Jump to content

Suspicious Order - Their IP is my Server's Hostname

davet

By davet
in General Discussion

 Share

Recommended Posts

davet Senior Member

davet

Posted
Posted

I received a suspicious order. You know, the one's in which they buy your most expensive package for the longest billing period?

 

Normally I check their IP address which is shown on the order but it shows one of my server's hostname there instead cpanel3.primary001.net

 

This isn't the server WHMCS is on but is one of my other servers. I thought that maybe they had an account already activated on my cpanel3.primary001.net server and were using proxy software to access WHMCS and place the order but doesn't SSL block proxies?

 

I'd like to find out how they were able to place this order and make it looks like it came from one of my servers? I'd also like to figure out what their real IP is?

 

I also use Live Chat software called Live Messenger and they sent a quesiton from there. That too showed their IP as cpanel3.primary001.net

 

Any ideas?

0
Link to comment
Share on other sites
ehuk Member

ehuk

Posted
Posted

As mentioned check the access logs, but it might also be worth calling them and asking them directly, it puts them on the spot (if you should get through) at which point you can also ask questions about what they intend to use the package for etc,

0
Link to comment
Share on other sites
davet Senior Member

davet

Posted
  • Author
Posted

my admins are looking into cpanel3.primary001.net to see if there is any suspicious activity but can I ban the server IP of cpanel3.primary001.net from within WHMCS to prevent this from happening again? Will that effect the provisioning of the sites on that server?

0
Link to comment
Share on other sites
redrat Senior Member

redrat

Posted
Posted
my admins are looking into cpanel3.primary001.net to see if there is any suspicious activity but can I ban the server IP of cpanel3.primary001.net from within WHMCS to prevent this from happening again? Will that effect the provisioning of the sites on that server?
It certainly will.
0
Link to comment
Share on other sites
davet Senior Member

davet

Posted
  • Author
Posted
I would also check to see if possibly you have some code either in htaccess or php.ini that is switching referrer info with visitor info... May be something on your end instead of the customers...

 

Well it only showed cpanel3.primary001.net on this one order which totaled close to $1000 which is not a typical purchase which leads me to believe it is fraud.

 

I don't think anything is wrong with php.ini or .htaccess since this problem would occur on all orders if there was, right?

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept