My friend told me over Thanksgiving dinner that her PayPal account was just ripped off by 1mhost.com

She registered a new domain name from the same website, and then filled in another online form for their 50 MB web hosting services. She got an email confirmation for the domain registration, but nothing for the 50 MB hosting package.

The next morning however, she finds her PayPal account charged for $134 dollars by Infospider.com (AltaVista.) Upon contacting them she learns that somebody had submitted a website for inclusion into the AltaVista search engine under her name. The website name is http://www.websublime.com a site she never had heard about before.

So we ran a domain check on this one. And lo and behold, websublime.com is registered through 1mhost.com.

When she confronted 1mhost.com they emailed back, that they knew nothing, but would do anything to help, including going forward with the set up of a hosting package. They requesteda a clean scan of the front and the back of her credit card, and also of either a passport or driver's licence for ID.

Needless to say, she didn't do that, because that's when she became suspicious.

So when she told me this story, I suggested to do a little bit of Internet research and this is what we came up with under the search term 1mhost.com:

===============================================================
Please note: the owner of the domain name is specified
in the "registrant" field. In most cases, Go Daddy Software, Inc.
is not the owner of domain names listed in this database.


Registrant:
john boush

Registered through: Go Daddy Software (http://www.godaddy.com)
Domain Name: 1MHOST.COM

Domain servers in listed order:
NS1.1MHOST.COM
NS2.1MHOST.COM

The previous information has been obtained either directly from the
registrant or a registrar of the domain name other than VeriSign.
VeriSign, therefore, does not guarantee its accuracy or completeness.

============================================================================
Please note: the owner of the domain name is specified in the "registrant" field.
In most cases, the Registrar is not the owner of domain names listed in this database.


Registrant:
samer karim

Registered through: domain name registration (http://www.1mhost.com)
Domain Name: WEBSUBLIME.COM

Domain servers in listed order:
NS1.WEBSUBLIME.COM
NS2.WEBSUBLIME.COM

The previous information has been obtained either directly from the
registrant or a registrar of the domain name other than VeriSign.
VeriSign, therefore, does not guarantee its accuracy or completeness.

=====================================================================

There also was a post in Smack:

=====================================================================
Smack! » Domain and Hosting Talk. Re: 1mhost.com

http://www.smackmb.com/viewthread.php?tid=149&page=2

Posted on 11.22.02 at 08:58 PM by Nita: nita@b.com

Someone sent me an e-mail about it, I don't know if it's true, but it probably is. Here's the e-mail:


Hey I just saw the postings on the smackmb about 1mhost.com hosting. Im
doing everything i can to keep people away from them. They charged over
$360 fraudulauntly on my card buying all kinds of things like registering
domains...looksmart search stuff..etc. This has become a nightmare. I
couldnt register on the board, so I just decided to email someone that
posted. Please post what i say...i dont want anyone else to go through what
ive been through the past 2 weeks.

With my credit card they registered websublime.net...which is the same as
websublime.com...which is also a fraud hosting they own..if you look in the
whois, 1mhost owns it.

STAY AWAY. WARN EVERYONE. I didnt scan my card, I submitted on the sign up
form. But stay away!!!

:angry:

WARNING: Do not sign up for webhosting packages through 1mhost.com (and possobly websublime.com) or you just might get ripped off by them. This is a group of people collecting credit card information and then using it to make unauthorized purchases and other website deals.

Naaasty...off to FWS.net to post this...looks real to me, not a rumor...
And I thought about buying hosting from them! :eek2:

Yes, PLEASE ANYBODY WHO HAS AN IDEA or access to other resources, PLEASE HELP SPREAD THE WORD!

My friend was lucky, because PayPal is real good about sending notification anytime any transaction goes out or in and therefore was able to react to this within less than 24 hours.

Infospider.com has granted full cooperation and did not only reverse these charges immediately, but also gave all info they had on their records about this fraudulent transaction. Contact Infospider.com if it also happens to you:

Oswaldo P Harris
Customer Service Rep / Credit card Fraud
ozzie@infoSpider.com
(408)635-2289x6040

keep it up ... Mod you can stick this for a while

Lol how are they stealing credit info if you signup with them?:eek:

Easy...have you taken a look at their order page?

Notice this?

CVV Code Explanation
For your safety and security, 1CHECKOUT requires that you enter your card verification number, if one is available. The verification number is a 3-digit number printed on the back of your card. It appears after and to the right of your card number.


What jumped out at me is "1CHECKOUT". LOL So i did a whois on 1checkout.com and guess what? It's owned by the same guy that owns 1mhost.com. LOL

So, they are manually processing credit card numbers...which means they have your details and can use it to purchase anything they want... :cartman:

My guess is: They're trying to make ppl think the form is using a third party billing system (like 2checkout) so ppl feel their CC info is safe..... lol...guess again!!

:eek: It's all a bit suspicious if you ask me.

Notice how their signup site isn't even SSL, that in itself should be a big warning against ordering from here. I'm sure they've fooled many people just by putting "128Bit SSL secure Site" at the top.

Yuck! This smells like rotten fish. If the address on the 1MHost web site is to be believed, they're a Canadian company as well which doesn't sit well with this Canadian. Maybe it's time to let their upstream provider in on their little secret.

I like this at the bottom of their order page...

>>
4. Card fraud is a felony punishable by heavy fines and jail time. Fraudulent behavior will be prosecuted to the fullest extent of the law.

Ha sanyone already suggested a chargeback?

Seriously why cant we just send banker endorsed checks for making any kind of payment.

I am going to take screen shots of every page on their web site. I'm sure somebody here is close friends with a Lawyer and can prosecute them.

This is outright credit card fraud!

I wouldent be suprised if the company is ran by a few 14 year olds

How about a visit to the BIB better internet bureau and see what they suggest?

I hate the thought of more unsuspecting customers getting ripped off.

As long as what's being said here is varifiable fact, then they should be stopped.

Customers do not always have the time to be educated on this stuff and I hate the thought of someone over the upcoming season having to put up with cc fraud because of some joker.

As long as what's being said is fact.

Screenshots is a good idea! If they pack up and take down the site, there wouldn't be anything to go by. I am doing the same thing. (for evidence.)

On Monday, I am going to take my friend to the local police. She is a younger girl that I mentor and I am going to help her the best I know how.

Again, if anybody out there has access to other forums, or means to alert others, please do so! And NEVER, NEVER send a scanned copy of a credit card or passport!


DanniRod :cool:

IT IS REAL AND VERIFYABLE>>> This is a scam conducted through the signup form when signing up for webhosting packages!

DanniRod

+++++++++++++++++++++++++++++++++++++++++++++


From: webmaster <webmaster@1mhost.com> add to address book Filter this address

Date: Mon Nov 25 2002, 7:15 AM GMT-05:00 show headers

To: xxx@go.com

Subject: Re: From : 1MHOST FEEDBACK


dear mr
i am really surprised about this???
your credit card was not charge due fraud risk ????
to proceed you have
to send us a clean scan copy from your passport or a driving licences
and the front and the back from your credit card

best regards

> 1MHOST FEEDBACK :
>
> - Company Name : xxxx-Powerxxxx.info
>
> - Contact Person : MM XXXXXXXX
>
> - Country : USA
>
> - City : Cxxxxxx
>
> - Tel : (413) xxx-xxxx
>
> - Fax :
>
> - Email : xxx@go.com
>
> - Comments :
After registering a Domain name (xxxx-powerxxxx.info on 11/23/02 I
also wanted to set up a hosting package with you. I used the online
form for a 50 MB package, gave all information, including my name and
credit card info, and clicked send. After that, I ususlly receive
confirmation of the charge via email, as it was charged to PayPal. I
did not get this. The question is, did you receive my request? Are you
certain the form works, and if so, where was the info submitted through
the online form forwarded to? Incidently I had an unauthorized
(fraudulent) charge of $134 on my credit card the following day. It may
not be connected at all, but I thought I ask. This charge came from
Infospider.com MILPITAS CA. By any chance, Does this mean anything to
you???

Blow them out of the water. Protect the community. No one deserves this sort of fraud or rip off. Especially around the holidays.

Maybe they could explain the practise of asking for the passport id. They could really do a lot of damage with all this information.

Then that just makes it harder for everyone else when someone wants web hosting next time.

Originally posted by Carboran
Ha sanyone already suggested a chargeback?

Upon contacting Infospider.com they promply handled the case by reversing the charges, and offering full cooperation in any investigation, including an investigation of their own.

This fast handling of this situation was mostly possible due to PayPals great service. As part of their services, they always send an instant email notification about any charges or changes to the PayPal account.

With a "normal credit card," people don't see what was going on until they receive their monthly statement, and sometimes, this isn't really checked carefully. Anyway, time was cruicial!!!!! This was handled within less than 8 hours.

and why are you double posting :eek:

And their phone number is a Country Club somewhere with an automated voice system.

My friend is too ashamed to post here, or any forum. She feels that she shouldn't have been this gallible, and should have realized that this deal was to o good to be true, instead of falling for it.

When asking her to explain what it was that made her sighn up, she thouth that they (1mhost.com) probably get most of their money through annual renewal of the domain name, which she had also registered that night through 1mhost.com. And that's why she wasn't suspiscious about the cheap hosting prices.

Interesting is, that the transaction to register a new domain went through smoothly and without incidence from the 1mhost.com web site. The trouble started with the signup form for a 50 MB WEB HOSTING package, which required to fill in a second, other form!!!!

I have no problem at all posting this to everybody. Of course it's easy for me to say, because I don't have a reason to feel ashamed.

IT IS, HOWEVER MY HOPE, THAT MORE PEOPLE COME FORWARD AND TELL ABOUT THEIR EXPERIENCE, without any fear of ridicule. It was not your fault - okay!!! IT IS IMPORTANT THAT YOU COME FORWARD!

Best,

Dannirod

maybe going through their provider would be a quicker route to shutting them down.

Originally posted by xxxx
And their phone number is a Country Club somewhere with an automated voice system.

I entered bogus details to see what happens and it just hung after the payments page.


YOU GOT TO BE KIDDING ME!!! (not really, just an expression!) I told my friend to go ahead and call the number - and I bet it was fake. I didn't ask if she did. So thank you for doing it, because that is what I suspected! LOL (not funny!)

Pigs!!!! :angry:

Originally posted by skelley1
maybe going through their provider would be a quicker route to shutting them down.


Any concrete suggestions how to proceed besides going to the police and posting to forums?

Someone also said contact BIB.

How do I find these guys provider?

http://www.staminus.net/company_info.php
which get their IP block from
http://www.savvis.net/

This info was found with http://www.ratite.com/whois/whois.html

Please verify before proceding, I just crawled out of bed.

The real host name for 1mhost.com is likely to be srv01.fullerton-ca.us.hostabox.net

A call to hostabox.net may get closer to them.

Originally posted by AlaskanWolf
and why are you double posting :eek:

Not sure what exactly you mean by double posting. Did I accidnetally hit "Submit Reply" twice.

Or if you are referring to a similar threat running under the Webhosting forum then the answer is clearly: BECAUSE IT IS SUCH AN IMPORTANT MESSAGE TO GET OUT TO EVERIBODY WHO COULD POTENTIALLY BE THE NEXT VICTIM. Not only relevant to web hosting but also resellers. I hope that makes sense and is not regarded as "offensive" to anybody. There should be exceptions to certain rules when it comes to protecting the general public. I hope that makes sense and you agree.

I was actually going to resister through them!!!

*evil!*

A little too good? Is it a case of buyer beware? But then the site looks up to snuff so the consumer gets taken in.

Just paid the site a visit. If they could or can really swing plans like that they would make a mint, and if they can't and are still just ripping people off well looks like they would still be making a mint.

Hard to say what lies beaneath just by looking at the outside.

I don't think it's anything she should be ashamed off... especially if she was/is unfamiliar with hosting and not able to pick up on little clues that show something is amiss yet.

I've only been following the forums for a good month now and have seen dozens of people who got lured into a hosting provider and then later come here to vent their frustrations. Unfortunally a lot of times they seem to come here full of anger and their complaint gets lost in the midst of shouting and bad choice of words.

I'm fairly new to - paid - hosting too, I did (or that's what I thought anyway) an extensive check on the company and it wasn't even an outrageous offer (slightly under $10/month plan) with no unlimited this or unlimited that.

Unfortunally for me I only found webhostingtalk a few days after signing up and then through a blog from a disgruntled previous customer. Mildy put the host had shown less then ethical practices on this board (no... not timeah :)) and I cancelled and am still trying to recuperate my money.

Luckily enough for me however the second company I signed up with - and still host with now - seems to be more then keeping up their end of the bargain but I have seen some people here mention they had to go through 4-5 before they settled down.

I wish her the best of luck with finding a new host. There seem to be a few trustworthy companies on here. Another thing I'd suggest is after doing a search to take complaints with some sceptism too. The valid ones are easy enough to distinguish from the ones who just want to vent and that just made outrageous demands on the host.
If she's inexperienced she (or you on her behalf) could do a post about what she requires and the budget she can spare for it. My suggestion would be to do it in this forum first rather then the requests one because hosts can't advertise themself here and that way people can comment on how feasible her request is. (Eg no 100Gb traffic with 150% uptime guarantee for $1/month)

[Edited to add that maybe a sticky post with suggestions on what to look out for would help for newbies? Things like: don't submit your credit card info with a site that doesn't have an SSL certificate. Things like that are obvious to most people but I'm sure some don't even know what SSL is and wouldn't be able to tell if the order page is secure or not. Just a thought]

This then can be cleared up or worked out the site is suspended and maybe someone can get to the bottom of this.

We at hostabox.net have just been informed of this matter and we are dealing with it.We do not condone any kind of fraudulent behaviour on our servers and we are investigating right now and it will be dealt with as soon as possible once we have all the facts.

The person is one of our resellers, he is currently hosting the following domains.

1checkout.com
1mhost.com
chemico-sy.com
chronicchaos.net
comar-sy.com
eye-adv.net
hiweb007.com
morrow-wear.com
pateperro.com
ph007.com
prof-nahas.com
quickreseller.com
r-bakkour.com
syrialine.com
websublime.com

Good result.

1mhost.com web site has been suspended...

Take a look: http://www.1mhost.com

Bye!

Thanks for this reply and reassuring words. I recommeded Catalog.com to this lady, this is where I first started out years ago. I believe she is well on her way to a better, longer lasting relationship.

My own websites are hosted by 1shwebhost.com - another GREAT one! Been there for almost one year. Good customer service and great C-panel.

But you are right, there are many who are being misled. I bet it even happens to the best of us from time to time, let alone a novice. :bawling:

DanniRod

Originally posted by DanniRod


Not sure what exactly you mean by double posting. Did I accidnetally hit "Submit Reply" twice.

Or if you are referring to a similar threat running under the Webhosting forum then the answer is clearly: BECAUSE IT IS SUCH AN IMPORTANT MESSAGE TO GET OUT TO EVERIBODY WHO COULD POTENTIALLY BE THE NEXT VICTIM. Not only relevant to web hosting but also resellers. I hope that makes sense and is not regarded as "offensive" to anybody. There should be exceptions to certain rules when it comes to protecting the general public. I hope that makes sense and you agree.

No, i dont agree to double posting's (spamming)

No matter how much you think its so important to double post, its called spamming. Since your new here, do everyone a favor and read the rules....

Originally posted by iceberg
We at hostabox.net have just been informed of this matter and we are dealing with it.We do not condone any kind of fraudulent behaviour on our servers and we are investigating right now and it will be dealt with as soon as possible once we have all the facts.

The person is one of our resellers, he is currently hosting the following domains.

1checkout.com
1mhost.com
chemico-sy.com
chronicchaos.net
comar-sy.com
eye-adv.net
hiweb007.com
morrow-wear.com
pateperro.com
ph007.com
prof-nahas.com
quickreseller.com
r-bakkour.com
syrialine.com
websublime.com

AWESOME = And a big thank you all who chose to get involved and took up arms to fight Internet crime for the rest of us. I was certain that if I get the word out, and make contact with more websavvy people, somebody will know exactly what to do. Well - you guys did. SWEET SMELL of victory! And a big thank you! I will call my friend right now and tell her what I always knew...crime doesn't pay, and people won't tolerate it.

We are getting in touch with Peter Berg - http://www.hostabox.net - to give him all the facts and details. That way he hears from the actual victim! Again thanks for paving the way and stirring us in the right direction.

Will keep you posted!

DanniRod

The reason for the smooth transaction with the domain is that 1mhost didn't handle those. 1mhost was signed up as a reseller. The domain name seller was also warned about these people before reaching Peter's partner, although only tech support were available at the time.

Thats not spam in any way. This is not a commercial message. Some people just jump to call anything spam, when in fact its not.

I'd suggest that if there's a case to prove here, that you gather as much information as possible and take it to the police, or the FBI. Find out where these people live and call their local police department as well.

This kind of thing disgusts me, and makes it all the more difficult for people in the hosting industry to gain the trust people should be able to put in us.

There seems to be so much of this kind of thing appearing on this board lately it's getting out of control. Just once I'd like to see one of these guys nailed between the eyes for it.

Greg Moore

It is obvious from all of the posts here that 1MHost is appearantly scamming people...and my question is in no way defending them...I actually know nothing about them....

I just have one question regarding the original post...

_____________
quote:
My friend told me over Thanksgiving dinner that her PayPal account was just ripped off by 1mhost.com

She registered a new domain name from the same website, and then filled in another online form for their 50 MB web hosting services. She got an email confirmation for the domain registration, but nothing for the 50 MB hosting package.

The next morning however, she finds her PayPal account charged for $134 dollars by Infospider.com (AltaVista.) Upon contacting them she learns that somebody had submitted a website for inclusion into the AltaVista search engine under her name. The website name is http://www.websublime.com a site she never had heard about before.
____________________

And now my question...

Since when does paypal charge anyone? With paypal you have to "pay" for something....

A person can send you a bill (request for money), but you have to approve it. The only other way I know is if your on a monthly subscription plan then you'd be charged automatically...

How did this person clean out her paypal account?

This incident is being handled! The site is off the net now and all other possible recourses are being initiated. Trust me, they will not rip off people again, at least not under 1mhost.com, that is.

And if it happens again, elsewhere, I am certain, sooner or later, someone will fight back again.

Best,

DanniRod

Yes, most people use PayPal to SEND payments. When you have a business PayPal account, they also issue a PayPal Mastercard. I hope that I get this right, but here is what I believe to be the case in this incident, using the PayPal Mastercard:


The 1mhost.com sign-up form asked for name, credit card information, credit card number, expiration date, and security code on the back of the card (I think this is a 3 or 4 digit number on the back of card.)

Once the sign up form was sent, somebody now had all the info to submit this information to legit businesses, charging under the stolen identity. So, again, customer beware!!!!! It is possible, even with PayPal.

I can't imagine a webhost requiring a copy of someone's passport!
Good thing your friend spotted that one.

All unsolicited commercial postings are spam.

Not all spam, however, is commercial.

Another term for what she's doing is called "cross-posting", informally called "spam" by some. Posting the same, or much the same, message to multiple discussions / categories on a bulletin board. Also covers posting the same message to multiple related newsgroups, whether or not the message is topical.

seems on the whole paypal issue that they signed up for a paypal account with that credit card info that was being stolen

Originally posted by iceberg
We at hostabox.net have just been informed of this matter and we are dealing with it.We do not condone any kind of fraudulent behaviour on our servers and we are investigating right now and it will be dealt with as soon as possible once we have all the facts.

Good job, Peter! Keep us posted.

Yes, a bit scary to think that they are asking for a clean scan of the front and back of a credit card along with a passport. Mind you, in my original post, there was another person, who said the exact same thing was requested of him/her. Of course, once THIS happens, red flags should go up IMMEDIATELY! NEVER send this kind of info.

I get the feeling this is a scam ran straight out of a prison somewere. :mad:
A bit scary, though!


DanniRod

Spam or not. It's called bad netiquette.

Why did this story feel like I was reading about a rape victim? :confused:

I'm sorry to learn about what happened but it's not surprising. There are scams everywhere online so your friend needs to learn some basic "buyer beware" common sense. Otherwise, I assure you she will be scammed over and over again.

It was an informative post that I'm sure has warned a lot of people. I hate it when people call everything SPAM when its not. The definition of spam has changed so much since it the term originated that now anyone see's a post they didnt specifically ask for, its SPAM. Well thats wrong.

Yes, I agree. Thruth is, she does feel like a rape victim, including feeling ashamed and partially guilty. I am glad she allowed me to act on her behalf. But she is coming along now, taking matters into her own hands. No need to feel this way, but yes, definitely lesson learned!

:(

I don't care what you call it, I call it a service to the general public. The outcome remains the same: No further harm is done to anybody. I am not interested in getting into a debate, whether this is SPAM to someone or a very much appreciated public announcement to others.

