Sent from my wireless handheld.
On Aug 18, 2008, at 7:56 PM, "Steve Totaro" <stotaro@totarotechnologies.com> wrote:
I think it is less of known proxy, sysadmin, or misconfigured machine
issue and more of a compromised system, zombie issue.
I know last Tuesday was a HUGE M$ "patch Tuesday", not sure if any of
those exploits could be used for proxy or port redirection but if not
directly, they can probably be used to open a hole big enough to drive
a truck into let alone remote execution of a little bit of code to
insert such a hidden service.
http://news.cnet.com/8301-1009_3-10015517-83.html?hhTest=1&part=rss&subj=news&tag=2547-1_3-0-20
Not to mention all the bootleg copies of Windows that will not be able
to update and those that just won't bother.
We are not even talking about Malware, worms, or viruses here which is
what most people fear and feel "protected", even allowing their emails
to append some nonsense about being "scanned and virus free". So was
Subseven or basically any new virus at zero hour.
http://blog.wired.com/27bstroke6/2008/04/zombie-computer.html
Anyways, on to how to combat it. I think the only real way is to have
human intervention. A phone call to speak with the card holder would
probably cut it back drastically.
I think it was Gafachi that sent me a credit card authorization form
via snail mail which I thought was strange at the time but obviously
prudent with rampant fraud. This way they verify the mailing address
to some degree, get a signature, and have some paper trail. While it
could still be fraudulent, I think most would be eliminated. There
are easier targets and with the explanation about fighting fraud along
with the snail mail authorization form, I would totally understand.
Thanks,
Steve Totaro
On Mon, Aug 18, 2008 at 6:52 PM, Nitzan Kon <nk3569@yahoo.com> wrote:
Thanks for the reply Igor. :)
I googled a little bit, and I don't see keeping lists as a viable
option. There is basically an infinite number of proxies out there
so it is impossible to block them all until after the fact. :(
What I am going to try, is write something inside my payment
modules to try and connect to common proxy ports on the REMOTE_ADDR,
and if was able to connect to say port 80 - make a note on the IP
address that it is most likely a proxy.
The code is pretty simple, but the side effect is a delay in serving
the page while the ports are being tried. I set it to a timeout of 1
second for each port to avoid this as much as possible, but we'll see
how well this works...
Also, it is possible that some proxies use non-common ports, or
are not open to the public, in which case this approach will fail.
I'll let you all know the results after we tested it for a while...
Thanks,
-- Nitzan
--- On Mon, 8/18/08, emist <emistz@gmail.com> wrote:
From: emist <emistz@gmail.com>
Subject: Re: [asterisk-biz] Fraud. (here we go again)
To: nk3569@yahoo.com, "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz@lists.digium.com>
Date: Monday, August 18, 2008, 6:06 PM
Hello Nitzan,
As to how they do it its not very hard to proxy http
requests(or any
other request for that matter). There are plenty of
publicly available
proxy servers as well as servers that aren't intended
to be used by the
public but due to the sys-admin's misconfiguration they
are open to the
outside world. Most modern browsers can be configured to
use proxy
servers directly and tools exist such as proxychains that
let you proxy
pretty much any type of traffic through socks proxies.
As to how to stop it...thats sort of a hard question. Maybe
you could
find sites with public proxy listings and write a script to
flag any
deposits made from any of the ips listed, but this
won't help against
non-publicly disclosed proxies.
Regards,
Igor H.
Nitzan Kon wrote:
Hi list! :)
We've got hit with a guy in Vietnam who's
creating accounts with
stolen American credit cards. Usually they are really
easy to stop,
but this guy is matching the IP address to the credit
card address.
Anyone knows how they do that? I am 100% sure they are
located in
Vietnam as their SIP IP address is 222.252.42.118. So
somehow they
go through a proxy or something to fake the IP
location. Any idea
how they do that - and more importantly - how to stop
that on a
systematic level?
Thanks!
--
Nitzan Kon, CEO
Future Nine Corporation
www.future-nine.com
_______________________________________________
--Bandwidth and Colocation Provided by
http://www.api-digital.com--
AstriCon 2008 - September 22 - 25 Phoenix, Arizona
Register Now: http://www.astricon.net
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
AstriCon 2008 - September 22 - 25 Phoenix, Arizona
Register Now: http://www.astricon.net
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
AstriCon 2008 - September 22 - 25 Phoenix, Arizona
Register Now: http://www.astricon.net
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
AstriCon 2008 - September 22 - 25 Phoenix, Arizona
Register Now: http://www.astricon.net
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
No comments:
Post a Comment