Monday, August 18, 2008

Re: [asterisk-biz] Fraud. (here we go again)

Thanks for the reply Igor. :)

I googled a little bit, and I don't see keeping lists as a viable
option. There is basically an infinite number of proxies out there
so it is impossible to block them all until after the fact. :(

What I am going to try, is write something inside my payment
modules to try and connect to common proxy ports on the REMOTE_ADDR,
and if was able to connect to say port 80 - make a note on the IP
address that it is most likely a proxy.

The code is pretty simple, but the side effect is a delay in serving
the page while the ports are being tried. I set it to a timeout of 1
second for each port to avoid this as much as possible, but we'll see
how well this works...

Also, it is possible that some proxies use non-common ports, or
are not open to the public, in which case this approach will fail.

I'll let you all know the results after we tested it for a while...

Thanks,

-- Nitzan

--- On Mon, 8/18/08, emist <emistz@gmail.com> wrote:

> From: emist <emistz@gmail.com>
> Subject: Re: [asterisk-biz] Fraud. (here we go again)
> To: nk3569@yahoo.com, "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz@lists.digium.com>
> Date: Monday, August 18, 2008, 6:06 PM
> Hello Nitzan,
>
> As to how they do it its not very hard to proxy http
> requests(or any
> other request for that matter). There are plenty of
> publicly available
> proxy servers as well as servers that aren't intended
> to be used by the
> public but due to the sys-admin's misconfiguration they
> are open to the
> outside world. Most modern browsers can be configured to
> use proxy
> servers directly and tools exist such as proxychains that
> let you proxy
> pretty much any type of traffic through socks proxies.
>
> As to how to stop it...thats sort of a hard question. Maybe
> you could
> find sites with public proxy listings and write a script to
> flag any
> deposits made from any of the ips listed, but this
> won't help against
> non-publicly disclosed proxies.
>
> Regards,
>
> Igor H.
>
> Nitzan Kon wrote:
> > Hi list! :)
> >
> > We've got hit with a guy in Vietnam who's
> creating accounts with
> > stolen American credit cards. Usually they are really
> easy to stop,
> > but this guy is matching the IP address to the credit
> card address.
> >
> > Anyone knows how they do that? I am 100% sure they are
> located in
> > Vietnam as their SIP IP address is 222.252.42.118. So
> somehow they
> > go through a proxy or something to fake the IP
> location. Any idea
> > how they do that - and more importantly - how to stop
> that on a
> > systematic level?
> >
> > Thanks!
> >
> > --
> > Nitzan Kon, CEO
> > Future Nine Corporation
> > www.future-nine.com
> >
> > _______________________________________________
> > --Bandwidth and Colocation Provided by
> http://www.api-digital.com--
> >
> > AstriCon 2008 - September 22 - 25 Phoenix, Arizona
> > Register Now: http://www.astricon.net
> >
> > asterisk-biz mailing list
> > To UNSUBSCRIBE or update options visit:
> >
> http://lists.digium.com/mailman/listinfo/asterisk-biz
> >

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

AstriCon 2008 - September 22 - 25 Phoenix, Arizona
Register Now: http://www.astricon.net

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

No comments: