ozmo Posted March 23, 2007 Share Posted March 23, 2007 During the last few days I have had three obvious fraudulant signups for small hosting accounts. I have banned the IP addresses which have been different each time but I am sure it is the same person due to the information entered. The only info they receive from my whmcs install is a receipt an invoice and their client login info i.e. Username and password to the client area. No hosting account info is sent as I did not manually approve their signup. Below is the signup info from one attempt (similar on every attempt). A new order has been placed. Order ID: 18 Client Name: fred fdsfdsf Product/Service: (array.array) etc...... Do you see any reason for me to panic? How can I stop this from happening? How does array.array show up in the domain field? Thanks for any insight you can give. Cheers, Rob 0 Quote Link to comment Share on other sites More sharing options...
dspotter Posted March 23, 2007 Share Posted March 23, 2007 Hey ozmo, I think you are doing the right think, you blocked the order. I believe all web hosts will get a fraud order every once in a while small or big, I can tell you that we got one today that was blocked. Came from Nigeria when you do a IP lookup. Not sure how to really stop it, since an online business is open to the whole world. The only way I can see to prevent any damage being done is by being alert to your orders, and approving only legit ones. Anything that looks fishy, you should verify the order before accepting it. Looks like you are already doing a good job at that. Where is fraud orders originating from? About the array.array...this is on a product that has no domain, thats why it shows that. Kind Regards, Derrick 0 Quote Link to comment Share on other sites More sharing options...
ozmo Posted March 24, 2007 Author Share Posted March 24, 2007 Thanks for your insight Derrick. To answer your question the IP was traced to Wisconsin. I guess I'll just have to ban that state Thanks again, Rob 0 Quote Link to comment Share on other sites More sharing options...
bear Posted March 24, 2007 Share Posted March 24, 2007 Until I added wording to the effect of "we fraud check all orders, no instant setups", we used to get several per week, sometimes several per day. They were mostly Paypal using stolen accounts. Since adding that, and manually processing signups, nearly no fraud orders. A little too easy... 0 Quote Link to comment Share on other sites More sharing options...
generic Posted March 25, 2007 Share Posted March 25, 2007 maybe someone was just looking through your order system, they clearly entered in bad data, dont think it was fraud... now when they enter in apparently good data, and a stolen card number, then start doing something. if you display your finished site on the forums, then others may look thru it and go thru the order process to see what you did.... a bad credit card number will still generate an order and a client access email. that is one thing i wish would not happen. if the order does not get charged, there shold not be any client emails going out, but they do... 0 Quote Link to comment Share on other sites More sharing options...
Rebel Posted March 25, 2007 Share Posted March 25, 2007 I think bear has the right solution, just mention all orders are manually checked for fraud, and no instant setups -- i think it will reduce the amount of fraud 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.