Results 1 to 18 of 18
  1. #1
    Join Date
    Aug 2002
    Location
    Downers Grove, IL
    Posts
    304

    Question Has anyone else recieved threats of attacks?

    I just recieved my first one today. Someone had placed an order yesterday and I did my usual checks. Turns out that the address was in "Miami, FM" (yes, that's how he typed it in), the phone number was for Hammond, Louisiana, the IP address was in Honduras and the full name entered into the order form was different from the full name given to the CC processor. With the above information, I felt that this was too high risk of an order, so I didn't enable it and I refunded the money. He also placed 2 orders at that time, first he tried using paypal, then the CC processor. I can think of both legit and non legit reasons for this, but with the above, I didn't focus on the legit.

    Today he placed a 3rd order, this time using a Honduras address and a different domain name. He also contacted me via email asking for an explaination. I told him what my reasons were and after a few emails he simply said "ok, wait for an attack soon".

    Personally, I don't think a legit customer would say or do this. I had explained as nicely as I could that I won't honor his order for the reasons above. What are your thoughts on the above? I'm sure there have been others in similar situations. How many times have the threats been emtpy versus real? I know that the answer to that last question won't really help me, but I'm just curious.

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    well, he might be a script kiddie and ddos you.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  3. #3
    First, contact the CC owner/company and let them know.

    Secondly, is the phone and address entered correct? If so, look into the law on this kind of thing in their country, report them to the country's authorities and to your own and, if necessary, ban IPs from the countr(y/ies) he has attempted to sign up from for a few days.

    To be honest, he's probably just bluffing, but you can't be too careful

  4. #4
    Join Date
    Apr 2004
    Location
    Bulgaria
    Posts
    159
    From my experience, the vast majority of threats are empty.

    "A dog that barks a lot rarely bites"
    Solid-Hosting.net - affordable multiple domain hosting solutions
    Reliability and Customer Service are our focus!

  5. #5
    Join Date
    Jul 2003
    Location
    UK
    Posts
    1,879
    Look at it this way, you have his IP. He'll threaten you - yes. But he won't DoS you, he knows that you have incriminating evidence against him, and so he's just letting off steam, and you happen to be the person he wants to rip off this week.
    Let your provider know that you've been threatened, and what site it could be targetted at, where its coming from. Just so they're prepared in case anything does go down.

  6. #6
    Join Date
    May 2003
    Location
    Halifax, Nova Scotia
    Posts
    186
    Originally posted by Joseph_M
    Look at it this way, you have his IP. He'll threaten you - yes. But he won't DoS you, he knows that you have incriminating evidence against him, and so he's just letting off steam, and you happen to be the person he wants to rip off this week.
    Let your provider know that you've been threatened, and what site it could be targetted at, where its coming from. Just so they're prepared in case anything does go down.
    Unless he was one of the many that use spoofed IP addresses.
    Keith Gallant
    JustHosting.ca
    http://www.justhosting.ca

  7. #7
    It is the ones that don't say anything that should cause the greatest concerns. Those that possess the skills to bring a server screaming to it's knees don't have to advertise that fact, they just do it...

  8. #8
    Join Date
    Apr 2003
    Location
    Ottawa
    Posts
    959
    Originally posted by Watcher_TVI
    It is the ones that don't say anything that should cause the greatest concerns. Those that possess the skills to bring a server screaming to it's knees don't have to advertise that fact, they just do it...
    Indeed. It would be nice if we all got warnings before some one tried to DDoS our servers, but 9 times out of 10 I dont know about it untill it actually happens.
    Of all of the "threats" for a DDoS attack I have received only 3 have been true and they were the easist to mitigate (about 15 threats so far).

  9. #9
    Join Date
    Jan 2004
    Location
    Greece
    Posts
    2,123
    Originally posted by Yassi
    From my experience, the vast majority of threats are empty.

    "A dog that barks a lot rarely bites"
    I agree with that. I think he only wants to scare you to make you open the account.

  10. #10
    Join Date
    Nov 2001
    Location
    The South
    Posts
    5,403
    It's like I told my wife just last night, you NEVER threaten to use a gun, you pull it and use it and put it away. But you never ever threaten to use it. Similar to suicide, no one who's really serious about it ever says anything about it, you might pick up about it from their attitudes or actions that it might be about to happen but hardly anyone who threatens suicide makes good on it. off topic: a friend of my wife's (gf at the time actually) once was moping around our house (we lived together) about how his life sucks, whine whine whine and how if things get any worse he was just gonna kill himself, I reached in my sock drawer, tossed my Colt 38 special on the bed and said "why wait, do it now, but go outside I'm not cleaning up the damned mess".
    Gary Harris - the artist formerly known as Dixiesys
    resident grumpy redneck

  11. #11
    Join Date
    Apr 2004
    Posts
    295

    Re: Has anyone else recieved threats of attacks?