To me it's similar to a poster on the lamp post, warning people of a child molester in the neighborhood. Some may see it as an eye sore, some may see it as a blessing. It all depends.

This is the most recent standing of this case. Reading this might help some people to sleep a little better. We are getting to the bottom of this. Thanks to everybody who showed an interest and got involved!

============================================

Hello XXXXXX,

The person running the domain '1mhost.com' and several other domains hosted on our server (srv01.fullerton-ca.us.hostabox.net) ordered his reseller account on 8/14/02 using a Guaranteed Online Check, the order came from ip address: 212.31.117.81

Detailed Info:
8/14/02 12:23:02 PM
Originating IP: 212.31.117.81

Name: Samer Zraik
Address: 550 Grandaave
City: Lindenhurst
State: NY
Zip: 11757
Country: US
Telephone: 9052775757
Fax:
Email: soso10@glay.org

These dudes collected credit card numbers and then used them to purchase items somewhere else, it looks like ...there is a lot of info and we have to go through it carefully, due to the fact that their email folders contain credit card numbers we decided to encrypt everything for now and get it off the server, it looks like they used proxy servers when connecting to the account control panel but we have been able to identify some ip addresses they have been using when connecting to the pop3 mail accounts, ftp accounts and shell account, we do think that there are at least 2 people involved and that one of them is in the united states and the other one is located in syria.

We are trying to email all those people that placed orders with 1mhost.com, 1checkout.com and we are looking forward to contact with the authorities.



We are really sorry that this happened to you and that we had such '*******' hosted on our servers, we are a small company and still growing, the last thing we need is this kind of public relations, we will take a closer look at our resellers in the future to avoid such incidents.

Sincerly,
Susan Ruddle
sruddle@hostabox.net

Originally posted by labzone
Spam or not. It's called bad netiquette.

I took care of it. A little bit of editing and rephrasing. Hope this keeps everybody happy now.

:rolleyes:

Copies of credit card front and back are required sometimes... I know several large companies that require them .. and sometimes it is necessary to verify a genuine order.. to avoid later chargebacks.. I can see the vaildity of that, photo ID is also good.. again these things are sometimes required, so to say that you should never do that, is entirely up to you, but in some cases it will be the only way to get what you want.

Credit card fraud to merchants is very serious business and costs $$$ every year, the card holders aren't the only ones that need protecting.. even the bank advise that photo ID, signature or a copy/scan of the cc card used for an internet order is a good idea.. obviously not for every transaction though..

Obviously in this case.. your host was a fraud.. that sucks big time, sorry that you have been burned.

Oh, in this case, thank you very much for correcting me!

I didn't know this, neither did my friend. When she told me about this, it I couldn't but agree to never send a scan of a credit card.

But apparently, the old adage Never say Never applies. I guess the rule of thumb is: "Know who you are dealing with first."

Again, I do appreciate your feedback on this issue. Wouldn't want to put road blocks where they don't belong. Just want to do the RIGHT thing.

DanniRod

Thats ok, just know who you are dealing with and giving out your details to and you should have no problems in the future :)

Originally posted by fusion
seems on the whole paypal issue that they signed up for a paypal account with that credit card info that was being stolen

No, I don't think they signed up for a new PayPal account. What they did was to USE the idendity and credit card information and submitted that online to purchase services from other businness's. If you can provide a name, an address, phone number, and correct credit card information on a sign up sheet, it should go through. The trick is in getting the information. You and I coulnd't begin to guess somebody's name, address, phone number, cretit card type, number, expriation date, and security code. This was how they did it!!!!

Originally posted by DanniRod


I took care of it. A little bit of editing and rephrasing. Hope this keeps everybody happy now.

:rolleyes:

The comment about netiquette referred to your duplicate posts throughout different threads. The mods merged the threads so no big deal anyway.

I know you wanted to let everyone know about the scam but trust me... you only need to create one topic in the forum. Word spreads fast around this place. ;)

Originally posted by labzone


The comment about netiquette referred to your duplicate posts throughout different threads. The mods merged the threads so no big deal anyway.

I know you wanted to let everyone know about the scam but trust me... you only need to create one topic in the forum. Word spreads fast around this place. ;)

Thank you very much. I fully agree and think this was the best way to handle it. Of course it was my intention to spread the word as fast as possible, and I see you see that. Merging them into one is very appropriate! I have a feeling this thing is not quite over yet. Thank you for allowing me the use of this forum and the pivilege to post. Never has it been more appreciated than these days!

DanniRod

Originally posted by DanniRod
Name: Samer Zraik
Address: 550 Grandaave
City: Lindenhurst
State: NY
Zip: 11757
Country: US
Telephone: 9052775757
Fax:
Email: soso10@glay.org



thats about 20 minutes from where i live. maybe i should pay them a visit ;) . i can tell you right off the bat thats a fake phone number though , cause it would be in the631 area code if it was real

You can go by, but they may not be there! LOL

Good detective work, though! ;)

thank you for let us know, guy just placed 2 orders with me

one for 1mhost and other for 4fasthost.com .. using 2 credit cards, 2 names, 2 email, ......

Originally posted by 2Mhost
thank you for let us know, guy just placed 2 orders with me

one for 1mhost and other for 4fasthost.com .. using 2 credit cards, 2 names, 2 email, ......

That is simply remarkable. He knows everyone is on to him, yet he tries to re-establish himself on another host to continue ripping people off now that he's been kicked off hostabox. What will it take to convince this guy that stealling CC's can get you into serious trouble?

Lets say bad guy lives in California.
He orders for example hosting from you and that service is in New York.
They have crossed State lines and that is Federal.
About 20 years ago I helped the FBI get a guy that was using phone lines to do his crime. Those lines crossed the States from Nevada to Ohio.
You may want to look in to that.

One way that you can protect yourself against fraud is to check the IP that someone uses to sign up with against public lists of known open proxies. These are automatically queriable in DNS fashion at socks.relays.osirusoft.com and proxies.relays.osirusoft.com. If you are checking the IP 212.31.117.81, then you would do a host query on 81.117.31.212.socks.relays.osirusoft.com (in other words reverse the order of the IP bytes). If it returns domain not found, then the IP has not been verified as an open proxy. If it returns anything else, the IP is known to harbor an open proxy, and may be used by scammers to hide their true originating IP. You may wish to consider orders submitted from such IP's as having a very high fraud risk.

Originally posted by modihost
This is outright credit card fraud!

I wouldent be suprised if the company is ran by a few 14 year olds

I doubt there are many 14 year olds this sophistated to pull of an atrocity such as credit card fraud amongst many people and get away with it.

Just recently, on the news (CNN) I saw a couple arrested for credit card fraud on the internet. They were in their late 30's. Did anyone else see this? I didn't stay around to listen to all of the details

Well it looks like the guys are getting 1checkout.com setup again on kim.onefuse.com / onefusion.com

So in essence, we might as well have saved ourselves this entire trouble here, and just accept that this is a loosing battle. They do like Arnold: "I'll be bäck!" :crying:

Originally posted by xxxx
Well it looks like the guys are getting 1checkout.com setup again on kim.onefuse.com / onefusion.com

I contacted them (onefusion.com!) and again, urged them to keep an eye on this.

Originally posted by TheTech


I doubt there are many 14 year olds this sophistated to pull of an atrocity such as credit card fraud amongst many people and get away with it.

Just recently, on the news (CNN) I saw a couple arrested for credit card fraud on the internet. They were in their late 30's. Did anyone else see this? I didn't stay around to listen to all of the details

Yes, they put their butts in jail right here in Phoenix!
The police here do not play with these people!

Originally posted by Dotcomsnz
Copies of credit card front and back are required sometimes... I know several large companies that require them .. and sometimes it is necessary to verify a genuine order.. to avoid later chargebacks.. I can see the vaildity of that, photo ID is also good.. again these things are sometimes required, so to say that you should never do that, is entirely up to you, but in some cases it will be the only way to get what you want.

Credit card fraud to merchants is very serious business and costs $$$ every year, the card holders aren't the only ones that need protecting.. even the bank advise that photo ID, signature or a copy/scan of the cc card used for an internet order is a good idea.. obviously not for every transaction though..

Obviously in this case.. your host was a fraud.. that sucks big time, sorry that you have been burned.


Interesting about the front and back of a CC ( SCAN ), I do it all the time for orders ofver $1000, and the first time was when I opened an account with CDW in 1996, so I faxed them a copy.

I also have all my CC set up for signature request and or telephone verification.
so some of you folks know, The CC companies will do a lot of things if you tell them, this is for them to help prevent fraud. so set up your cards with verification, and telephone verification on orders over $500. you would be surprised how nifty it is.

Mike

CVV Code Explanation
"For your safety and security, 1CHECKOUT requires that you enter your card verification number, if one is available. The verification number is a 3-digit number printed on the back of your card. It appears after and to the right of your card number."


This doesn't appear fraudulant. If they have a real credit card processor and keep credit card on file for use of PayPal etc... Nothing at all wrong with it. In fact, most businesses do things like this if you have never done business with them before. As ADE mentioned, I myself have accounts setup this way for various purposes and with other vendors. Not everyone is a reseller with a third party easy form.

If you do real business on the web, (multiple thousands monthly through credit or credit card), your will eventually have an issue with your CC account. Just goes with the terrirtory. I've changed my cc numbers at least 2 times in the past 5 years.

And yes, if you purchase from a real company, they will have your credit card information. If they are a dishonest company, sure they could do fraudulant things with your account.

What's new here? I'm not hearing anything at all new.


If you don't want to use CVV or give the information, photo ID, etc.. to the so called company, then go look for another two dollar host or find a real company to deal with.

Oh my gosh... My friend was ripped off by a two dollar host with no real business license... oh my gosh how could this possibly happen... ? ? :bawling:

If it doesn't say LLC, Inc, Corp and it's not validated with the state in which they do business, then for crying out loud don't give them your credit card number. In my opinion even being a reseller without being a registered legal entity within your state ought to be illegal. There ought to be a law that states that if you want to resell web services, that you have to provide legal proof of corporate paperwork to do so. Lot less theft and gullable idiots, and alot less bottom feeders looking for them.

Sorry, I just don't have patience or sympathy for those that utilize no common sense. If you want treated right, then pay a real company to treat you right. That's how real business works.


Best wishes.

Originally posted by DanniRod


I contacted them (onefusion.com!) and again, urged them to keep an eye on this.

