Jump to content

suspicious customer - what to do?

nutsandbolts

By nutsandbolts
in General Discussion

 Share

Recommended Posts

nutsandbolts Junior Member

nutsandbolts

Posted
Posted

Hi all. I'm new to the forums and to WHMCS so I hope I'm in the right place.

 

Last night I got an email notification of a new signup. Since I just started my hosting company about a month ago, I was surprised - most of my customers have been people I know.

 

The customer passed fraud checks and registered one domain, so I approved the account, but later I thought it was odd that someone would randomly find me. I viewed my real time stats on Analytics and found that the person had searched "website hosting powered by WHMCS." Of course this set off a red flag.

 

I have taken all the steps to protect my installation (moving directories, renaming the WHMCS folder, etc.) and I use strong passwords. But I can't help feeling like I should boot this guy before he tries to hack my installation instead of waiting for an attempt. I googled his phone number and found the same address and number associated with a ton of hosting signups in the past few months - all with different names.

 

He has set up an email account in cPanel (with a woman's name) and changed his nameservers but otherwise hasn't made any attempt to load files or set up his site. Yet. I feel like I'm just sitting around waiting for something to happen.

 

So now that I've written a book, these are my questions:

  • Do you guys find this as suspicious/strange as I do?
  • Would you leave the guy alone or refund his money and boot him?
  • Are there other actions I should be taking to protect my WHMCS install and/or my hosting account?

 

I would appreciate any tips or advice. This one is freaking me out!

0
Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
Posted
I don't offer any free accounts. He signed up for the cheapest shared account ($5/month for very limited space/bandwidth) and paid with a credit card.

 

I would be wary of this and as they paid with credit card.

 

how did they pay using the card?

was it through a payment provider like Paypal?

 

If it was i would refund as if they paid it may be with a stolen card and you could end up with chargeback fees.

 

He has set up an email account in cPanel (with a woman's name) and changed his nameservers but otherwise hasn't made any attempt to load files or set up his site. Yet.

 

he could have set it up to send spam, so would not need to upload any files as he would just need an email account. check your email logs against this users account to see if their is anything that stands out.

0
Link to comment
Share on other sites
jols Junior Member

jols

Posted
Posted

The customer's IP address is recorded with the order, it should be right there in the client summary. Look up his IP address, e.g. here - http://www.maxmind.com/en/geoip_demo and then check to see if the CC billing address location matches, or comes close to where the IP lookup says he is from.

 

This is not a 100% accurate method. I have seen California residents with a New York IP as indicated by maxmind.com, but this was because NY happens to be where his cable company is located. However if the CC street address is in Texas, but the IP lookup lists Romania, well then....

0
Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted
I have seen California residents with a New York IP as indicated by maxmind.com, but this was because NY happens to be where his cable company is located.

I've never seen that myself. Check my own, shows me within a town or so of my real location (expected), not the ISPs headquarters. In all the checks I've run, I've never come across it being the ISP and not the user. An exception might be if they visit on a smart phone via mobile ISP, I'd venture to guess.

Which ISP?

0
Link to comment
Share on other sites
  • 2 months later...
delusion Junior Member

delusion

Posted
Posted

Wow.. it's like I wrote the first few lines myself.

 

We're also a young hosting company and had a signup this afternoon from France, which is odd, because we're in Canada. We found out that the person uploaded a script to spam about 500 people through email to fill out a form with credit card information (they created a very convincing "Verified by VISA email").

 

Anyway, tonight we got another one, signing up for the same domain name, just a different extention.

 

So, what am I supposed to do with this? I'm 90% sure that the transactions will be returned by Stripe, because I suspect a stolen credit card, but I won't be able to get a refund for the domain from enom.

If this keeps going, we'll go broke on spamdomains. We've set our cPanel setup to manual approval for now, so the won't be any spamming going on.

 

Does anyone have advice for me?

0
Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
Posted
We don't register domains for international customers. We reefer them to namecheap.com instead.

 

registering local/international domains mean nothing as even users in your same country can reg domains to commit fraud by setting up phishing websites.

 

we recently had a prosepective cleint (50 miles away) try and register and set up hosting for finances-inc-yahoo.com, natually this was refused and local police informed.

0
Link to comment
Share on other sites
durangod Senior Member

durangod

Posted
Posted

I have very little patience for shenanigans. There is a level playing field here and the allowance for individuality is there. But i personaly wont stand for any tom foolery. The norm is that when someone gets hosting they immediately want to get sometihng going, most people dont just let it sit there like that. That for me to is a red flag that it might be a piece of a larger deal going on.

