Hey,

Just to let you know, I had user signed up yesterday , which installed a spam cgi script + list.
I closed his account after an hour or so, so no real harm done ( I hope ).
Here's the info so you can deny him when he signs up :

Info from my signup script :
Real Name: prigent jean-marc
User Name: humanisi
Password: dnuumhuf
E-mail: humanisi34@37.com
Domain: humanisi
Register Domain: no
Address: Paris, 10 rue de rambouillet
Address 2:
Zipcode: 75010
State:
Country: France
Home Phone: +57486548654

Info from 2CheckOut :
prigent jean-marc
Paid By: Visa
AVS Code: XX Code Explanation
10 rue de rambouillet
Paris, XX 75010
France
Phone: 6386549654
humanisi34@37.com
IP Address: 209.3.144.105

Hope this is helpfull for you :)

Originally posted by diederik
Hey,

Just to let you know, I had user signed up yesterday , which installed a spam cgi script + list.
I closed his account after an hour or so, so no real harm done ( I hope ).
Here's the info so you can deny him when he signs up :

Info from my signup script :
Real Name: prigent jean-marc
User Name: humanisi
Password: dnuumhuf
E-mail: humanisi34@37.com
Domain: humanisi
Register Domain: no
Address: Paris, 10 rue de rambouillet
Address 2:
Zipcode: 75010
State:
Country: France
Home Phone: +57486548654

Info from 2CheckOut :
prigent jean-marc
Paid By: Visa
AVS Code: XX Code Explanation
10 rue de rambouillet
Paris, XX 75010
France
Phone: 6386549654
humanisi34@37.com
IP Address: 209.3.144.105

Hope this is helpfull for you :)

Sure is :D

I got one very similar

Well, I took the IP and added it my list. And a few hours later, checked the web servers logs, and boom! Tried to get an account, was caught and left! :D

Seems this person from France is really from NJ, or somebody in NJ has no idea to secure a box and this guy has a private proxy!

Pleasantville School District (NETBLK-ICON-NET-BA-PLEASAN)
West Decateur Avenue
Pleasantville, NJ 08232
US

Netname: ICON-NET-BA-PLEASAN
Netblock: 209.3.144.0 - 209.3.145.255

Coordinator:
Wilcox, Judith (JW6431-ARIN) jwilcox@ATLNET.ORG
609-383-6810

Record last updated on 10-Sep-1997.
Database last updated on 11-Jul-2002 20:00:13 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.

He/she also reads WHT since the signup came from my offer here!

100% of my orders from overseas are dodgy. I'm probably going to have to refuse all non-European orders, unless they are referred from a trusted source

I remember a few months back someone mentioned on here that they were creating a blacklist for people like this one. Might be good to have something like that so hosters know who at least some of the trouble makers are.

_______________
Paul Taylor
Zoole Internet

Originally posted by Zoole
I remember a few months back someone mentioned on here that they were creating a blacklist for people like this one. Might be good to have something like that so hosters know who at least some of the trouble makers are.


www-hosting.net?? That guy did one, got pissed off and took it off the net. You gotta email him to get the list. His was via .htaccess & mine is via dns, so you can do a lot more with it :)

I just refuse all orders - easier for support, lets me take long lunches - its great!

Originally posted by the elf


www-hosting.net?? That guy did one, got pissed off and took it off the net. You gotta email him to get the list.

It was just a list of IPs, totally non-copyrightable. I'm sure if you want it someone can re-post it for you. I will myself if I can find the original.

-Bob

Originally posted by TMX


It was just a list of IPs, totally non-copyrightable. I'm sure if you want it someone can re-post it for you. I will myself if I can find the original.

-Bob

I know it was just a list of IP's note the "His was via .htaccess...". I got a copy the day before he freaked out and took it offline (since my service is based off of those IP's) :)

Originally posted by the elf


I know it was just a list of IP's note the "His was via .htaccess...".

I know you know that :) I was just pointing out the obvious for the benefit of those who may think it was some sort of sooper-seekrit copyrighted list of voodoo and magic that can only be gotten from one source, or who may have otherwise thought they were no longer allowed to use it.


-Bob

Latest and Greatest I got from site posted on another thread (yes the one your reffering to)......

AuthName "Country access blocked"
AuthType Basic
<Limit GET POST>
order allow,deny

allow from all

deny from .id
deny from .interpacket.net
deny from .lt
deny from .mk
deny from .my
deny from .ro
deny from .yu
deny from 139.92
deny from 152.158
deny from 161.142
deny from 202.134
deny from 202.145
deny from 202.146
deny from 202.147
deny from 202.148
deny from 202.149
deny from 202.150
deny from 202.151
deny from 202.152
deny from 202.153
deny from 202.154
deny from 202.155
deny from 202.156
deny from 202.157
deny from 202.158
deny from 202.159
deny from 202.160
deny from 202.162
deny from 202.164
deny from 202.168
deny from 202.171
deny from 202.178
deny from 202.180
deny from 202.183
deny from 202.184
deny from 202.185
deny from 202.186
deny from 202.187
deny from 202.188
deny from 202.189
deny from 202.190
deny from 202.4
deny from 202.46
deny from 202.47
deny from 202.57
deny from 202.58
deny from 202.93
deny from 202.95
deny from 207.192.198
deny from 210.14
deny from 210.16
deny from 210.186
deny from 210.19
deny from 210.56
deny from 212.138
deny from 212.19
deny from 212.50
deny from 212.59
deny from 213.169
deny from 213.240
deny from 216.3.242.10
deny from 217.9
deny from 62.220.194
deny from 64.110
deny from 64.49
deny from 61.5
Deny from 203.106
Deny from 203.130.254
Deny from 208.210.48
Deny from 208.210.49
Deny from 208.210.50
Deny from 208.210.51
Deny from 211.104
Deny from 211.105
Deny from 211.106
Deny from 211.107
Deny from 211.108
Deny from 211.109
Deny from 211.110
Deny from 211.111
Deny from 211.112
Deny from 211.113
Deny from 211.114
Deny from 211.115
Deny from 211.116
Deny from 211.117
Deny from 211.118
Deny from 211.119
Deny from 213.137
Deny from 207.115.179
#canada fraud server
Deny from 207.35.39.
#italy fraud server
Deny from 217.59
#new Indonesia netblock
deny from 202.138.224
deny from 202.138.225
deny from 202.138.226
deny from 202.138.227
deny from 202.138.228
deny from 202.138.229
deny from 202.138.23
deny from 202.138.24
deny from 202.138.25

deny from 217.8.3.73

#Added 03-05-2002 Indonesian new block
deny from 61.5

deny from 202.138.224
deny from 202.138.225
deny from 202.138.226
deny from 202.138.227
deny from 202.138.228
deny from 202.138.229
deny from 202.138.23
deny from 202.138.24
deny from 202.138.25
</Limit>


Hope this helps (i couldn't post attachment via lil window at bottom of thread
:rolleyes: ;)
[edit] This is the one that doesn't block australia and has newest Indonesian Ip blocks assigned. :uzi:

I just had a guy from Indonesia email me saying he'd like to purchase 3 items from my site, and even proceeded to give me 3 separate credit card numbers (2 mastercard and 1 visa) along with the CVV2 codes and everything, he said to just split the 3 items among the 3 cards and add the shipping amount for Express mail shipping to the address he gave me. Now, I've ran into a few geniuses in my days, but this one truly takes the cake I must say :yawn:. Some people never cease to amaze me....

As someone mentioned above about the International orders being problmatic. I tend to agree somewhat, but do I have some very good International customers, and the only ones that are "usually" the fraudulent type, are the Indonesia types. Thus, the reason I only accept US orders through my site, all International ones need to be processed manually.

Take care,

David