Page 1 of 2 12 LastLast
Results 1 to 25 of 31

Thread: Fraud Accounts

  1. #1
    Join Date
    Jan 2008
    Location
    Washington DC
    Posts
    443

    Fraud Accounts

    With all of the data breaches recently and millions of peoples information being stolen, We have seen an uptick in fraud accounts, as well as hacking attempts via brute force password guessing. Now the brute force doesnt concern us too much as we require very secure passwords FOR EVERYTHING, however, we were wondering if there was a central resource for established web hosts to share information about fraud accounts like:

    Email addresses used,
    Mailing addresses used
    IP Addresses
    "sob" stories used to try and get free services
    etc.

    We believe there should be a centralized resource, or at least a thread or topic that web hosts can post this information in to alert others to.

    Does anyone else have any thoughts about this?
    Agent Black Hosting LLC

    Proudly hosting clients since 2007

  2. #2
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,629
    We believe there should be a centralized resource, or at least a thread or topic that web hosts can post this information in to alert others to.
    The thing is, not all based fraud accounts are fraudulent as some signup with services when travelling, or at work, on holiday, etc... It can and does happen, sure a central resource might be a good idea but will it be ethical?

    We have had a few fraud orders come through that have actually been genuine customers so sometimes you need to be on your toes and address those issues, I am not sure if opening one thread is going to address all of our issues -- then again privacy might be another concern in such instances.
    l Dedigeeks Shared Wordpress Dedicated Established 2006
    l Leading AUSTRALIAN Hosting Provider Sydney & Melbourne Datacentres
    l cPanel/WHM R1Soft Backups 24/7/365 Support SMS Hosting Alerts*
    l www.dedigeeks.com Managing Director Service Superstars

  3. #3
    Join Date
    Sep 2007
    Posts
    1,018
    Quote Originally Posted by Sparrow-Sean View Post
    then again privacy might be another concern in such instances.
    Bingo! I would assume that disclosing customer details, whether a legitimate order or not, would be in breach of the hosts Privacy Policy?

  4. #4
    Join Date
    Feb 2002
    Location
    New York
    Posts
    791
    We have always seen an increase in fruad when we launch a new promotion, especially if the promo is something includes giving away free month or something like that. Then when the promo ends all the fraud orders seem to go back down to like 1% of orders or something like that. It always amazes me.

    Anyway we have had good luck with using MaxMind. However I too have always thought it would be cool to have a database like the OP has posted. I have seen in the premium section of this forum some of us larger hosts post peoples IP addesses and names used during the signup of hosting that turned out to be a fraud order.

    I understand their is liability in publishing such info but still think their are some ways to do a database that would be somewhat of a rliable source. I know some time ago their was a member here on WHM that mentioned building such a database and I think even had like a beta of it. I will see if I can search and find it if so I will post it later on.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    just a programmer

  5. #5
    Join Date
    Jan 2011
    Location
    Varna, Bulgaria
    Posts
    1,276
    To solve the privacy issue, the database can contain only an MD5 hash of the users details, this way noone can see the real user details (so no private data exposed), yet everyone can compare if their user's details matches 100% the details of an already well-known fraudster.

  6. #6
    Join Date
    Feb 2002
    Location
    New York
    Posts
    791
    I think maybe something like this might help. I have not actually used this and not sure if the project is still alive since I signed up back in Sept and never heard anything more about it

    http://www.webhostingtalk.com/showthread.php?t=970170
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    just a programmer

  7. #7
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by rds100 View Post
    To solve the privacy issue, the database can contain only an MD5 hash of the users details
    Unfortunately md5 can be decrypted with ease these days.

    If the database got into the wrong hands someone could use many of the md5 decryptors on the market to make the information readable.
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  8. #8
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    16,703
    Quote Originally Posted by InstantPH View Post
    Bingo! I would assume that disclosing customer details, whether a legitimate order or not, would be in breach of the hosts Privacy Policy?
    Update the privacy policy.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  9. #9
    Join Date
    Jan 2011
    Location
    Varna, Bulgaria
    Posts
    1,276
    Quote Originally Posted by SLDHosting View Post
    Unfortunately md5 can be decrypted with ease these days.