 

What i would do is watch them very very closely, if they violate the TOS in any way, even minor violation. Terminate them right away for TOS violation. No sense stressing over it and risking your other good customers over $5 a month.

 

Peace and good luck.

0
Link to comment
Share on other sites
mlew2 Senior Member

mlew2

Posted
Posted
I have very little patience for shenanigans. There is a level playing field here and the allowance for individuality is there. But i personaly wont stand for any tom foolery. The norm is that when someone gets hosting they immediately want to get sometihng going, most people dont just let it sit there like that. That for me to is a red flag that it might be a piece of a larger deal going on.

 

What i would do is watch them very very closely, if they violate the TOS in any way, even minor violation. Terminate them right away for TOS violation. No sense stressing over it and risking your other good customers over $5 a month.

 

Peace and good luck.

 

Well said no sense stressing on $5/mth

0
Link to comment
Share on other sites
durangod Senior Member

durangod

Posted
Posted

Thanks mlew2 :)

 

I wonder if it would be a good idea for us all to put our heads together and try to come up with some ideas for some TOS inclusions that would help us act faster on this. Im sure somewhere in this is a lesson and somewhere there is probably something we can all learn and maybe on a positive note add some things to our TOS to make them stronger. This certainly wont prevent it so much as it will allow us to act legally must faster which might avoid a potential disaster. So i feel that even with myself a stronger TOS or package rules is needed.

 

What do you all think about sharing some ideas on this?

 

How about:

1. all basic hosting purchases are requried to upload site files within 72 hours.

2. all basic hosting purchases must pay 2 years up front.

3. all basic hosting purchases are limited on emails for the first 3 months of service.

 

Any other ideas?

0
Link to comment
Share on other sites
searley Senior Member

searley

Posted
Posted

Not uploading files fast is not always a sign of wrong doing.. Many people but a domain and hosting at the same time.. And simply have not made the site yet.

 

I myself over the years have had many hosting plans that i have purchased for a 'special need' and that have sat dormantnfor several months until im ready.. So this alone is no reason to suspect..

 

Just wait and see what happens, if anything suspicious does then is the time to act

0
Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
Posted

 

How about:

1. all basic hosting purchases are requried to upload site files within 72 hours.

2. all basic hosting purchases must pay 2 years up front.

3. all basic hosting purchases are limited on emails for the first 3 months of service.

 

If i went to a host that had these3 restrictions then i would say goodbye and find another host.

 

Also i day say these types of restrictions would be a breach of trading laws. Does not say you have something in your TOS that it is legal.

 

I currently have a VPS that i purchased over 6 months ago and apart from securing the VPS and registering a domain for the specific project i have done nothing with it yet as I have not got round to sorting out the project i will be using the server for.

0
Link to comment
Share on other sites
durangod Senior Member

durangod

Posted
Posted (edited)
If i went to a host that had these3 restrictions then i would say goodbye and find another host.

 

Also i day say these types of restrictions would be a breach of trading laws. Does not say you have something in your TOS that it is legal.

 

I currently have a VPS that i purchased over 6 months ago and apart from securing the VPS and registering a domain for the specific project i have done nothing with it yet as I have not got round to sorting out the project i will be using the server for.

 

Understood, just tossing out ideas is all, nothing in concrete just talking is all. Thanks for your input, i see your point and agree.

 

Do you have any suggestions?

Edited by durangod
0
Link to comment
Share on other sites
delusion Junior Member

delusion

Posted
Posted
Do you do any kind of fraud checking; automatic, manual, or otherwise? Also, do you have any kind of security on the server(s) to scan for anything possibly malevolent?

 

Not yet. We're setting up a minFraud account now.

We do have a nightly process that emails us a list of any script uploaded in the last 24 hours that appears to send email. Is that enough?

0
Link to comment
Share on other sites
mlew2 Senior Member

mlew2

Posted
Posted

 

What do you all think about sharing some ideas on this?

 

How about:

1. all basic hosting purchases are requried to upload site files within 72 hours.

2. all basic hosting purchases must pay 2 years up front.

3. all basic hosting purchases are limited on emails for the first 3 months of service.

 

Any other ideas?

 

Got to agree these are too restrictive I can possibly see the 72 hours as most that want a site will load it as soon as they get the server info maybe pay 3 mths ahead and limit emails is always a good idea

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept