklist site my actual hosting site), as a result of the two fraudulent orders, I have banned the complete class A networks via .htaccess. People with the blocked can no longer complete the final step of signing up. Why? Because I no longer want to do business with people from that Country!

How many times do you need to be burnt from the fire to learn that maybe you should stay away?