Yup we noticed that too while doing a search on all servers for any of the domains, 1checkout.com or 1mhost.com. FYI the account has been suspended and we are now looking through the access logs to find out the IP address of the person who frequently accessed the site. Should only be a matter of time before we find that IP and ban them all from our servers altogether.

Good example of what I'm talking about.

"ONEfusion.com ...."

Privacy statement? Corporate notification? Legal disclosure?

Where it states that they began offering web hosting services should be stating their corporate identity. It is their company page is it not? Not a word about what legal identity they hold.

No, they wouldn't get my credit card information no matter how nice the site looks. Just common sense.

Well, good news from kim.onefuse.com / onefusion.com. Their folks are very much aware of the situation and will not allow 1mhost.com or any related accounts to open or reopen.

Ahhh! Cheers :agree:

I agree, my friend was all that: dumb, blonde, naive, stupid, lacking common sense, and gullible,

but still yet, it doesn't justify anybody using bogus signup forms for webhosting to gather unsuspecting victim's demographics and credit card information.

Her thinking was more down the line, that 1mhost.com probably makes the bulk of their money through annual domain name renewal, not so much of the web hosting, and that - as you ought to know - is not far fetched!!!

Just my comment... https://www.1mhost.com/payment/order.htm

:( >>Oh my gosh... My friend was ripped off by a two dollar host with no real business license... oh my gosh how could this possibly happen... ? ? :bawling:

This is G o o g l e's cache of The BOGUS SIGNUP SHEET/FEEDBACK FORM G o o g l e's cache is the snapshot that we took of the page as we crawled the web.
The page may have changed since that time. Click here for the current page without highlighting. To view to or bookmark this page, use the following url:
BOGUS SIGNUP SHEET/FEEDBACK FORM
http://216.239.51.100/search?q=cache:-wrgAwHPP4UC:https://www.1mhost.com/payment/order.htm+1checkout&hl=en&start=1&ie=UTF-8
Google is not affiliated with the authors of this page nor responsible for its content

=============================================

Bit SSL secure Site


1MHOST.COM high secure payment

Order details:

Step 1
Select your Package
Step 2
Domain Name Selection


Step 3
Card Holder information

Step 4
Credit Card information




Package information


Chose a package

Domain information
Domain Name WWW.

Domain RegistrationRegistered Not Registered

Card Holder information
first name
middle Last
Card holder full name

E-mail

Address

City

State

Zip/Postal Code

Country

Telephone


Credit Card information
We accept: Visa, MasterCard, AmercanExpress, Discover
Type

Card number

Expiration date

CVV code

Bank Name

Bank Phone

CVV Code Explanation
For your safety and security, 1CHECKOUT requires that you enter your card
verification number, if one is available. The verification number is a 3-digit
number printed on the back of your card. It appears after and to the right of
your card number.


1. All information must match card account records as provided by the card issuing
bank.
2. All information provided is strictly confidential and will be used solely for the
purpose of filling your order.
3. The address of your computer and your ISP provider have been determined, and
recorded as a safeguard against fraudulent behavior and may be used by SterletNET
or legal entities to prosecute guilty parties.
4. Card fraud is a felony punishable by heavy fines and jail time. Fraudulent behavior
will be prosecuted to the fullest extent of the law.

TO VIEW THE BOGUS SIGNUP SHEET/FEEDBACK FORM ON THE INTERNET Click here:
http://216.239.51.100/search?q=cache:-wrgAwHPP4UC:https://www.1mhost.com/payment/order.htm+1checkout&hl=en&start=1&ie=UTF-8

Originally posted by NewMerchant
CVV Code Explanation
"For your safety and security, requires that you enter your card verification number, if one is available. The verification number is a 3-digit number printed on the back of your card. It appears after and to the right of your card number."

Sorry, I just don't have patience or sympathy for those that utilize no common sense. If you want treated right, then pay a real company to treat you right. That's how real business works.


Best wishes.

Did you get a good look at the bogus form? Does it look familiar 1CHECKOUT ?

So, pleeeeze...

Please note: the owner of the domain name is specified
in the "registrant" field. In most cases, Go Daddy Software, Inc.
is not the owner of domain names listed in this database.
Registrant:

john boush

Registered through: Go Daddy Software (http://www.godaddy.com)
Domain Name: 1CHECKOUT.COM

Domain servers in listed order:
NS1.WEBSUBLIME.COM
NS2.WEBSUBLIME.COM

The previous information has been obtained either directly from the
registrant or a registrar of the domain name other than VeriSign.
VeriSign, therefore, does not guarantee its accuracy or completeness.


=====================================================================
Please note: the owner of the domain name is specified
in the "registrant" field. In most cases, Go Daddy Software, Inc.
is not the owner of domain names listed in this database.


Registrant:
john boush

Registered through: Go Daddy Software (http://www.godaddy.com)
Domain Name: 1MHOST.COM

Domain servers in listed order:
NS1.1MHOST.COM
NS2.1MHOST.COM

The previous information has been obtained either directly from the
registrant or a registrar of the domain name other than VeriSign.
VeriSign, therefore, does not guarantee its accuracy or completeness.

============================================================================
Please note: the owner of the domain name is specified in the "registrant" field.
In most cases, the Registrar is not the owner of domain names listed in this database.


Registrant:
samer karim

Registered through: domain name registration (http://www.1mhost.com)
Domain Name: WEBSUBLIME.COM

Domain servers in listed order:
NS1.WEBSUBLIME.COM
NS2.WEBSUBLIME.COM

The previous information has been obtained either directly from the
registrant or a registrar of the domain name other than VeriSign.
VeriSign, therefore, does not guarantee its accuracy or completeness.


=====================================================================

By the way, it was WEBSUBLIME.COM that was submitted under false idendity, and under flase credit card to Infospider.com.

So, I personally wouldn't take anything NewMerchant says here too serious. Guilt talks!!!!

Below is a receipt of the credited back transaction. If you have any questions, please reply to this email and I will be glad to forward any information that will help you in your investigation concerning this matter. Thank you.


VQVF72953224

Request Data
Trans ID: VQVF72953224 Login Name: isverisign
Timestamp: 2002-11-25 14:51:59 Trans Type: Credit
Duration: 0.00 Tender Type: MasterCard
Client IP: 216.168.254.142 Account Number: XXXXXXXX
Client Version: 3.00 Expiration: 0603
AVS Street: Sheraton Hotel Amount: $134.00
AVS Zip: 07000 Email: ozzie@infospider.com
Comment1: credit back-fraud Comment2: www.websublime.com
Recurring:

Results
Result Code: 0 Response Message: Approved
Auth. Code: Orig Trans ID: VRMF81008234
AVS Street Match: Orig Amount: $134.00
AVS Zip Match:
International AVS Indicator: X CSC Match:
Batch ID: Credited Amount: $0.00



Sincerely,


Oswaldo P Harris
Customer Service Rep / Credit card Fraud
ozzie@infoSpider.com
(408)635-2289x6040

Originally posted by DanniRod
Did you get a good look at the bogus form? Does it look familiar 1CHECKOUT ?

No. I didn't have to. I didn't have to read any of this. If it doesn't say company... and I mean real company.. don't give your credit card numbers out. Simple as that. It doesn't make any difference if they have a fake nose for all I care let alone a form. Start with doing business with real businesses and you won't have to worry as much about it. Real businesses don't play games. They don't have time to. They have a real investment in what they are doing and will treat you like a customer if they want any reputation at all.

A company rips you off... You have legal recourse. Non legal entities will not gain you much of a recourse.

Just like I said, before anyone does business on the web they ought to have to prove legal business status to even attempt doing business. Unfortunately the web is full of this non legal reseller garbage, be your own host etc.. I bet if real hosting companies ended up legally responsible for non-legal, unlicensed and uninsured within their network, for creating opportunities to establish this same business with no real legal authority operate as such, ... things would change for the better quickly.

<edit>added to the above post....</edit>

Hello
My gut instinct is that this person is in Syria (based on that list of domains).

We have a couple of medium sized business customers in Syria and they can't get credit cards.
They always pay by bank transfer.

The one thing that always interests me about these cases
is how these people seem to attract so much interest/customers.
How do they advertise them selves?
Do they want a proper job?
They obviously have a lot of marketing skill to attract so many customers.

Gordon

We have a couple of medium sized business customers in Syria and they can't get credit cards.

RIght, and so the alternative is to get other peoples instead

How do they advertise them selves?

Which brings us back to how this thread started, after a search engine submission for their sites was found out

Do they want a proper job?

Possibly, but can they get one? The irony is that as they're clearly not above putting in some effort, and there's a captive market (in this case rather more literally than that phrase usually means), and so they could make money legitimately - but not as much as if they ripped off cards with a low profit scheme and then used them to purchase higher value goods.

They obviously have a lot of marketing skill to attract so many customers.

Some, although they're not that visually creative, going for the standard design of text + 1 stock photo on their site homepages, nor technically skillful or particularly good at hiding their fraud activities. However, it was nevertheless an effective combination.

guy still trying to ******** his domains 1mhost, .......... he use many cards, he order from this IP:


66.198.41.10

If the fraud is that blatant, then why don't people just report this sort of thing to local law enforcement?

I don't understand the mentality around here, where someone is scammed, or knows someone scammed - but then simply visit web forums to tell of it.

This isn't the playground - you are allowed to tell a grown-up! If someone experiences fraud, at any level, then you call the police! [preferably the non-emergency number].

Regarding reporting to the police. I am all for it, but where does a person go?

I seriously doubt, that any overworked, understaffed local police department is remotely interested in a credit card fraud case that took place over the Internet. Heck, we can't even get them to look for our recently stolen bike. They'll probably say, hey, you got your money back, consider yourself lucky (stupid!)

I don't believe they'd go to Syria to slap some cuffs on these guys. I know, it stinks. I think that people here in this forum have done an excellent job of getting more accomplished in a day, than a stack of police reports sitting somewhere on a desk in an inbox at a police department.

Please correct me if I am wrong! :)

Thats about the size of it.

In one case we were able to identify exactly who and where a fraudster was and reported it to the police.
They toils us to report it to our bank.
Our bank told us to report it to the police.
And so on.

If they had sent someone round to his house they would have found him in posession of lots of stolen card numbers but they have no interest in this type of non-crime because it crosses police force boundaries.

They leave it up to the card companies.

Gordon

Originally posted by NewMerchant


I bet if real hosting companies ended up legally responsible for non-legal, unlicensed and uninsured within their network, for creating opportunities to establish this same business with no real legal authority operate as such, ... things would change for the better quickly.

Now, I agree with that! :angry:

Originally posted by GordonH
Thats about the size of it.

In one case we were able to identify exactly who and where a fraudster was and reported it to the police.
They toils us to report it to our bank.
Our bank told us to report it to the police.
And so on.

If they had sent someone round to his house they would have found him in posession of lots of stolen card numbers but they have no interest in this type of non-crime because it crosses police force boundaries.

They leave it up to the card companies.

Gordon

That is why I said, sometimes - not all the time, but sometimes - people have to do what they can, as people. Consider it a "Neighborhood Watch." as I consider the Internet my neighborhood and I would like to see it a little safer!

Public exposure, and real people getting involved, can work wonders sometimes! It doesn't make us heros, but it is a way to say, we won't tolerate it. The rest is up to the individuals.

The police couldn't have done it any better. (Sorry guys - I respect you, but I know fact from fiction!)

I don't understand the mentality around here, where someone is scammed, or knows someone scammed - but then simply visit web forums to tell of it.

Simple. The fraud was reported and an hour or so later we had the sites shutdown. It won't always be so easy to home in on the hosting provider concerned but in this case it was. Now the people concerned are trying to get their hosts back up but they're trying people that have already heard about it. Alerting the card companies and authorities, although exactly whom is never immediately clear, should of course be done as well, but putting the word out can also be very effective.

If local law enforcement aren't interested, then try federal?

I'm in the UK, so I'm not sure what the proper structure is over there in the USA.

But I can;t believe you folks are seriously telling me that credit card fraud isn't treated as a criminal offence in the USA?

Getting the word out - yes, that's good. But a criminal offence is a criminal offence, yes?

I'm sure I could get a serious response in the UK, even if it did cross county/national boundaries.

Besides - and here's something to think about - if anyone accuses another person of a criminal offence in public, without being able to back up that allegation [ie, police report], then so far as I know that could constitute the basis of a slander/defamation of character lawsuit against the accuser.

im just thinking is this related to www.2mhost.com
just ???:rolleyes:

If local law enforcement aren't interested, then try federal? I'm in the UK, so I'm not sure what the proper structure is over there in the USA.

I'm in the UK too. The dudes look to be in Syria, and just a few weeks ago there was some case of credit card fraud busted over there - however, they could just as easily be living in Slough and using a dialup to the access point in Syria. Ultimately the authorities need to get involved so that phone records and ISP logs can be procured and so on, but whom do you contact. Obviously authorities can liase across national boundaries, and ideally there would be a local freephone number, an 0800-STOP-FRAUD or something, in every jurisdiction that one could call and start the wheels in motion, but I'm not sure there is. Particularly now that the private individual can collect useful information quickly, it makes all the more sense to have a drop off point that such info could then be sent no matter where you live.

Besides - and here's something to think about - if anyone accuses another person of a criminal offence in public, without being able to back up that allegation [ie, police report], then so far as I know that could constitute the basis of a slander/defamation of character lawsuit against the accuser.

Certainly, and so one shouldn't accuse in a public forum, (although that doesn't stop people doing it, e.g. the comments about 2checkout that are flying around of late), but I think that alerting users of the possibility of such an offence being committed, particularly once there is compelling evidence, is ok. This thread only started because someone was ripped off.

It would be interesting to call our local police station night shifts and see whether they'd have any idea about whom to pass the issue onto.

Actually I'm trying now as I can't resist finding out :)

Update: The local police said to call 999 and they'd pass details onto a relevant department if possible, so I suppose that's reasonable and no suprise.

Heh, the police in the UK have to follow every inquiry!

Someone climbed into our yard and tried to steal my 3-year old daughters slide. I chased him off empty-handed, but still ended up being called in to go through photo records with 2 officers. Felt a little guilty for using up the time - but the point of doing was that I'd seen the guy around - seem him dealing to scum - and I wanted to ensure there was a police record of the attemtped theft, because if I see him again I'm going to grab the tosser. Reporting a seemingly insignificant attempted crime was to cover my own back for grabbing him in future.

The law suit issue - reporting the offence is a good idea - if nothing more than law enforcement have better resources to ascertain better the wider circumstances.

More than one person has taken others to court over libel charges - and won, even though the accusations later turned out to be completely true [Robert Maxwell, Jeffrey Archer, etc]. Reporting can protect a person's own back, as well as chain down against the fraudster.

Police here are useless -- especially when it comes to internet crimes.

I tracked down a fraudster and had his address and everything, and the cops just laughed. They didn't know anything about the internet at all. I spent some time trying to explain what web hosting and IP addresses are, but it was of no use, and they just wanted to get back to their doughnuts.

They didn't even file a report. When I called back later, they had no record of my visit.

Originally posted by Lurleene
Police here are useless -- especially when it comes to internet crimes.

I tracked down a fraudster and had his address and everything, and the cops just laughed. They didn't know anything about the internet at all. I spent some time trying to explain what web hosting and IP addresses are, but it was of no use, and they just wanted to get back to their doughnuts.

They didn't even file a report. When I called back later, they had no record of my visit.

I have a feeling this is the way it goes here in the US, at least more often than not. However I agree a report should be filed.
Also there is this place. This might be a start:
http://www1.ifccfbi.gov/
:eek:

I think this issue proves to us all the continuing need to remain vigilant and aware of the constant threat of Internet Fraud

I doubt this is a problem unique to the US. While I'm sure that any local US police department will help you file a complaint, most local police departments (in the US or any other country for that matter) will be unable to investigate this type of crime. More than likely this will have to be taken care of by a special federal or national cybercrime unit.

I have had a run of frauds today.
Havent had a stolen card passed for nearly three months and then I get three today.
All due to advertising on Hostsearch (something I have no done for ages, and stopped because of the frauds).

Gordon

He tried to get a server under the name 1checkout.com. I had already deleted his orders before seeing this thread.

Poor Gordon!!!! Originally posted by GordonH
I have had a run of frauds today.
Havent had a stolen card passed for nearly three months and then I get three today.
All due to advertising on Hostsearch (something I have no done for ages, and stopped because of the frauds).

Gordon

Originally posted by Incognito
He tried to get a server under the name 1checkout.com. I had already deleted his orders before seeing this thread.



That's right, Incognito, there was a temporary "under construction" page on the Internet, that came up doing a Google search under search term "1checkout."

If you check out the "bogus" 1mhost.com signup form, the name 1CHECKOUT is right on it!!! I just found out about this, (heard this 1CHECKOUT name for the first time,) after NewMerchant mentioned it in a recent post. Couldn't really understand if he was with them, defending them, or just sayin'. LOL :eek:

Click this link to see for yourself:
http://216.239.51.100/search?q=cache:-wrgAwHPP4UC:https://www.1mhost.com/payment/order.htm+1CHECKOUT&hl=en&ie=UTF-8

so is this related to 2mhost.com :confused:

Originally posted by NewMerchant

If it doesn't say company... and I mean real company.. don't give your credit card numbers out. Simple as that. It doesn't make any difference if they have a fake nose for all I care let alone a form. Start with doing business with real businesses and you won't have to worry as much about it.

IF I wanted to rip people off, I wouldn't hesitate to put company, ltd, or similar abbreviation, after the name of my business. I would state that I use SSL, even if it isn't true, and give an address in a business-building somewhere. To everyone visiting my site, it would LOOK legitimate, unless they checked the SSL thing in the browser window, and most people don't know about that... or enough people don't know about that to give me enough money anyway.

If I keep doing it for a year, I might make a lot of money. If no one finds out about it no one can tell anyone about it.

Calling them might not be an option if they have business in another country. Remember, the Internet is international. Checking to see if the address is OK, might be possible, but if they stated a real address, how do you know they aren't listed there. They can't be found in the Yellow Pages? They just changed address/phone number/small glitch in the system/didn't pay the Yellow Pages.

Calling them might not be an option if they have business in another country.

If you have a phone then calling is always an option unless the number is bogus. In this case it was a country club. The address was valid, apart from the spurious word 'ajax', and which didn't occur in other addresses in the same region. Doing a search on the post code also showed up the country club.

Checking to see if the address is OK, might be possible, but if they stated a real address, how do you know they aren't listed there.

Tricky, but you can do a google search. Particularly if it's part of a big office complex, it's possible that other unrelated documents will make a reference to the company being a tenant. Google can be your friend.

They just changed address/phone number/small glitch in the system/didn't pay the Yellow Pages.

Which in itself might be indicative of business incompetence and mean that moving on elsewhere might be wise.

But unless you start distrusting everyone, you'd spend forever checking every company, and given that you'll get the money back from the card companies anyway if you're ripped off, who's going to bother to check every time.

Hmm, with the new Patriot Act in effect, I'd call Mr. Tom Ridge and tell him the Al Qaeda is hiding behind 1mhost.com scamming money for more flight training.

Talking about al qaida might not be such a good idea. Pranks like that might get you into a lot of trouble.

You mean like that bus driver?

Originally posted by 2Mhost
guy still trying to ******** his domains 1mhost, .......... he use many cards, he order from this IP:


66.198.41.10

That's Damaskus in Syria


Nice website:
Geobytes IP locator, fill in an IP number to pinpoint location!

http://www.geobytes.com/IpLocator.htm

Not bad, but that locator puts me at least three driving hours away from where I am. I guess that's good for me, but bad if I really relied on it to find some one.

It got me completely wrong even though our office address is on our Ip records at RIPE.

It took our providers records.

Gordon

More scams :angry: :mad:

Wow this is an active thread. Wish I'd have found it BEFORE "hosting" with 1mhost.com. They used my credit card to register 4host.us, so add that to the list of bogus domains, though I'm going to try to wrest control of it from them, by faxing a form to network solutions. They will also email the address on record, wardsalem2@hotmail.com, though I have plans on how to render that email useless.

By the way, and I've only done a quick browse through all these posts, but I think I may have been responsible for getting 1mhost.com yanked. I did a traceroute and the last hop was with staminus.net, so I called them, and his site was down the next day (this was last Wednesday I think).

Also this morning I think I got his paysystems.com merchant account through 4cnet.com closed. He had one on websublime.com that was closed, try to "order" on that site and you will get the message from security@paysystems.com. I emailed them and informed them he had a new merchant account at 4cnet.com, and they terminated it within hours.

After several days of inactivity, whois shows that 1mhost.com has changed his name servers. Yesterday he was with deru.net, today with indyserv.net. Seems like we are keeping him on the run.

Another interesting thing. His original 1mhost.com page said at the bottom it was designed by eye-adv.net. That site is now defunct. Doing a whois on them shows an email address @scs-net.org: the Syrian Computer Society.