    If the database got into the wrong hands someone could use many of the md5 decryptors on the market to make the information readable.
    Wrong MD5 is a one-way hash. It looses data. There is no way to decrypt it (eventually you could try to brute force by feeding random input and comparing the MD5 hash output, but this doesn't scale at all).

  10. #10
    Join Date
    Jan 2011
    Location
    Varna, Bulgaria
    Posts
    1,276
    About Privacy Policies: We (and i guess most everyone else) already send customer details to MaxMind. How is this handled (if at all) in your privacy policy?

  11. #11
    Join Date
    Feb 2002
    Location
    New York
    Posts
    791
    Well Maxmind does not publicly list/make available peoples names, etc that are found to be submitting fraud orders (correct me anyone if I am wrong). Maxmind just looks at various data points for a given order and assigns it a "risk score" as a company owner you decide what score is too high to risk processing/accepting. I find the information Maxmind provides is very useful for pre-order processing scanning.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    just a programmer

  12. #12
    Join Date
    Jan 2008
    Location
    Washington DC
    Posts
    443
    Glad to hear that others are considering or have thought of the same thing. We have seen such a massive influx of attempted fraud from most of the Asian countries that we have basically taken a hardline stance not to accept orders from them unless they successfully pass multiple layers of verification. And we have blocked nearly every IP address from China due to the large volumes of spam, hacking attempts, or fraud attempts.

    Recently we had one attempt to sign up for services trying to use the disaster in Japan to con us into giving him a free dedicated server. He stated that his other host shut him down without warning and wouldnt answer his support tickets. We inquired into his other host about the reason for account termination and well as we suspected, it was for non-payment.

    Even if there was a way that the information could be encrypted, or even just generalized. Say just post the IP's and email addresses they used or the stories they used trying to con hosts into giving free services or using the services then having the charge disputed due to stolen information.

    Thanks for the feedback on the topic.
    Agent Black Hosting LLC

    Proudly hosting clients since 2007

  13. #13
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by rds100 View Post
    Wrong MD5 is a one-way hash. It looses data. There is no way to decrypt it (eventually you could try to brute force by feeding random input and comparing the MD5 hash output, but this doesn't scale at all).
    I wouldnt be so confident when theirs sites like this lurking around: http://www.md5decrypter.co.uk/

    Quote Originally Posted by rds100 View Post
    There is no way to decrypt it
    I,d say the opposite

    From Wiki:

    MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5. While it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found also to be vulnerable). In 2004, more serious flaws were discovered, making further use of the algorithm for security purposes questionable; specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum.[4][5] Further advances were made in breaking MD5 in 2005, 2006, and 2007.[6] In an attack on MD5 published in December 2008, a group of researchers used this technique to fake SSL certificate validity.[7][8] US-CERT of the U. S. Department of Homeland Security said MD5 "should be considered cryptographically broken and unsuitable for further use,"[9] and most U.S. government applications now require the SHA-2 family of hash functions.
    Last edited by Server Management; 05-10-2011 at 07:12 AM.
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  14. #14
    Join Date
    Jan 2008
    Location
    Washington DC
    Posts
    443
    And let us be first to point out this obvious fraud attempt:

    05/09/2011 Rengers Huon ------------------------------------------------------------ Hi, sorry to bother you but. I am currently useing (Rackspace.com) Windows VPS 2003. Now my VPS is getting hacked regulary, there staff is not helping me one bit, then thay just shutdown my VPS and i got no REFUND, also i have suffered through the Queensland floods and cyclone, also my Brother died in the Japan Earthquake and Flooding/ Tsunami too. So, im just asking you. Can i possible please can i get a Free trial for 1 Week - 1 month on one of your fantastic Windows Servers. look i got RIPPED off, look im so poor from what i have suffered from. So please can you help me out and support me ? Also look, im really poor now because of this Inncident. Look ill try to Donate whenever i can, ill advertise/ Invite or help out plus much more. So please can you support and help me ?
    Our staff handled this person in a very professional and polite manner, referring his case on up the chain to management for consideration. Our staff replied:

    Thank you for your interest in Agent Black Web Hosting. We are glad
    that you have taken the time to inquire into our services.

