<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">Fraudlabs also has a proxy detection web service. I can't say how accurate it is but it's free to set up an account so you can run that IP through it and see what result you get.<br><br><div>Alan<br></div>www.group2call.com<br><br>--- On <b>Mon, 8/18/08, Nitzan Kon <i><nk3569@yahoo.com></i></b> wrote:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;">From: Nitzan Kon <nk3569@yahoo.com><br>Subject: Re: [asterisk-biz] Fraud. (here we go again)<br>To: "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz@lists.digium.com><br>Date: Monday, August 18, 2008, 3:52 PM<br><br><pre>Thanks for the reply Igor. :)<br><br>I googled a little bit, and I don't see keeping lists as a viable<br>option. There is basically an infinite number of proxies out there<br>so it is impossible to block them
all until after the fact. :(<br><br>What I am going to try, is write something inside my payment<br>modules to try and connect to common proxy ports on the REMOTE_ADDR,<br>and if was able to connect to say port 80 - make a note on the IP<br>address that it is most likely a proxy.<br><br>The code is pretty simple, but the side effect is a delay in serving<br>the page while the ports are being tried. I set it to a timeout of 1<br>second for each port to avoid this as much as possible, but we'll see<br>how well this works...<br><br>Also, it is possible that some proxies use non-common ports, or<br>are not open to the public, in which case this approach will fail.<br><br>I'll let you all know the results after we tested it for a while...<br><br>Thanks,<br><br> -- Nitzan<br><br>--- On Mon, 8/18/08, emist <emistz@gmail.com> wrote:<br><br>> From: emist <emistz@gmail.com><br>> Subject: Re: [asterisk-biz] Fraud. (here we go again)<br>> To:
nk3569@yahoo.com, "Commercial and Business-Oriented Asterisk<br>Discussion" <asterisk-biz@lists.digium.com><br>> Date: Monday, August 18, 2008, 6:06 PM<br>> Hello Nitzan,<br>> <br>> As to how they do it its not very hard to proxy http<br>> requests(or any<br>> other request for that matter). There are plenty of<br>> publicly available<br>> proxy servers as well as servers that aren't intended<br>> to be used by the<br>> public but due to the sys-admin's misconfiguration they<br>> are open to the<br>> outside world. Most modern browsers can be configured to<br>> use proxy<br>> servers directly and tools exist such as proxychains that<br>> let you proxy<br>> pretty much any type of traffic through socks proxies.<br>> <br>> As to how to stop it...thats sort of a hard question. Maybe<br>> you could<br>> find sites with public proxy listings and write a script to<br>> flag any<br>>
deposits made from any of the ips listed, but this<br>> won't help against<br>> non-publicly disclosed proxies.<br>> <br>> Regards,<br>> <br>> Igor H.<br>> <br>> Nitzan Kon wrote:<br>> > Hi list! :)<br>> > <br>> > We've got hit with a guy in Vietnam who's<br>> creating accounts with<br>> > stolen American credit cards. Usually they are really<br>> easy to stop,<br>> > but this guy is matching the IP address to the credit<br>> card address.<br>> > <br>> > Anyone knows how they do that? I am 100% sure they are<br>> located in<br>> > Vietnam as their SIP IP address is 222.252.42.118. So<br>> somehow they<br>> > go through a proxy or something to fake the IP<br>> location. Any idea<br>> > how they do that - and more importantly - how to stop<br>> that on a<br>> > systematic level?<br>> > <br>> > Thanks!<br>> > <br>> >
--<br>> > Nitzan Kon, CEO<br>> > Future Nine Corporation<br>> > www.future-nine.com<br>> > <br>> > _______________________________________________<br>> > --Bandwidth and Colocation Provided by<br>> http://www.api-digital.com--<br>> > <br>> > AstriCon 2008 - September 22 - 25 Phoenix, Arizona<br>> > Register Now: http://www.astricon.net<br>> > <br>> > asterisk-biz mailing list<br>> > To UNSUBSCRIBE or update options visit:<br>> > <br>> http://lists.digium.com/mailman/listinfo/asterisk-biz<br>> ><br><br>_______________________________________________<br>--Bandwidth and Colocation Provided by http://www.api-digital.com--<br><br>AstriCon 2008 - September 22 - 25 Phoenix, Arizona<br>Register Now: http://www.astricon.net<br><br>asterisk-biz mailing list<br>To UNSUBSCRIBE or update options visit:<br>
http://lists.digium.com/mailman/listinfo/asterisk-biz<br></pre></blockquote></td></tr></table><br>