I've got a complaint on file with the FBI, and am going to forward them this thread if that's OK. I could also do some programming, such as cron-ing whois every day to stay on top of his name servers and such on a day to day basis, if there would be interest.

wow , this is a good post , i see lots of colaboration here . This is the type of community action WHT is all about . Hopefully this person can be stopped , and punished properly . People like this make me sick , hopefully his syrian government catches him , and cuts off his hands for stealing or something , or just beats him to death . Hopefully thats not to harsh , but the world be better off with less people like this anyways

Originally posted by case
wow , this is a good post , i see lots of colaboration here . This is the type of community action WHT is all about . Hopefully this person can be stopped , and punished properly . People like this make me sick , hopefully his syrian government catches him , and cuts off his hands for stealing or something , or just beats him to death . Hopefully thats not to harsh , but the world be better off with less people like this anyways

I agree, there have been quite a number of people who truly cared and immediately sprang into action. Awesome!:beer:

Continued investigation strongly suggests this is indeed terrorist activity. Do a google search on the word "syrialine", this being one of the domains from hostabox.

You will get one result, an Israeli site that points out a site called h4palestine: hackers for palestine. Doing a whois indicates this same "ward salem" person, who is using the "wardsalem2@hotmail.com" address in association with the 4host.us domain he registered using my credit card information.

Gotta go supplement my FBI complaint....

Originally posted by jb4mt
You will get one result, an Israeli site that points out a site called h4palestine: hackers for palestine. Doing a whois indicates this same "ward salem" person, who is using the "wardsalem2@hotmail.com" address in association with the 4host.us domain he registered using my credit card information.


Very, very scary! as well as upsetting. Good detective work! I am very impressed with what has transpired so far. There are a number of another very knowledgeable people here who have done a great job contributing and investigating.

Please stay on their heels! :smokin:

Originally posted by creedance
so is this related to 2mhost.com :confused:

It very well could be. I first decided to use 1mhost.com after finding them on hostsearch. The heading for their plans falls under "websy".

I also found websy.net doing a whois on syrialine.com. Ward Salem, webmaster@websy.net, being the administrative contact.

A whois on websy.net reveals sterlet.net as the NameServer. Browsing to sterlet.net redirects you to unixhoster.com. A traceroute on 2mhost.com shows "alexandria.unixhoster.com" as the last hop.

Draw your own conclusions. Mine is this, SMIIW: 2mhost.com and unixhoster.com may well just be fronts. And he's posting on this board, acting like he's a good citizen.

I'll also tell you why. I had my suspicions about 2mhost.com earlier this week. I put through a bogus order on their system. He appears to use SSL, but really doesn't: you can always change the url protocol from https to http, without a hiccup.

Like 1mhost.com, his site does NOT do address verification, or mod-10 checks on the credit card. And the "thank you" page is word for word the same as the one I got from 1mhost.com, right down to the typo where there's an extra period between "mhost" and "com" in the name server addresses.

This is my last post. I will still follow this thread, and encourage people to contact me via email. In the meantime I will be doing ALL I can in pursuit of justice.

Originally posted by GordonH
It got me completely wrong even though our office address is on our Ip records at RIPE.

It took our providers records.

Gordon

Seems unreliable then. Dang!
I kind'a liked it because of the visual aide (the map!)

:rolleyes:

Originally posted by jb4mt

2mhost.com and unixhoster.com may well just be fronts. And he's posting on this board, acting like he's a good citizen.

I'll also tell you why. I had my suspicions about 2mhost.com earlier this week. I put through a bogus order on their system. He appears to use SSL, but really doesn't: you can always change the url protocol from https to http, without a hiccup.

Like 1mhost.com, his site does NOT do address verification, or mod-10 checks on the credit card. And the "thank you" page is word for word the same as the one I got from 1mhost.com, right down to the typo where there's an extra period between "mhost" and "com" in the name server addresses.


Hmmm... well then lets ask 2mhost.com to make a comment right here into the forum!

2mhost.com would you like to explain??? :eek3:

someone emailed me to continue read this long thread, and i surprised .. my name is here .. !!!!!!


here is my official response:

1. 2mhost.com do not know anything about unixhoster.com or sterlet.net, sterlet.net was a reseller of us 1 year ago or more.
if you have something about another host then please email them direct .. do not contact me

2. 2mhost.com IS NOT 1mhost or host 1mhost or whatever anything about 1mhost and do not host single customer from Syria or isreal or east-south Asia ( accept Japan ), we do not host any sites contain hate material or even mlm schemes .. we alsways pick our customers, YES .. we pick domains we host to avoid any such issues.

if you want me to cancel any account hold my DNS, please fax the evedinces to: 707 8970584 not by email.


:angry:

Originally posted by 2Mhost
[B]someone emailed me to continue read this long thread, and i surprised .. my name is here .. !!!!!!

here is my official response:

1. 2mhost.com do not know anything about unixhoster.com or sterlet.net, sterlet.net was a reseller of us 1 year ago or more.
if you have something about another host then please email them direct .. do not contact me


How could you not know anything about unixhoster.com when they are the last hop on the traceroute to 2mhost.com? Why didn't you address the issues of your phony https order page at:

http://www.2mhost.com/2m/step4.php

I got this address by going through the first 3 steps, then changing the protocol from https to http. Apparently you don't have an SSL certificate.

Why didn't you address the issue that you allow orders through without doing address verification, and without even doing mod 10 checking on the credit card number? Over an unencrypted HTTP connection no less.

Nice American fax number at area code 707, though, I must admit. It must be real tough to get one of those through efax or jfax even though you're in Alexandria, Egypt.

1. I'm Egyptian, and you may be the last one in world do not know that, i submited american fax number to help honest ppl send me any serious complaints

2. i have SSL cert optained from geotrust, you can run it on
https://www.2mhost.com/anything .. and order submited from 128bit secure server, i think you need an openion from some experts before talking more about this point

3. its long story about unixhoster domain *name*, however you may contact unixhoster and submit your complaints there.

overall .. i do not think i can gain 4000 customers, more than 10000 domains and stay on market for nearly 2 years if in involved in this crimes ..

jb4mt ... you owe me an oplogize

this is the last response about this thread.

WoW, this guy http://1mhost.com/ has some nerve. The site is back up.

:rolleyes:

I am hooked on this topic, I like to see where it ends.

Someone just sent me an email pointing out that 1mhost.com is pointed at Deru's name servers....

They attempted to sign up with us at Mon, 02 Dec 2002 05:03:09 MST, under the name of "Christian Kastner" from IP address 66.198.41.10.

Even though our signup form clearly points out that we verify all signups they were silly enough to post from a Syrian IP with a name of "Christian" having an address in Austria, using a domain registered to someone in Lebanon whose admin contact uses a domain registered in New Zealand. Funnier still, they use wildwestdomains, which a registrar less than a mile from our office. :-)

We typically delete those obvious fraud accounts as fast as they come in, but this guy was caught up by a nice "feature" of whm/cpanel in that a username can't start with a number - and our sign up tool tried to create the username (based on the domain name) of 1mhostc - so the account was never set up.

After reading this thread I have to chuckle - mostly because I asked him to send a copy of his credit card front and back and a letter of authorization to charge his card just to see if he would do it (and so I would know which bank to call to help out the poor fella named Christian who just had to have been persecuted in Syria) - he never responded back but was silly enough to point his domain at one of our name servers.

We were not damaged at all (it's taken me longer to write this than the sum of the time dealing with this twit) so don't have a legal case to pursue, but if anyone needs any further info, please feel free to email me at darin@deru.net and I'll pass on whatever information we have.

Darin

They move fast!

Originally posted by 2Mhost
2. i have SSL cert optained from geotrust, you can run it on
https://www.2mhost.com/anything .. and order submited from 128bit secure server, i think you need an openion from some experts before talking more about this point


He does have a valid Equifax cert until February.

Just a note on not performing address verification and Mod-10 check summing on inbound signups - if you automate all that, in my opinion you are not saving yourself (as a provider) from any fraud, instead you just make yourself an automation tool for people (or cc theft rings) gathering credit cards and looking for a fast, inexpensive way to validate them. These guys have everything they need, right down to the CVV2 numbers, to get cards past your automated tests.

IMHO, You should perform address and Mod-10 tests *after* running the request through a whole bunch more sanity checks, such as verifying that the request doesn't come from an open proxy as mentioned earlier, that the incoming request is coming from an IP that matches the customers address, etc and as many other tests as you can stomach.

Additionally, make sure your signups come from your signup pages (check the referer) and not someone else’s automation pages and force your customers through SSL for their protection (as mentioned earlier).

I have had more fun un-automating the checks and letting the accounts be auto-created than I did when I automated as much as I could. There is nothing like letting the fraudsters invest time in their new site, including uploading their hacking/scam tools, then taking the sites down. You can learn a lot from what they leave behind.

Darin

Originally posted by dwayrynen
I have had more fun un-automating the checks and letting the accounts be auto-created than I did when I automated as much as I could. There is nothing like letting the fraudsters invest time in their new site, including uploading their hacking/scam tools, then taking the sites down.
Darin

:D

Oh, shoot! :kaioken: Who is hosting them now????

http://www.1mhost.com

Originally posted by DanniRod
Oh, shoot! :kaioken: Who is hosting them now????

http://www.1mhost.com

Last 6 lines of traceroute for 1mhost.com:

11 152.63.115.146 23ms 16ms 16ms TTL: 0 (0.so-0-0-0.TL2.LAX9.ALTER.NET ok)
12 152.63.3.193 75ms 79ms 95ms TTL: 0 (0.so-6-0-0.TL2.DCA8.ALTER.NET ok)
13 152.63.36.41 111ms 105ms 79ms TTL: 0 (0.so-6-0-0.CL2.DCA1.ALTER.NET ok)
14 152.63.38.177 85ms 91ms 94ms TTL: 0 (194.ATM6-0.GW5.PIT1.ALTER.NET ok)
15 65.217.197.62 100ms 91ms 138ms TTL: 0 (ipath-gw.customer.alter.net ok)
16 65.242.161.14 93ms 99ms 86ms TTL:239 (host4.indyserv.net ok)

----------------------------------


WHOIS domain servers for 1mhost.com:

NS3.DERU.NET


---------------------------

WHOIS for indyserv.net

Domain Name:indyserv.net
Record last updated at 2002-07-19 11:58:18
Record created on 2001/7/5
Record expired on 2003/7/5


Domain servers in listed order:
ns.indyserv.net 65.242.161.31
ns2.indyserv.net 65.242.161.32

Administrator:
Thierry Mbandi sales@flynames.com 800 570 4271
FlyNames.com
311 SOuth Craig Street, Suite 105
Pittsburgh,PA,United States 15213

Technical Contactor:
Support Department info@ipathgroup.com
iPath Group, Inc.
311 South Craig Street, Suite 105
,,

Billing Contactor:
Thierry Mbandi sales@flynames.com 800 570 4271
FlyNames.com
311 SOuth Craig Street, Suite 105
Pittsburgh,PA,United States 15213


-------------------

I think it may be hosted by:

http://flynames.com/


-------------

Watching this thread with interest. Good luck!

Jessica

First of all, to 2mhost.com, we'd like to hear the "long story" of why you host with unixhoster.com, when all my whois and traceroutes seem to indicate they are associated with the apparent terrorists at h4palestine. Until I get that story, and until you move 2mhost off of their server, you will get no apology from me.

Second, regarding 1mhost.com being back up, I'm working on a script that will take care of that.....

I too got bitten by 1mhost

three transactions counting almost $300 AUD

one from
2checkout
the others from other Washington based companies

however, my credit card company has followed through the transactions and reimbursed me

this long story not mean anything to anyone and i do not have to tell you ..., even do you think that unixhoster.com is invloved just because one site of fraud sites hosted there :eek: ???

h4palestine.com is hosted by fasthosts.co.uk then you may contact them to close it .. and i do not think they will waste their times reading your **** ****

Originally posted by 2Mhost
this long story not mean anything to anyone and i do not have to tell you ..., even do you think that unixhoster.com is invloved just because one site of fraud sites hosted there

h4palestine.com is hosted by fasthosts.co.uk then you may contact them to close it .. and i do not think they will waste their times reading your **** ****

Your obfuscation is lame. unixhoster is a new entity anyway, per google search. and where h4palestine.com is currently hosted doesn't matter. they are admistered by "wardsalem@websy.net". 1mhost is syrialine is websy. websy is sterlet is unixhoster.

and so too 2mhost appears to be unixhoster, per traceroute. you have no credibility on this issue until you switch boxes.

re 1mhost.com being back up, is somebody going to contact indyserv and/or flynames?! Or are these just more aliases for 1mhost?

meantime, its hard for them to sift through 4 or 5 thousand bogus orders per hour to get to the ones that might contain valid credit card info. i like to think they messed with the wrong guy.

1mhost.com appears back offline, at least for the time being. Here's the last of the 7000+ bogus orders I sent them in about an hour and a half:

Loop#: 7211

Kiera Masaya
97 Jacinto
HANCOCK, NH 03449
kiera334553.net CC: 4115113770226021 EXP: 2 2004
del334553@yahoo.com PH: 3770226021

Now I got to worry about wresting control of 4host.us from Ward Salem. Should prove interesting.

wow, doing a whois now shows NO nameserver for 1mhost.com. I will be ready if they resurface though. Also, they have dozens of other bogus domains they could be using to rip off people through. I am motivated to continue fighting, especially as I have a publisher HIGHLY interested.

Hmm...it's interesting to see someone take action over a scam. But this way - I hope it's at the right target. If 2mhost really was so closely linked then would it not be a matter to address with WHT MODs to get a better background? I'd hate to see someone caught in a crossfire.

Dont be paranoid :rolleyes:


Originally posted by jb4mt
First of all, to 2mhost.com, we'd like to hear the "long story" of why you host with unixhoster.com, when all my whois and traceroutes seem to indicate they are associated with the apparent terrorists at h4palestine. Until I get that story, and until you move 2mhost off of their server, you will get no apology from me.

Second, regarding 1mhost.com being back up, I'm working on a script that will take care of that.....

I know this is a bit out of context, but maybe it may help somebody not to fall in the fraud-net again.

I work with a Spanish bank (I am spanish) that offers a "Master e-card" which is made especially for internet shopping.

You can recharge the card just like mobile phone cards, when there is no money in it, the transaction is refused.

I never have more than 30$ in it, so if anybody wants to abuse my ccard, they won't get far :) And when I need to pay a bigger amount, I just load it with the amount and... done.

I am not sure if this kind of e-card is available in other countries, I would say it should be - I don't think this was an invention in Spain ;)

Second, regarding 1mhost.com being back up, I'm working on a script that will take care of that.....

If that means what it will to most people, it's just lame tbh. Don't lower yourself to their level. :rolleyes:

DOS attack also harm the provider and other sites that may reside on same server! This sounds like what bush is doing, bomb the civilians to kill one terrorist. :eek:

dont do it man.

If it doesn't say LLC, Inc, Corp and it's not validated with the state in which they do business, then for crying out loud don't give them your credit card number. In my opinion even being a reseller without being a registered legal entity within your state ought to be illegal. There ought to be a law that states that if you want to resell web services, that you have to provide legal proof of corporate paperwork to do so. Lot less theft and gullable idiots, and alot less bottom feeders looking for them.

Sorry, I just don't have patience or sympathy for those that utilize no common sense. If you want treated right, then pay a real company to treat you right. That's how real business works.


Whatever. The brass balls that this guy had to pull of this scam would have been the same brass balls that he would have used to put Corp, LLC, blah yada yada after his name. This doesn't prove anything.

And what do you mean, "validated with the state"? 99.9% of businesses would never get "validated" by the state they operate in. While there's a need for it, nobody is going to eat the cost of it.

In the U.S., it's everyone's right to setup shop, and entity structure has no bearing on the legitimacy of a company. Someone could just as easily spend the $200 to register their company as a corporation and scam you as they could getting a DBA name and scamming you. The latter is just cheaper. And nothing prevents them from doing the latter but claiming the first. (i.e have a simple DBA and adding LLC or Corp on the name).

So all your doing, along with the person who's telling everyone that you shouldn't send anyone a copy of your credit card and DL, is spreading FUD and more importantly, false security.

Nobody requires you to "feel sorry" for a scam victim, it's your right to not do so. But don't come in here making fun of her when it was a simple mistake that anyone could have made. It's not like she put her credit card information out on IRC or a public forum.

I believe PayPal has something similar if you connect it with your cc-card.

why are these hosting companies so STUPID:eek: :rolleyes:

:uzi: 1mhost

wow, doing a whois now shows NO nameserver for 1mhost.com. I will be ready if they resurface though. Also, they have dozens of other bogus domains they could be using to rip off people through. I am motivated to continue fighting, especially as I have a publisher HIGHLY interested.


It would be quite easy to add his several domains to a cron'd perl script. When a NS change is detected for a domain, email 3 or 4 addresses at the NS (abuse@domain.com, webmaster, sales, support) and alert them to this scam... then all you would really have to do is continue monitoring what addresses are his and adding them to the script.... that might be more effective than flooding him with fake orders... though I do like that idea as well... lol

off topic, maybe...

But this raises an interesting issue with webhosting in general. As you read about 2mhost and their *alleged* ties to terrorists, 1mhost and their proven scam, and everyone else... you sit talking amongst people who are pulling scams of their own... I've found over the last month or so this industry is full of scammers... those of you involved know who you are, if you don't know, let me tell you which of you are scammers:

1> if you advertise a "full support" staff when it's just you supporting your clients, your a scammer & fraud

2> if you advertise unlimited bandwidth, your a scammer, regardless if you put the '*' there or not. (Yes 2mhost, I'm pointing at you)

3> if you advertise competent support and don't know how to maneuver the linux CLI, or manage anything beyond your control panel, your pretty much a scammer

4> If you advertise your own servers, but are a reseller, placed with other resellers on a box, you are a SCAMMER & A BIG FRAUD.

There are alot of people in this industry that shouldn't be here. They're frauds, and I hope more people investigate their hosting choices better... though sometimes it's hard (I discover some frauds by being in a position that I wouldn't have been in had I not been a customer).

Like it or not, dem's da facts. When I get the time, I will work on exposing each of you for what you're worth. :)

With that said, there are plenty of good hosts in here, and excellent hosts in here, and quality hosts in here... the rest of you should quit advertising what you don't have, quit taking money under false pretenses. Advertise what you are or don't say anything, whether your a one man operation with a reseller account or a 5 man team with 20 servers... be real, quick scamming. You don't have to tell people it's just you, just don't say you have a "full staff"...

And while I'm still bitching, quit showing pictures of servers you don't own or chicks that you've never seen before in your life on your company's homepage to make it look more convincing... it's sickening.

there. Done.

It wasn't a denial of service attack, and should not have effected other sites on the same box or network. 7000 bogus orders probably only amounted to 5 or 10 meg (if that) of bandwidth. And it made him update his nameserver for 1mhost.com to null. I stand by what I've done: I've prevented others from being defrauded. Coming soon to a bookstore near you LOL

Originally posted by jb4mt
Second, regarding 1mhost.com being back up, I'm working on a script that will take care of that.....

This part I like (a lot!)

Of course we could always (daily!!!) surf the Internet to see if the 1mhost.com and Co. are up again, then do a WHOIS check and contact the host, however, this would require a dilligence and persistance that will probably wear out at some point. I was very disappointed to see they were up again this fast, though I had no doubt it would eventually happen. Another person here consoled me by saying, every day that they are off the Internet and struggling to get back on counts, but even though, I felt the frustration well up and I had to bite my lip not to say, then what's the point, if tomorrow, they are back!

I have to stay on Hostabox.com, because Susan there said they would try to email everybody whose credit card seems to have been ripped off (according to what records they can retrieve!) It would be a good thing if they would then file a police report as well!!!

In the meantime, YES, if you can get a script that acts like a sandtrap (big sandboxes along the downside of a steep mountain highway are built to catch a runaway truck!!!) That's what we need and it would be AWESOME! Make sure you post under false ID - though!!! They might get a little upset. :cool:

ps....he's back, probably just pointing directly to his ip address....time to re-hack his lame ass

Originally posted by jb4mt
1mhost.com appears back offline, at least for the time being. Here's the last of the 7000+ bogus orders I sent them in about an hour and a half:

Loop#: 7211

Kiera Masaya
97 Jacinto
HANCOCK, NH 03449
kiera334553.net CC: 4115113770226021 EXP: 2 2004
del334553@yahoo.com PH: 3770226021

Now I got to worry about wresting control of 4host.us from Ward Salem. Should prove interesting.

Wow, I didn't know that you could do that, but it makes up for at least some people's time spent at their end, trying to sort out who ripped off their card, plus several days of NOT having a credit card, as long as the old one was blocked and reported stolen! This can sometimes take up to 14 days. So why don't you give them at least 14 days worth of trouble and time that by several hundreds ( or maybe thousands???) I wonder how many people they might have ripped off - thousands might not be too far fetched. :sickface:

indyserv.net, the name servers for 1mhost.com until this morning, and now for 4host.us (the one registered with my cc), seem to be part of the problem. whois-ing finds flynames and ipathgroup, but no valid contact information.

However, doing nslookup shows indyserv.net with a bank of 8 ip addresses on alter.net/uu.net/worldcom:

65.242.161.8 through 15

they are being reported to security@uu.net, who also advised me to get a subpoena. they are most cooperative, and probably don't want to be seen as harboring internet criminals, especially after their fraud woes.

Originally posted by 2Mhost

h4palestine.com is hosted by fasthosts.co.uk

Someone might find this interesting:

http://www.webhostingtalk.com/showthread.php?s=&threadid=93785

The person who posted that (almost certain it is fraud) is also hosted on fasthosts.co.uk

Maybe unrelated, but who knows...

Originally posted by clockwork


Someone might find this interesting:

http://www.webhostingtalk.com/showthread.php?s=&threadid=93785

The person who posted that (almost certain it is fraud) is also hosted on fasthosts.co.uk

Maybe unrelated, but who knows...

It's probably bigger than we think. Well (let's say I had no idea what is all involved.)

Originally posted by jb4mt
It wasn't a denial of service attack, and should not have effected other sites on the same box or network. 7000 bogus orders probably only amounted to 5 or 10 meg (if that) of bandwidth. And it made him update his nameserver for 1mhost.com to null. I stand by what I've done: I've prevented others from being defrauded. Coming soon to a bookstore near you LOL

Go get him tiger! The world is tired of all this sissy "let's talk about it first" stuff. It's time for real men to step forward and take the lead. Keep this cyber-terrorist on the run.

This is better than going to the movies.

Just an idea!
why dont you contact them and point them to this topic. maybe they get some sense and stop their act.

:rolleyes: :rolleyes:

jb4mt, a couple of questions:

1. Where are you getting the CC numbers?
2. Where are you getting the bogus new customer names, addresses?

And one more, placing fraudulent orders with fraudulent credit cards and fraudulent names/contact info is also fraud, no?

Don't flame me. Just asking.

Originally posted by msingle
jb4mt, a couple of questions:

1. Where are you getting the CC numbers?
2. Where are you getting the bogus new customer names, addresses?

And one more, placing fraudulent orders with fraudulent credit cards and fraudulent names/contact info is also fraud, no?

Don't flame me. Just asking.

I am randomly generating bogus credit card numbers that FAIL the mod 10 algorithm that they are supposed to pass. I am randomly generating names by scraping an internet site that puts together first and last names at random from US census data. I am randomly generating a zip between 00001 and 99999 and then scraping a US Postal Service site to validate the zip, and get the city and state. I am randomly generating yahoo.com emails by searching for non-existent ones on profiles.yahoo.com.

If I hadn't done this, who knows how many more ACTUAL people would have been defrauded of their ACTUAL credit card information today. If that's fraud, then the world has been turned upside down.

Anybody got a job for me? LOL. I'm thinking of enrolling in Norwich University's online "Master of Information Assurance" degree. Sounds like I'm getting some good real-world experience for a thesis.

This is interesting!! :confused:
Could it be that jb4mt is also involved in credit card scams? He knows a lot about credit card processing and how to place fake CC orders using automated scripts!! I mean why would he go and place fake orders on random hosting companies several weeks ago?

I smell a gang war between 2 credit card scammers here.

this is getting very interesting, first we find out that the 1mhost is related to a terrorist network, then we see 2mhost is also part of a major international terrorist organization and now jb4mt is turning out to be involved in this whole mess. Maybe he operates in one of the sleeper cells here in North America! :confused: Maybe the money collected from CC scams are forwarded to Afghanistan and then to Bin Laden! I suggest getting FBI involved. Some one is going on a vacation to Guantanamo naval base in Cuba.




Originally posted by msingle
jb4mt, a couple of questions:

1. Where are you getting the CC numbers?
2. Where are you getting the bogus new customer names, addresses?

And one more, placing fraudulent orders with fraudulent credit cards and fraudulent names/contact info is also fraud, no?

Don't flame me. Just asking.

Originally posted by kickster
This is interesting!! :confused:
Could it be that jb4mt is also involved in credit card scams?


I work for a largish clothing retail chain with a substantial online presence, dufus

Clothing you say....ummmm. So when customers buy that expensive item you keep the carbon copy to use the number for your fake transactions.
I am getting the picture now.
Maybe your clothing company has some connection with terrorist networks?
Bin Laden army needs clothing. LOL

:scatter:


Originally posted by jb4mt


I work for a largish clothing retail chain with a substantial online presence, dufus

1. It seems to be obvious that the hosting company is running a scam and they need to be stopped.
2. Placing fraudulent credit card orders, even for the common good, is still fraudulent.
3. If it were my "largish clothing retail chain" you probably wouldn't have a job anymore if you were doing this on company time and property.

No offense.

Originally posted by kickster
Clothing you say....ummmm. So when customers buy that expensive item you keep the carbon copy to use the number for your fake transactions.
I am getting the picture now.
Maybe your clothing company has some connection with terrorist networks?
Bin Laden army needs clothing. LOL

:scatter:




kickster, I find your comments to be rude, unprofessional and made without any base. How dare you imply that jbm4t is connected with al-qaeda.

I've reported your post because I feel it is in violation of the "rudeness" rule. Please fix this before a mod sees it.

If you read these posts, you see people are getting paranoid. As you see my post is sarcastic.
My message to some posters on this topic is not to get paranoid and start labeling people without any real proof to back it up.

Originally posted by kickster
If you read these post, you see people are getting paranoid. As you see my post is sarcastic.
My message to some posters on this topic is not to get paranoid and start labeling people without any real proof to back it up.

Sorry, I didn't see the sarcasm :rolleyes:

Kickster just needs a swift "kickster" in the keister. LOL!

BTW Kickster, MOD 10 routines and automated form submission scripts are hardly rocket science (at least not to most of us here). But you need some balls to wield them against someone. In this case "JB4MT" is the one with the balls. Pass the popcorn please. I'm going to enjoy watching the HMS-1MHost go down. LOL!

Not below the belt please :crying:


Originally posted by CyberBabe
Kickster just needs a swift "kickster" in the keister. LOL!

Originally posted by msingle
1. It seems to be obvious that the hosting company is running a scam and they need to be stopped.
2. Placing fraudulent credit card orders, even for the common good, is still fraudulent.
3. If it were my "largish clothing retail chain" you probably wouldn't have a job anymore if you were doing this on company time and property.

No offense.

Did I say I was doing it on their time and property? No, my point was I've learned about these sorts of security issues working for them, and now I'm putting some of it into practice on the side.

Perhaps you haven't read the whole thread, and don't realize that the same entity that runs "Hackers for Palestine", h4palestine.com, is the entity associated with the bogus domain registered in my name by the frauds at 1mhost.com.

So this is a bit personal too. And its not only about credit card fraud. It could be about inadvertently funding terrorist activity. So not only can I stop people from being defrauded, but also perhaps stop money from getting into the hands of Al Qaida.

So I suggest you reconsider your view, or perhaps you could just make a check out directly to Al Qaida, to expedite things. Ironically, I was a liberal on the terrorism issue until all I've unearthed in the last day or two. I was trying to see things from the Arab point of view, and I was opposed to Ariel Sharon.

Now I'm not so sure

Should have posted this link when the guy from Israel sent it to me yesterday. It's actually an article from Hartford CT's paper last month about Islamic/terrorists and internet credit card fraud. I personally have no doubt that what we have stumbled on at 1mhost.com is another one of these operations.

http://haganah.org.il/haganah/archives/000015.php

jbmt,

I was just pointing out a couple of things. I've read this thread from the first day it was posted. I'm against fraud, thieves, hackers, terrorists, rapists and everything else that isn't good and decent.

Doing something is one thing. There's too much talk and not enough action here and other places where there is just a lot of bellyaching going on.

However, how good would you feel if YOU were the one that wound up in jail because of your methods? I'm not saying they are illegal. Just asking.

Just how random is your little script? Are you 100%, absolutely certain, that you aren't giving out real card numbers? Are you 100% absolutely certain that you aren't making false orders using real people's information? Randomness has a way of getting not so random.

I mean I can just see this scenario: your little script winds up with John Adams of Tupelo MS and the random credit card number generator is one number off or something or maybe it's his real number. The fake order is placed, John gets his credit card statement, does his own investigation and you go to jail.

Likely? Maybe not. Just my 2 cents.

The retaliatory actions are equally so. Two wrongs do not make a right.

Originally posted by msingle
jbmt,

I mean I can just see this scenario: your little script winds up with John Adams of Tupelo MS and the random credit card number generator is one number off or something or maybe it's his real number. The fake order is placed, John gets his credit card statement, does his own investigation and you go to jail.

Likely? Maybe not. Just my 2 cents.

How many times do I have to say, my script generates BOGUS card numbers, that FAIL mod 10 verification? SO IT COULD NOT BE HIS REAL NUMBER. That's all caps for those who can't seem to get it through their thick skulls.
I'm with Bush on this one. In this particular instance, if you are against me, YOU ARE FOR TERRORISTS.

It sounds like Arab and jews at it again. (I think)
You being Jewish (your connection with Israel) and the other guy being arab from syria or egypt!!! (I am just going by facts posted here)

I have heard so many CNN reports about a hidden online war between Israelis and Arabs. Both terrorizing other side's online business or website. I think this is one of them.

I am losing interest in this topic, It is no longer a simple fraud issue. It seems to be a very personal matter that dates back several thousand years.

:cartman: Audios amigos.

Originally posted by jb4mt

It could be about inadvertently funding terrorist activity. So not only can I stop people from being defrauded, but also perhaps stop money from getting into the hands of Al Qaida.


Yes, we Do need a hero - a modern time Robin Hood - a real life Three Musketeers - a Superman - a Mighty Mouse!!! Somebody who has the Kryptonite - the secret weapon - to blow terrorism out of the water!

:smash:

Originally posted by jb4mt
Should have posted this link when the guy from Israel sent it to me yesterday. It's actually an article from Hartford CT's paper last month about Islamic/terrorists and internet credit card fraud. I personally have no doubt that what we have stumbled on at 1mhost.com is another one of these operations.

http://haganah.org.il/haganah/archives/000015.php

I read the article. :eek2:

Whatever point to this thread seems to be drifting...