    First let us say that we are terribly sorry to hear of your troubles.
    We are also sadden to hear of the loss of your brother in the horrible
    events in Japan.

    However, prior to us giving any services away, we would like to check
    with your previous host and see what kinds of problems you were
    experiencing. We maintain a SPAM free network and we also take our
    network security very seriously. Please visit our Terms of Service
    and other legal documents at:
    https://client.agentblackhosting.com...eId=2&public=1
    and
    https://client.agentblackhosting.com...eId=4&public=1
    .

    To which, if you could provide us with your old Rackspace account
    number and/or support ticket numbers that you had with them, we will
    follow up with Rackspace just to see what kind of troubles you were
    having. Also, if possibly, please contact rackspace and have us added
    to your contact list so we can discuss with them about your troubles.

    We would also like to know what you would be using your Windows
    Machine for. Do you have a domain name? If so, what is it? Who is
    it registered with?

    After you reply with this information and we verify with Rackspace the
    problems you were having, we will pass your information up to our
    management team for review.

    Again, we are sorry to hear of your troubles, and we look forward to
    hearing from you soon.
    Then his story started to fall apart. The subject couldnt produce any emails, any payment statements, no account numbers, not even a support ticket number to provide proof that he attempted to resolve the issues with Rackspace. Further digging into the matter showed that the subject was actually using FastNext. Our staff contacted FastNext which stated that his account was terminated for non-payment (shocker anyone?)

    Several back and forth emails including these (edited to fix some of the profanity):

    Can i possible get a FREE month or FREE trial on 1 of your Lovely Windows SERVERS or NOT ????
    Wait, there LIEING/ Cheating, scammers. There not telling you the TRUTH, Thay scammed me and SHUTDOWN my VPS no Reason, no REFUND. i had the Recipet, but since i got a NEW computer, i cannot find IT. So please man, can you please HELP and SUPPORT me ????
    Fine then, you just a very RUDE and SAD individual, you dont even care, support or HELP me. You Sir, you must be VERY SAD and you must be AS#HAMED of yourself
    Yea, i know it. Your COMPANY is a SHADY, RUDE and Proberly you SCAM too. I will WRITE BAD reviews about your Company on FORUMS, ill tell people not to come to your Company and you will proberly go BANKRUPT and never be back online EVER AGAIN, now F$%K off !!!!
    This subject was using the email address of *scrubbed* with a name attached as *scrubbed* lock.

    So our suggestion is to deny his request and terminate any services you may have with him.

    Good luck!

    Edit: Full transcript of the support ticket is available to any webhost who wishes to review it.
    Last edited by James-AgentBlack; 05-10-2011 at 07:18 AM.
    Agent Black Hosting LLC

    Proudly hosting clients since 2007

  15. #15
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,629
    He has actually contacted quite a few providers, I hope most of them rejected the individual from services as when he contacted us, I simply denied it - you could tell it was a pure SCAM and to be quite frank we do not even serve Windows VPS's.

    Quote Originally Posted by pbhosting View Post
    And let us be first to point out this obvious fraud attempt:

    Our staff handled this person in a very professional and polite manner, referring his case on up the chain to management for consideration. Our staff replied:

    Then his story started to fall apart. The subject couldnt produce any emails, any payment statements, no account numbers, not even a support ticket number to provide proof that he attempted to resolve the issues with Rackspace. Further digging into the matter showed that the subject was actually using FastNext. Our staff contacted FastNext which stated that his account was terminated for non-payment (shocker anyone?)