    Originally posted by ImLagging
    I just recieved my first one today. Someone had placed an order yesterday and I did my usual checks. Turns out that the address was in "Miami, FM" (yes, that's how he typed it in), the phone number was for Hammond, Louisiana, the IP address was in Honduras and the full name entered into the order form was different from the full name given to the CC processor. With the above information, I felt that this was too high risk of an order, so I didn't enable it and I refunded the money. He also placed 2 orders at that time, first he tried using paypal, then the CC processor. I can think of both legit and non legit reasons for this, but with the above, I didn't focus on the legit.

    Today he placed a 3rd order, this time using a Honduras address and a different domain name. He also contacted me via email asking for an explaination. I told him what my reasons were and after a few emails he simply said "ok, wait for an attack soon".

    Personally, I don't think a legit customer would say or do this. I had explained as nicely as I could that I won't honor his order for the reasons above. What are your thoughts on the above? I'm sure there have been others in similar situations. How many times have the threats been emtpy versus real? I know that the answer to that last question won't really help me, but I'm just curious.
    Sounds like two guys taking themselves too serious (oh I forgot its not allowed to be "unfriendly" here...I mean one guy taking himself too serious). For me getting money means setting up an account. As long as nobody complains its not my problem.

  12. #12
    Join Date
    Nov 2001
    Location
    The South
    Posts
    5,403

    Re: Re: Has anyone else recieved threats of attacks?

    Originally posted by taketo
    Sounds like two guys taking themselves too serious (oh I forgot its not allowed to be "unfriendly" here...I mean one guy taking himself too serious). For me getting money means setting up an account. As long as nobody complains its not my problem.
    Until you eat a few chargebacks... The situation this guy described would definitely setoff some red flags without a doubt.
    Gary Harris - the artist formerly known as Dixiesys
    resident grumpy redneck

  13. #13
    Join Date
    Apr 2004
    Posts
    295
    >"why wait, do it now, but go outside I'm not cleaning up the
    >damned mess".

    At law school I've seen a picture of a woman who had shot herself after she had threatened to do it and her husband told her to go ahead... Didn't look very nice, especially when the prof said: And the white thing right here is her brain.

    At TV its always like most murderes threaten to do it before they do so I really wouldn't agree to what you've just said.

    Still I don't think this guy will do an attack. He was simply pissed off and wanted to leave as a winner or something.

  14. #14
    Join Date
    Apr 2004
    Posts
    295
    Originally posted by Dixiesys
    Until you eat a few chargebacks...
    That's another thing that speaks for low pricing... You don't depend on just a couple of payments and chargebacks don't hurt you a lot.

  15. #15
    Join Date
    Nov 2001
    Location
    The South
    Posts
    5,403
    Originally posted by taketo
    That's another thing that speaks for low pricing... You don't depend on just a couple of payments and chargebacks don't hurt you a lot.
    Most merchant accounts charge a fee per chargeback seems to run from 15-25 bucks each, ALSO if your chargebacks get too numerous they will yank your merchant account and I've heard that once you've lost a merchant's account it's next to impossible to get another one. To me that would hurt quite a lot. I absolutely hate chargebacks.
    Gary Harris - the artist formerly known as Dixiesys
    resident grumpy redneck

  16. #16
    Join Date
    Mar 2004
    Posts
    1,301
    Dixiesys,

    is there some sort of record or rating that identifies your domain/hosting loosing a merchant account? Please let me know where we can get such information, thanks
    "Web Hosting is not just about selling space, it is about facilitating customers needs with your plans and supporting the customer for a long lasting mutually beneficial relationship."- Yaser

  17. #17
    Join Date
    Nov 2001
    Location
    The South
    Posts
    5,403
    Originally posted by Yaser
    Dixiesys,

    is there some sort of record or rating that identifies your domain/hosting loosing a merchant account? Please let me know where we can get such information, thanks
    Well I don't know for sure, I've heard about "a blacklist" of merchants and people who've lost merchant accounts and that if you lose one and are put on this list it's basically impossible to get another one, have I seen proof of such a list? Not firsthand so for all I know it's a myth but someone more versed than I about merchant accounts can probably answer (sounds like a job for CDGcommerce man! haha).
    Gary Harris - the artist formerly known as Dixiesys
    resident grumpy redneck

  18. #18
    Join Date
    Mar 2004
    Posts
    1,301
    Thanks for your comment, yea maybe we can ask cdgcommerce for help if we do get blacklisted
    "Web Hosting is not just about selling space, it is about facilitating customers needs with your plans and supporting the customer for a long lasting mutually beneficial relationship."- Yaser

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •