Someone keeps signing up for hosting accounts on my servers using different stolen Paypal accounts and identities. I register the domain name and have to pay it for a year in advance. One day later he sends hundreds of fraudulent phishing mails. This is really really bad now because:

- I may lose my Paypal account due to a large number of fraudulent orders
- I may lose my server due to the spam
- I am paying a lot of money to register domain names.

Anyway...does anyone have an idea what can be done against these bastards ?

Do you have any sort of fraud protection? If not you seriously need to look into implementing a fraud protection system.

There are services out there that can help you identify fraud (but aren't going to catch all your fraud orders) such as minFraud from http://www.maxmind.com. There are other services out there and articles on how to reduce fraud, do some Google searches and they should reveal themselves to you. :)

You might be able to, depending on the time that you have had the domain for, cancel the domain and get part or all of your money back. You'll need to ask your registrar about this.

Hope that helps,

My registrar does not refund : ( And unfortunately since I am using Paypal as my payment processor I can not really use fraud protection (i.e. I can not look at IPs etc.).

Maybe I could look at the IP they use when they sign up. If it is from Onga Bonga the order will be denied...but most of the time they use hacked proxy servers to log in to my Cpanel accounts so I guess they are also using these when they order something. However, that is something I will try.

I thought about registering the domain 1 day or 2 later so that I will at least save domain costs but of course this would disturb my honest customers.

My registrar does not refund : ( And unfortunately since I am using Paypal as my payment processor I can not really use fraud protection (i.e. I can not look at IPs etc.).

Maybe I could look at the IP they use when they sign up. If it is from Onga Bonga the order will be denied...but most of the time they use hacked proxy servers to log in to my Cpanel accounts so I guess they are also using these when they order something. However, that is something I will try.

I thought about registering the domain 1 day or 2 later so that I will at least save domain costs but of course this would disturb my honest customers.

PayPal or not, you do need to use fraud protection. MaxMind as mentioned is a great choice.

You should also consider phone verifying them. These are basic elementary things you should be doing. :agree:

I have to agree. There is no excuse for not using fraud protection of any kind. You can check the sign up IP addresses, check blacklists, check e-mails, perhaps deny free e-mails, require PayPal e-mail on signup, do not register the domain instantly - instead wait for the order to be verified, check proxy headers, check IP country against PayPal country, etc. :)

Just some things you can be doing yourself without the use of services such as minFraud from MaxMind - though fraud services can help to automate the processes - for example the telephone verification.

Hope that helps,

I think I will do it manually then. I have been running this business for 4 years and got signups from 5000 people. The fraud rate was around 0.1 to 0.2%. But now it is different. These ******** really get aggressive. Someone should put them out of their misery.

A few tips on Fraud Checking:

Use whitepages reverse phone search, make sure the phone number provided matches up to the city, state that the customer specified.

Use a geoip location service to check IP to the physical location provided by the client.

Do a reverse address search (whitepages.com again). Often times, either this or the phone number will get you a last name (if their main number is published). Compare the name to the one the customer provided.

The information you obtain always needs to be taken with a grain of salt, as their are occasions clients have a reason some of the data doesn't match up.

Anyhow, in most fraud cases...At least 1 of those checks will fail.

Personally, I call to verify each order, even if I think it's legit.

There's only 1 case of fraud where I called and the order was verified.

Whilst I can't comment on how to get hunt down fraudsters, I do know about domain buying.

Either Moniker.com, GoDaddy and... one other, which I've forgotten, all allow you to cancel any domains you buy within 4-5 days, and you get a refund.

With Moniker.com, there's a 4 day grace period (in which you can delete), and they charge a $0.25 fee.

With GoDaddy, it's completely free to get a refund, and I think the grace period is 3-5 days (not sure on the exact time). To do this with GoDaddy, cancel the domain from your account, and then reply to the cancellation e-mail they send you with something like "Please refund me the money for this domain" (or similar).

I hope this helps,
Tristan Perry

Someone keeps signing up for hosting accounts on my servers using different stolen Paypal accounts and identities. I register the domain name and have to pay it for a year in advance. One day later he sends hundreds of fraudulent phishing mails. This is really really bad now because:

- I may lose my Paypal account due to a large number of fraudulent orders
- I may lose my server due to the spam
- I am paying a lot of money to register domain names.

Anyway...does anyone have an idea what can be done against these bastards ?

Here's something you can use to stop the spam problems:

http://assp.sourceforge.net/

It's an outbound spam filtering software that I've heard works well filtering phishing e-mails too.

Do you use something like WHMCS or ClientExec to deal with your signups? They have optional modules...

6 months back, I had 2-3 fraudulent orders a week and this continued for a month.

Signed up for MaxMind's minFraud and phone verification. Now, 1 fraudulent order per month at MOST.

It costs around 10 USD a month to get their services and saves you 1000s!

Just wondering, does using phone ver really do much? Is it worth the price? Most of my orders are off IRC, and a few minutes of text pretty much lets me make up my mind on whether they are the person they say they are.

Like someone with an english name, etc, etc, US address, with an email in yahoo.cn and horribly broken english on IRC.

It costs 5 bucks for about 50 calls!

What do you mean by 'worth' it? Time? Efficiency?

It costs 5 bucks for about 50 calls!

What do you mean by 'worth' it? Time? Efficiency?

I guess so.
Order volume isn't really too high for shell hosts, I can normally check everything up myself at the moment.

Last fraud order was just funny.

[22:09:14] > ok ,can you answer verification phone call?
[22:09:20] <Dragan> no
[22:09:23] > why not?
[22:09:35] <Dragan> because this paypal its from irc
[22:09:39] <Dragan> i buy it
[22:09:42] <Dragan> for 15 $
[22:09:50] <Dragan> or its illegal in your company ?
[22:09:53] > so if i called xxx-xxx-xxxx
[22:09:55] > will you answer?
[22:10:01] <Dragan> no afcourse
[22:10:26] <Dragan> that is fraud ?
[22:11:06] <Dragan> one man give me on undernet
[22:11:11] <Dragan> nick : prisonman
[22:11:20] <Dragan> and i pay him 15$
[22:11:29] <Dragan> and he says to me that i can buy shells
[22:11:31] <Dragan> many shells

That is a great reason why its perfectly fine to not answer a phone call... I would highly suggest adding phone verification from maxmind. Why not spend 10-20 cents per a phone call to avoid fraud, your time, money, and chargebacks? A chargeback can cost anywhere from $10.00 to conduct from paypal, money spent to register a domain, and i'm sure criminal charges.

Depending on who they are, I could track them.

Any particular patterns in there orders?

Do you have some of the scripts / files they are using?

Really your systems shouldn't be allowing them to use foreign scripts. or you should be alerted when they upload such a script.

A couple things to consider when using Paypal as your only payment method. Under Profile, Selling Preferences and Payment Receiving Preferences, you may want to enable the following options:

Block payments from U.S. users who do not provide a Confirmed Address: Yes or Ask me

Block payments sent to me in a currency I do not hold: Ask me

Block payments from users who: Have non-U.S. PayPal accounts

That will block all international customers, and that is where most of the fraud comes from. It will limit your customer base, but you could offer to take alternative payments from them.

Block the following payments: Pay with eCheck for website and Smart Logo payments, or German bank transfer for all website payments except eBay

Check fraud is obviously easier to do than CC fraud, but I am not sure what Smart Logo payments are or what the story is with German bank transfers.

I am familiar with how Paypal fraudsters work too and would be happy to explain it. I'm a member of a forum that sells virtual credit cards and these are often used to open temporary Paypal accounts and can be used for fraud.

Something else to consider is getting another merchant account besides Paypal to offer your customers more than one way to pay, such as authorize.net, and using services like Versign, Thwart, and Geotrust can also help prevent fraud and give customers more confidence in your business.

Good luck and I hope that helps,
pogue

I guess so.
Order volume isn't really too high for shell hosts, I can normally check everything up myself at the moment.

Last fraud order was just funny.

Just an FYI, there are now VoIP services that provide "temporary" phone numbers, so some clever fraudsters might be able to bypass that method even.

Depending on who they are, I could track them.

Any particular patterns in there orders?

Do you have some of the scripts / files they are using?

Really your systems shouldn't be allowing them to use foreign scripts. or you should be alerted when they upload such a script.

I'm planning to run a web hosting service in the near future and have heard about some software that can be installed to let you know when scripts are uploading, do you know the names of any of this type of software and is it free?

Thanks,
pogue

I'm planning to run a web hosting service in the near future and have heard about some software that can be installed to let you know when scripts are uploading, do you know the names of any of this type of software and is it free?

Thanks,
pogue

WHM does this for me, it emails, texts and IMs me, the script file name, what account it's on, and where on the server, and what the script does. I love it:)

Regards,
Nick Kitmitto

WHM does this for me, it emails, texts and IMs me, the script file name, what account it's on, and where on the server, and what the script does. I love it:)

Regards,
Nick Kitmitto
That sounds very nice, I don't have anything like this set up, but I manually check accounts after they are set up, and then monitor them for a few days to ensure that they're not doing anything they shouldn't be.

How did you set up WHM to do this?

<<removed quoted post>>

Thanks!

Sorry, what's WHM?

What we do every day is when someone signs up and something seems wrong - ask the person for an ID verification or call them on the phone. Have a special note on the signup page that new orders are subject to verification. Fraud is just a part of the whole hosting industry and it's most likely going to increase.
As for spam emails limit the number to 250-400 an hour that an account can send. Check your mail queue a few times a day and check the uploaded mail scripts as well.