    Several back and forth emails including these (edited to fix some of the profanity):

    This subject was using the email address of huon008@gmail.com with a name attached as Huon lock.

    So our suggestion is to deny his request and terminate any services you may have with him.

    Good luck!

    Edit: Full transcript of the support ticket is available to any webhost who wishes to review it.
    l Dedigeeks Shared Wordpress Dedicated Established 2006
    l Leading AUSTRALIAN Hosting Provider Sydney & Melbourne Datacentres
    l cPanel/WHM R1Soft Backups 24/7/365 Support SMS Hosting Alerts*
    l www.dedigeeks.com Managing Director Service Superstars

  16. #16
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by pbhosting View Post
    This subject was using the email address of huon008@gmail.com with a name attached as Huon lock.
    Doesnt this breach your own privacy policy

    I believe he has contacted afew providers from here, They come here and crawl the offers section and SPAM them all untill they find lucky or something...
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  17. #17
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,629
    l Dedigeeks Shared Wordpress Dedicated Established 2006
    l Leading AUSTRALIAN Hosting Provider Sydney & Melbourne Datacentres
    l cPanel/WHM R1Soft Backups 24/7/365 Support SMS Hosting Alerts*
    l www.dedigeeks.com Managing Director Service Superstars

  18. #18
    Join Date
    Oct 2007
    Posts
    4,332
    Quote Originally Posted by pbhosting View Post
    And let us be first to point out this obvious fraud attempt:

    Our staff handled this person in a very professional and polite manner, referring his case on up the chain to management for consideration. Our staff replied:

    Then his story started to fall apart. The subject couldnt produce any emails, any payment statements, no account numbers, not even a support ticket number to provide proof that he attempted to resolve the issues with Rackspace. Further digging into the matter showed that the subject was actually using FastNext. Our staff contacted FastNext which stated that his account was terminated for non-payment (shocker anyone?)

    Several back and forth emails including these (edited to fix some of the profanity):

    This subject was using the email address of huon008@gmail.com with a name attached as Huon lock.

    So our suggestion is to deny his request and terminate any services you may have with him.

    Good luck!

    Edit: Full transcript of the support ticket is available to any webhost who wishes to review it.
    Search around WHT and you will see the stories of this joker everywhere.

    Edit: Looks like Sean beat me to it.
    [ James Lee - Cloud & Web Hosting Specialist 10+ Years WHT Veteran]

    [ Magento Performance Consultation by Magento Master ]

  19. #19
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by Sparrow-Sean View Post
    Dont worry Sean ive already seen it

    To be honest, I think its sick that they are making up a story about Japan, etc
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  20. #20
    Join Date
    Jan 2011
    Location
    Varna, Bulgaria
    Posts
    1,276
    Quote Originally Posted by SLDHosting View Post
    I wouldnt be so confident when theirs sites like this lurking around: http://www.md5decrypter.co.uk/



    I,d say the opposite

    From Wiki:

    Ok, i don't want to argue. Try to decrypt this, if you don't believe me:
    d64601eaece69f22ec2b6a645cdcc40d
    I am giving you a $100 bounty if you manage to get the cleartext that i used to create this MD5 hash.

  21. #21
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,629
    Dont worry Sean ive already seen it
    He keeps adding me to Skype, I eventually blocked his requests

    But honestly, you could see it from the get go, no need to open a thread really as you are going to encounter a heck of a lot more in your journeys an this one was just a silly fool who got caught.

    Fraud accounts are inevitable, it is up to the provider to wiggle them out, or have preventative measures to ensure they are detected and manually reviewed prior to activation of their services to avoid any unwarranted actions.
    l Dedigeeks Shared Wordpress Dedicated Established 2006
    l Leading AUSTRALIAN Hosting Provider Sydney & Melbourne Datacentres
    l cPanel/WHM R1Soft Backups 24/7/365 Support SMS Hosting Alerts*
    l www.dedigeeks.com Managing Director Service Superstars

  22. #22
    Join Date
    Jan 2008
    Location
    Washington DC
    Posts
    443
    Quote Originally Posted by Sparrow-Sean View Post
    He has actually contacted quite a few providers, I hope most of them rejected the individual from services as when he contacted us, I simply denied it - you could tell it was a pure SCAM and to be quite frank we do not even serve Windows VPS's.
    After it was passed along to management, it was very obvious that it was a scam, however we wanted to do due diligence to ensure that maybe it was a valid request.

    And to SLDHosting, this is in our Acceptable Use Policy:

    Agent Black may disclose subscriber information or information transmitted over its network where necessary to protect Agent Black and others from harm, or where such disclosure is necessary to the proper operation of the system. However, Agent Black will never sell information to other services or outside companies.
    This is the first that we have actually called a scammer out in the open due to his down right rudeness towards our staff.
    Agent Black Hosting LLC

    Proudly hosting clients since 2007

  23. #23
    Join Date
    Jan 2008
    Location
    Washington DC
    Posts
    443
    Quote Originally Posted by Sparrow-Sean View Post
    He keeps adding me to Skype, I eventually blocked his requests

    But honestly, you could see it from the get go, no need to open a thread really as you are going to encounter a heck of a lot more in your journeys an this one was just a silly fool who got caught.

    Fraud accounts are inevitable, it is up to the provider to wiggle them out, or have preventative measures to ensure they are detected and manually reviewed prior to activation of their services to avoid any unwarranted actions.
    All accounts are manually verified multiple ways, including by telephone verification. Our staff has done a great job weeding out the scammers.

    Well it is nice to know that this guy has been spotted on here before. Glad to see others are on to his tricks.

    And we agree that it is wrong and just down right disgusting to use the disaster in Japan and Australia to try and win sympathy.
    Agent Black Hosting LLC

    Proudly hosting clients since 2007

  24. #24
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by rds100 View Post
    Ok, i don't want to argue. Try to decrypt this, if you don't believe me:

    I am giving you a $100 bounty if you manage to get the cleartext that i used to create this MD5 hash.
    Where did I state that I was an MD5 cracking expert?

    I merely stated the facts that MD5 can be decrypted and has been decrypted maybe times thus goverment departments jumped its ship, Why not take your request over to some cracking forums

    Quote Originally Posted by Sparrow-Sean View Post
    He keeps adding me to Skype, I eventually blocked his requests .
    He might want to know more information on your windows offerings
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  25. #25
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    10,629
    Quote Originally Posted by pbhosting View Post
    All accounts are manually verified multiple ways, including by telephone verification. Our staff has done a great job weeding out the scammers.

    Well it is nice to know that this guy has been spotted on here before. Glad to see others are on to his tricks.

    And we agree that it is wrong and just down right disgusting to use the disaster in Japan and Australia to try and win sympathy.
    I can only agree with you

    The other problem is that he is from Australia, so it is quite disgusting that he has used these major events to procure a service he does not deserve.
    l Dedigeeks Shared Wordpress Dedicated Established 2006
    l Leading AUSTRALIAN Hosting Provider Sydney & Melbourne Datacentres
    l cPanel/WHM R1Soft Backups 24/7/365 Support SMS Hosting Alerts*
    l www.dedigeeks.com Managing Director Service Superstars

Page 1 of 2 12 LastLast

Similar Threads

  1. Fraud Accounts
    By haaser in forum Running a Web Hosting Business
    Replies: 16
    Last Post: 02-23-2010, 07:39 PM
  2. fraud accounts
    By Precise in forum Running a Web Hosting Business
    Replies: 0
    Last Post: 09-25-2002, 01:58 PM
  3. Fraud and third-party merchant accounts protection
    By poncho2000 in forum Running a Web Hosting Business
    Replies: 0
    Last Post: 07-05-2002, 02:44 PM
  4. Just proving *shell* accounts = fraud
    By jic in forum Web Hosting
    Replies: 15
    Last Post: 02-19-2001, 08:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •