[asterisk-biz] Fraud. (here we go again)

Al Lougher alougher at yahoo.com
Tue Aug 19 09:03:05 CDT 2008


Fraudlabs also has a proxy detection web service. I can't say how accurate it is but it's free to set up an account so you can run that IP through it and see what result you get.

Alan
www.group2call.com

--- On Mon, 8/18/08, Nitzan Kon <nk3569 at yahoo.com> wrote:
From: Nitzan Kon <nk3569 at yahoo.com>
Subject: Re: [asterisk-biz] Fraud. (here we go again)
To: "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz at lists.digium.com>
Date: Monday, August 18, 2008, 3:52 PM

Thanks for the reply Igor. :)

I googled a little bit, and I don't see keeping lists as a viable
option. There is basically an infinite number of proxies out there
so it is impossible to block them all until after the fact. :(

What I am going to try, is write something inside my payment
modules to try and connect to common proxy ports on the REMOTE_ADDR,
and if was able to connect to say port 80 - make a note on the IP
address that it is most likely a proxy.

The code is pretty simple, but the side effect is a delay in serving
the page while the ports are being tried. I set it to a timeout of 1
second for each port to avoid this as much as possible, but we'll see
how well this works...

Also, it is possible that some proxies use non-common ports, or
are not open to the public, in which case this approach will fail.

I'll let you all know the results after we tested it for a while...

Thanks,

  -- Nitzan

--- On Mon, 8/18/08, emist <emistz at gmail.com> wrote:

> From: emist <emistz at gmail.com>
> Subject: Re: [asterisk-biz] Fraud. (here we go again)
> To: nk3569 at yahoo.com, "Commercial and Business-Oriented Asterisk
Discussion" <asterisk-biz at lists.digium.com>
> Date: Monday, August 18, 2008, 6:06 PM
> Hello Nitzan,
> 
> As to how they do it its not very hard to proxy http
> requests(or any
> other request for that matter). There are plenty of
> publicly available
> proxy servers as well as servers that aren't intended
> to be used by the
> public but due to the sys-admin's misconfiguration they
> are open to the
> outside world. Most modern browsers can be configured to
> use proxy
> servers directly and tools exist such as proxychains that
> let you proxy
> pretty much any type of traffic through socks proxies.
> 
> As to how to stop it...thats sort of a hard question. Maybe
> you could
> find sites with public proxy listings and write a script to
> flag any
> deposits made from any of the ips listed, but this
> won't help against
> non-publicly disclosed proxies.
> 
> Regards,
> 
> Igor H.
> 
> Nitzan Kon wrote:
> > Hi list! :)
> > 
> > We've got hit with a guy in Vietnam who's
> creating accounts with
> > stolen American credit cards. Usually they are really
> easy to stop,
> > but this guy is matching the IP address to the credit
> card address.
> > 
> > Anyone knows how they do that? I am 100% sure they are
> located in
> > Vietnam as their SIP IP address is 222.252.42.118. So
> somehow they
> > go through a proxy or something to fake the IP
> location. Any idea
> > how they do that - and more importantly - how to stop
> that on a
> > systematic level?
> > 
> > Thanks!
> > 
> > --
> > Nitzan Kon, CEO
> > Future Nine Corporation
> > www.future-nine.com
> > 
> > _______________________________________________
> > --Bandwidth and Colocation Provided by
> http://www.api-digital.com--
> > 
> > AstriCon 2008 - September 22 - 25 Phoenix, Arizona
> > Register Now: http://www.astricon.net
> > 
> > asterisk-biz mailing list
> > To UNSUBSCRIBE or update options visit:
> >   
> http://lists.digium.com/mailman/listinfo/asterisk-biz
> >

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

AstriCon 2008 - September 22 - 25 Phoenix, Arizona
Register Now: http://www.astricon.net

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-biz



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20080819/a27dfa91/attachment.htm 


More information about the asterisk-biz mailing list