Re: [asterisk-biz] Fraud. (here we go again)

Fraudlabs also has a proxy detection web service. I can't say how accurate it is but it's free to set up an account so you can run that IP through it and see what result you get. Alan www.group2call.com --- On Mon, 8/18/08, Nitzan Kon <nk3569@yahoo.com> wrote: From: Nitzan Kon <nk3569@yahoo.com> Subject: Re: [asterisk-biz] Fraud. (here we go again) To: "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz@lists.digium.com> Date: Monday, August 18, 2008, 3:52 PM Thanks for the reply Igor. :) I googled a little bit, and I don't see keeping lists as a viable option. There is basically an infinite number of proxies out there so it is impossible to block them all until after the fact. :( What I am going to try, is write something inside my payment modules to try and connect to common proxy ports on the REMOTE_ADDR, and if was able to connect to say port 80 - make a note on the IP address that it is most likely a proxy. The code is pretty simple, but the side effect is a delay in serving the page while the ports are being tried. I set it to a timeout of 1 second for each port to avoid this as much as possible, but we'll see how well this works... Also, it is possible that some proxies use non-common ports, or are not open to the public, in which case this approach will fail. I'll let you all know the results after we tested it for a while... Thanks, -- Nitzan --- On Mon, 8/18/08, emist <emistz@gmail.com> wrote: > From: emist <emistz@gmail.com> > Subject: Re: [asterisk-biz] Fraud. (here we go again) > To: nk3569@yahoo.com, "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz@lists.digium.com> > Date: Monday, August 18, 2008, 6:06 PM > Hello Nitzan, > > As to how they do it its not very hard to proxy http > requests(or any > other request for that matter). There are plenty of > publicly available > proxy servers as well as servers that aren't intended > to be used by the > public but due to the sys-admin's misconfiguration they > are open to the > outside world. Most modern browsers can be configured to > use proxy > servers directly and tools exist such as proxychains that > let you proxy > pretty much any type of traffic through socks proxies. > > As to how to stop it...thats sort of a hard question. Maybe > you could > find sites with public proxy listings and write a script to > flag any > deposits made from any of the ips listed, but this > won't help against > non-publicly disclosed proxies. > > Regards, > > Igor H. > > Nitzan Kon wrote: > > Hi list! :) > > > > We've got hit with a guy in Vietnam who's > creating accounts with > > stolen American credit cards. Usually they are really > easy to stop, > > but this guy is matching the IP address to the credit > card address. > > > > Anyone knows how they do that? I am 100% sure they are > located in > > Vietnam as their SIP IP address is 222.252.42.118. So > somehow they > > go through a proxy or something to fake the IP > location. Any idea > > how they do that - and more importantly - how to stop > that on a > > systematic level? > > > > Thanks! > > > > -- > > Nitzan Kon, CEO > > Future Nine Corporation > > www.future-nine.com > > > > _______________________________________________ > > --Bandwidth and Colocation Provided by > http://www.api-digital.com-- > > > > AstriCon 2008 - September 22 - 25 Phoenix, Arizona > > Register Now: http://www.astricon.net > > > > asterisk-biz mailing list > > To UNSUBSCRIBE or update options visit: > > > http://lists.digium.com/mailman/listinfo/asterisk-biz > > _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz