I have been getting a lot of fraudulent signups lately, and I was wondering if anyone could tell me how to record an IP address with a form submission? I also want the IP to be displayed on the actual form itself, so the user can see that we mean business. I tried to do a search on this, but any search string with the word 'IP' in it returned an error that this term was too short. Strange....

Thanks, all!

Regards,
David Harris

Should all be in logs (if I read correctly) ... Readin or extractin that is beyond me at this point? :rolleyes:

Depending on how you display and/or process your form will determine how you can capture/display ip addresses.

If your form is in html you iwll need to add ssi or php parsing to the html file in order to display things like an ip.

The ssi tag for an user's ip address is: <!--#echo var="REMOTE_ADDR" -->

The ssi tag for the user's "host name" is <!--#echo var="REMOTE_HOST" -->

The ssi tag for the users' os is <!--#echo var="HTTP_USER_AGENT" -->

To record these addresses you will need to have your form submit to a local php/perl/asp script which can again gather the needed fields and enter them into a database.

I would assume you already maintain some sort of database, the local step is simply to modify it to record the ip address as well.

If you would like somje specific help with your existing script or a quick script to do this, send me an email/pm with your needs and I'll whip something up.

Whats the use of recording the ip when many just fake the ip their calling from. Its all a waste of time.

Originally posted by oZz
Whats the use of recording the ip when many just fake the ip their calling from. Its all a waste of time.

While many people spoof an ip or use a proxy a good deal more don't... tracking them can stop a very high % of fraud.

Using php:

to display the IP you would just do this:


<?php
print "Your IP address is: $REMOTE_ADDR";
?>


Then in your order form you can put

<input type="hidden" name="ip" value="<?php echo($REMOTE_ADDR); ?>" />

Then on the file which processes the form submission you use the mail function to send the ip with the order. So just add "IP: $ip" somewhere in your mail that is sent with a new order.

The SSI call for REMOTE_ADDR works really well ...have it stored as a variable with your processing script. You can find additional basic info on SSI (that is pretty much in "english") at:
http://bignosebird.com/ssi.shtml

Since we started recording IPs with all orders and credit card submissions we've been able to reduce processed fraudulent orders dramatically. We check it against the billing address submitted along with the bank issuing the card - saving $$$ on charge back fees.

Don't count on the low-lifes paying attention to the IP being recorded. They'll still submit orders.

Some other "flags" and techniques you might want to use:

Beware of IPs originating from Indonesia, Thailand, Brunai, and Bulgary - these folks work with lists of stolen credit cards.

Check the reply email address. Caution on any hotmail type account or one that returns to a Network Solutions "Under Contstruction: page.

Ask for the 4 digit CVS code from the card even if your processor doesn't require it. Most stolen card lists don't include this.

If you get a questionable order, follow-up with an email asking for a fax that includes a copy of the card and their driver's license. Mention that you are doing it for THEIR protection.

Hope this helps.

Thank you all for your replies! This is very helpful, and I hope to have it working shortly.

R Doherty, I am trying to use your method. I have no experience with PHP, and it does not seem to be working. The IP does not show up on the page, and the form submits the following:

ip: &lt;?php echo($REMOTE_ADDR); ?&gt;

I know my server and this account are setup to support PHP; is there anything else I need to do to get it to work?

I am embedding those lines in an HTML file, by the way.

Thanks again!

Regards,
David Harris

Just an idea: make sure your file's suffix is .php, not .html.

Peter

EzSnake, that's the ticket! It works now!

Thanks again everyone for your help...

Best regards,
David Harris

wihtout a doubt the easiest form script for this is at bignosebird

we also you mcaffee visual trace -- cheap and worth every cent

many tools for this......



good luck

By the way, for the PHP example, how do I change the font and size? Is this just done via html before the php code?

thanks again!!

Fraud is bad, people who do it should be prosecuted.

Originally posted by David-WWH
By the way, for the PHP example, how do I change the font and size? Is this just done via html before the php code?

thanks again!!

Yes... PHP simply goes in and out of html so....



Example 1.
<b><h1>Your Ip Is: <?echo $ip?></h1></b>

Example 2.
<div class="main">Your Ip Is: <?echo $ip?></div>




Hope that helps.

Originally posted by R Doherty
Using php:

to display the IP you would just do this:


<?php
print "Your IP address is: $REMOTE_ADDR";
?>


Then in your order form you can put

<input type="hidden" name="ip" value="<?php echo($REMOTE_ADDR); ?>" />

Then on the file which processes the form submission you use the mail function to send the ip with the order. So just add "IP: $ip" somewhere in your mail that is sent with a new order.
WRONG! hehe, the correct way is now $_SERVER['REMOTE_ADDR'] ( super global )

Originally posted by QWEST

WRONG! hehe, the correct way is now $_SERVER['REMOTE_ADDR'] ( super global )

Well it still works with just $REMOTE_ADDR :p

You can also do a quick check on ARIN by putting a link (on your backend system that you use) with the IP address as part of the URL querystring like this:

http://www.arin.net/cgi-bin/whois.pl?queryinput=129.130.202.149

If you see a lot of fraud orders coming from a certain block of IP's (like I have) ... just block the whole set of IP's. ARIN will tell you what IP block the originating IP comes from. You can also call up and scream at the ISP for letting frauders come through their system (most likely it's an open proxy on what appears to be the originating IP).

Dan

Well, I have it all working fine now, thanks to everyone for your help!

We have not had too many fraud orders. I am curious, what are the nature of these? In other words, are fraudulent orders coming from spammers? Or just people looking for hosting with a fraudulent CC#? Or anything else?

Best regards,
David Harris
WorldWideHosting.net

Fraud orders really are a pain for us.. such a waste of energy and time.. and $$

I like the idea of displaying a field for the CVV - even if we dont actually use it.

For us, just displaying the ip address did not seem to reduce the fraud orders.. So im thinking I want to build a script to do a smart whois lookup on the ip address for the originating country - if it does not match the billing country entered.. just cancel the order and kick the customer out of the order process with a nasty message.. (well maybe not the nasty message ;) )..

Does anyone know of a public smart whois server (or script) that I can integrate into the backend of our scripts..

Here is what we use;

http://www.hostroute.com/script_ip.html

This turns the IP into a form field that goes through our payment gateway etc.
It has never failed to record the IP but obviously it can't stop the use of proxy servers.

Gordon

it can't stop the use of proxy servers.
Most proxies nowadays include the originating IP after the proxy IP. Simply record the whole string and you'll usually get what you want.

Now, track your people with class! Instant messenger integration for the masses :).


<?

// Sample use
$ip = new icq_pager('444021', 'Hi there', 'Message Body', 'RackNine', 'info@racknine.com');
$ip->send();

/*
Class: icq_pager (icq_pager.php)
Description:
Sends message to user's ICQ window

Functions:
--- constructor ---
icq_pager($icq = '', $subject = '', $message = '', $from_name = '', $from_email = '')
Creates an instance of the icq_pager class. ICQ number,
message subject, message, and sender info may be included in
constructor.

--- public functions ---
send($msg = '')
Sends message to phone/pager. If $msg is set the default
message is changed to $msg prior to transmission.


Variables:
--- public variables ---
string icq
ICQ number to send page to

string subject
Subject of message

string message
Message to be sent.

string from_name
string from_email
Contact information of sender
*/

class icq_pager {
var $icq;
var $message;
var $subject;
var $from_name;
var $from_email;

function icq_pager($icq = '', $subject = '', $message = '', $from_name = '', $from_email = '') {
$this->icq = $icq;
$this->subject = $subject;
$this->message = $message;

$this->from_name = $from_name;
$this->from_email = $from_email;
}

function send($message = '') {
if ($message)
$this->message = $message;

function send($message = '') {
if ($message)
$this->message = $message;

mail($this->icq.'@pager.icq.com', $this->subject, $this->message
, 'To: <' . $this->icq.'@pager.icq.com' . ">\r\n"
.'From: "' . $this->from_name . '" <' . $this->from_email . ">\r\n"
.'Reply-To: "' . $this->from_name . '" <' . $this->from_email . ">"
);
}
}

?>

-Matt

Thanks Gordon for the script..

We can capture the ip address.. Im actually wanting to do a whois lookup on the ip address.. im sure there are public servers out there than you can use for both "whois" and "smart whois" lookups. Any body have any ideas?

$_SERVER['X_FORWARDED_FOR'] will give the actual browsers IP if they are using a proxy in the majority of cases.

FWIW I have found devarticles.com an invaluable source for info and shortcuts especially scripts.

Won't hurt to look;)

We record both through our order software and through our payment processor.