Web Hosting Talk : Web Hosting Main Forums : Running a Web Hosting Business : Indonesia, Malaysia and the Phillipines???

[Vortech]

Any one know where i could find a list of all the IP's to Indonesia, Malaysia and the Phillipines so i can block them from our system. Have got about 100 FAKE, FRUDE orders from over there in the last 2 days.

If any one knows an easy way to find htis out would be great..

Thanks

[gabeosx]

Here is the .htaccess deny list that I use... its a couple of lists from here spliced together, along with some subnets recorded on my Revecom account.

AuthName "Country access blocked"
AuthType Basic
<Limit GET POST>
order allow,deny
allow from all
deny from .id
deny from .interpacket.net
deny from .lt
deny from .mk
deny from .my
deny from .ro
deny from .yu
deny from .pl
deny from 139.92
deny from 152.158
deny from 161.142
deny from 194.102.130
deny from 194.165
deny from 202.134
deny from 202.145
deny from 202.146
deny from 202.148
deny from 202.149
deny from 202.149
deny from 202.150
deny from 202.150
deny from 202.151
deny from 202.152
deny from 202.152
deny from 202.154
deny from 202.155
deny from 202.155
deny from 202.157
deny from 202.158
deny from 202.160
deny from 202.162
deny from 202.164
deny from 202.168
deny from 202.171
deny from 202.178
deny from 202.180
deny from 202.183
deny from 202.184
deny from 202.185
deny from 202.186
deny from 202.187
deny from 202.188
deny from 202.189
deny from 202.190
deny from 202.4
deny from 202.46
deny from 202.47
deny from 202.57
deny from 202.93
deny from 202.95
deny from 207.192.198
deny from 210.14
deny from 210.16
deny from 210.186
deny from 210.19
deny from 210.56
deny from 212.138
deny from 212.19
deny from 212.50
deny from 212.59
deny from 213.169
deny from 213.240
deny from 216.3.242.10
deny from 217.9
deny from 62.220.194
deny from 64.110
deny from 64.49
deny from 202.87
deny from 212.75
deny from 202.137
deny from 65.1
deny from 80.96
</Limit>

[serve-you]

You could try finding the top ISP's in those countries. There aren't that many. Then just block their entire IP subnets. I know Jaring is the biggest in malaysia, and was the host to many unsavory script kiddiez last I checked.

-Dan

[danushman]

In defense of Malaysia:

While I am sure it is home to a lot of bad people, there are a lot of good honest people there too. I happen to do business with a few of them, and really feel that it is a shame that they are getting such a bad name as they are trying to do exactly what I am: make a living honestly.

I think the best protection against fraud from this part of the world is to manualy check every order from it... But that may be hard to do... Ohh well...

[serve-you]

I couldn't agree with you more Refsoft. I've had problems personally with large numbers of hackers coming from other countries. It's nearly impossible to get any sort of cooperation with the ISP's at fault. Which leaves little alternative but to block them entirely.

It's a shame, and I feel sorry for the people that aren't involved in such activities. But you will find that more and more sites & services, are completely blacklisting these ISP's now.

-Dan

[Bogdan]

Well, we have received 7 fraud orders last night (worth $400+) from '212.', all working credit card numbers, though I have cancelled all the transactions since I check them manually.

It's really annoying to receive fraud-orders, but after awhile you'll get used to it, just check every order carefully.

[danushman]

Dan (what a nice name you have there ),

I too have had quite a few peaces of smelly fraud make it to my order form from those countries, however, I have also received quite a large amount of fraud from inside the US, but if I blocked the US I would go out of business (and it would be really weird since I am in the US...)

The point: I don't think that I want to lose any legitimate business, no mater where it comes from, and if it means a bit more anti-fraud detective work, I'm up for it.

[Bogdan]

I agree with you, I just wanted to post that as a general comment. We receive our share of U.S. fraud orders too. Yesterday someone tried to submit 3 different CC#'s with different countries and names (same IP), one went through, but we never processed it. His IP traced to ATT.NET, I have contacted them about this, waiting to see what's going to happen.


As long as the client provides us with his own working CC#, I could personally careless what country they are from.

[serve-you]

Quote:

Originally posted by Refsoft
Dan (what a nice name you have there ),

I too have had quite a few peaces of smelly fraud make it to my order form from those countries, however, I have also received quite a large amount of fraud from inside the US, but if I blocked the US I would go out of business (and it would be really weird since I am in the US...)

The point: I don't think that I want to lose any legitimate business, no mater where it comes from, and if it means a bit more anti-fraud detective work, I'm up for it.

Once again, I agree with you fully. BUT, (I know this will be taken the wrong way) most US ISP's take action against their users when you contact them. I have not had much luck in a few other countries. This is when I blacklist.

-Dan

[zenwoo]

I am quite sure that the Malaysian Communications and Multimedia Commission (www.cmc.gov.my) would gladly deal with the matter if you contacted them. They are in charge of issuing licenses to Telcos and ISPs in Malaysia and would be able to deal with the respective ISPs. Malaysia has a number of cyberlaws including the Computer Crimes Act - enforced by the Computer Crime Unit of the Royal Police Department. This Act aims to clearly define cyberfraud, unauthorised access, etc.

FYI: Jaring is ONE of the largest ISPs in Malaysia. There are about 7 others now with approximately the same number of subscribers as Jaring.

[serve-you]

Great!
Thanks for the info.

-Dan

[MikeF]

Hi folks,
thanks everyone for this very educational thread.
Would anyone care to share the step by process they use, and the warning signs to detect fraudulent orders, and then the subsequent steps they take to remedy the situation?

[BeDifferentSolutions]

I read a long time ago that ***** has a very low fraud to signup rate. I am sure there are a fee reasons, but one that I noticed was the sign up form. It is a pian in the A** to sign up with them. Then after you get through it, they show your IP Address (or did) telling the person, they know where the sign up is from (of course unless it is spoofed). People who do fraud, do it so much they tend to avoid these forms in my opinion. It is just too big a pain for them when they can go to the next host and fill out a simple form. Since we changed our form a few years ago to be more specific, we have honestly cut our fraudulant orders in half.

I know you will sy that you will chase away customers with long forms, but I disagree. A customer who is honest willonly need to signup once. Also, most people no days have bought something online.. They know that those forms are even worse then the one they are filling out for web hosting.

Another thing to do is add the field "Issuing Bank for Credit Card". Most stolen cards are only numbers. So they will make up a bank. You can have your MC/Visa 800 number in speed dial. If you get one that doesn't feel right, but everytthing is matching up. Call MC/Visa and ask if the number matches the bank.

[serve-you]

Vortech uses similar methods to what you suggestsed UmBillyCord, yet he opened this thread. A determined fake, will continue no matter what's in their path. Granted, a large number of them will turn away. Obviously, it's still enough of a problem for him to complain about.

-Dan

[BeDifferentSolutions]

Quote:

Vortech uses similar methods to what you suggestsed UmBillyCord, yet he opened this thread. A determined fake, will continue no matter what's in their path.

It worked for us. If you don't think it will work for you, then don't try it. I could care less. It was something else to add to the list of things to *try*. Also, people tend take the path of least resistance. Once the fraud signs up once, if it is a pain, they are less likely to try again.

Also, vortech is not a large host (compared to hostway, CI, Pair, etc..). 100 fake sign ups sounds to me like there is more to it then is being posted in my opinion. Sounds like someone or group is purposely trying to cause damage to vortech.