Results 1 to 6 of 6

Thread: Fraud Blacklist

  1. #1
    Join Date
    Dec 2005
    Posts
    73

    Fraud Blacklist

    We've had a couple cases of fraud recently, and have blacklisted the IPs (which turned out to be proxy servers) of the perpetrators. It got me thinking... has anybody put together any kind of IP blacklist for fraudulent orders? Something like a DNSBL for spam, but focused on IPs that fraudsters use?

  2. #2
    Join Date
    Feb 2004
    Location
    UK
    Posts
    1,429
    Hi

    We use an off the shelf billing system (WHMCS) with in built fraud detection, so there must be some list out there...

    The company is maxmind, it maybe a useful plugin for your billing system

    Thanks

  3. #3
    Join Date
    Dec 2005
    Posts
    73
    We have WHMCS too, and already use MaxMind. But that's different than what I'm talking about... they give you a fraud score based on a number of things (including IP), but I'm talking about an actual blacklist for known fraud IPs

  4. #4
    Join Date
    Feb 2004
    Location
    UK
    Posts
    1,429
    I see

    So you mean they use a proxy in the country of the address they use for the transaction and therefore get a relatively low score, as maxmind doesnt know that the ip is a proxy.

    The WHMCS order screening does sometimes inform you that its a known open proxy, so there must be a list out there somewhere. but all it needs is for the fraudster to keep getting a VPS or something and keep registering ...

  5. #5
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    965
    these people are not stupid if we all start using blacklists they will find another way, its an endless war that we will never win unless we take cash payments in person
    Jon Black

  6. #6
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Maxmind is a great service, but if you're looking to run an IP addresss against the common blacklists (known spammers, proxy servers, compromised computers, etc) try the following free service:

    Link:
    http://www.robtex.com/rbl/

    The Multi-RBL check is a valuable source, but keep in mind that a lot of IP addresses are blocked because they are cable modems or ISP's with dynamic IP addresses and that doesn't make it a fraud risk, so you have to understand the results and what each blacklist does.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •