All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Fraudulent order coming from ColoCrossing IP?
Hello,
I think most of providers in this situation but i'd like to know how can i fix this problem ?
Order: ''Date: 19/12/2013 12:22 IP Address: 192.3.149.46 Host: host.colocrossing.com''
They are created dispute on paypal. PayPal said ''you won'' because we provided what we write on website and offer thread. Than they are moved this dispute to their bank. Now.. they are take money... What if this situation happens for lot of times -.-'
I'd like to talk Darren Sears. Cause he is fraudulent.
PS: I don't want to talk about that little money at LET. Real problem is what if lots of people do this ? How can i detect fraudulents and block them
Edit: I'm not talking about owners of colocrossing. But i don't understand why they are accept this ?
Thank you!!
Comments
It's just someone using a Colocrossing IP as a proxy of some sort.
Welcome to anti-fraud and risk management in ecommerce.
Honestly, it'd be a reasonable policy for providers to just block datacenter-networks from orders.
Colocrossing
OVH
BuyVM
And probably a few more, just can't think of them right now.
@MrX How can i minimize it ? Any addon for WHMCS ?
Where are you from Sander?
lol.
You should probably check your orders with maxmind or something before you approve it.
You should probably change your title, it is someone who proxied using a Colocrossing server to place a fraudulent order, rather than Colocrossing committing fraud.
Bear in mind you are posting (and advertising on your signature) on a forum that is owned by CC, on another CC server
If you're using MaxMind it usually flags colocrossing ip's, and unless they use an address near their datacenters it will also flag for distance.
Screen every customer by hand. That is how we are doing it. It is slow and not automated but you are safe 100%
@Sander how using or abusing someone's service make from host fraud. Your service will be used and abused too. Are you fraudster because of that? Sorry, but this what you posted is nonsense.
RamSwitch | FRAUD
maxmind plugin for WHMCS has a tick box so you can auto block any orders from VPN/Proxy IP's and 99.9% of DC and host (none residential) IP's are blocked or classed as Proxy/VPN traffic.
We are doing this but I disagree it is safe 100%.
We do not allow:
-Proxies of any kind (that we can detect, or rather Max does);
-Fake addresses, fake phone numbers;
-Multiple accounts when we can detect them.
Yet, while fraud rate is definitely going down, it still happens.
I have to admit there will always be criminals smarter than the cops, I am only learning this trade for a few months.
We used to have automated provisioning at first then gradually reduced it, first to Biz plans only (thought they are more expensive and spammers and other abusers will go elsewhere), then they were the most abused plans, especially Biz Xen, so now we have everything on manual. It might be a nuisance, especially for customers, but most abuse we have now (90%+) is from compromised machines of old customers in good standing (zPanel Kloxo and the like) than from new customers spamming/scanning from first hour.
Well, its highly unlikely that someone from Colocrossing itself ordered a VPS from you. They have a few of their own datacenters. Also, that IP seems to be in Buffalo, where a lot of providers here provide services using Colocrossing, anyone could have gotten a VPS from someone who uses Colocrossing and then used a VPN to order a VPS from you. You should use MaxMind, it automatically flags such orders as fraud. You can get it for free(well, 1000 checks) with your WHMCS license.
Someone from RamSwitch IP address sent me spam mail. Omfg #"%$#&$%/%&((R&%$#!$ RamSwitch are spammers!!!! I hate RamSwitch!!!! omg... I don't care but this is RamSwitch. Fraudsters and spammers!!!!
@Sander do you get what I mean? Does client who use your hosting service to commit abuse makes from you a spammer and fraudster?
After I saw the title and started reading your post I honestly wanted to facepalm with a hot clothing iron. It's someone using a Proxy or VPN with an IP address that belongs to ColoCrossing.
You are right it is not 100% i went to far with that, but much more safer than maxmind. Clients don't like it at all. Now days everyone expect instant server delivery.
I almost said go easy on the guy he learned something today. Then I saw he's a provider. No sympathy. Forty five seconds on google and he could've figured out their default PTR.
Isn't the default rDNS for ColoCrossing IPs set to that host? I've seen it a lot on servers I purchased through other companies that host with them.
But yes, probably someone who ordered with a VPS that has a CC IP.
Yup.
Title should be changed really and yes blocking proxies/vpns from MaxMind resolves this issue mostly.
It depends which ones.
Those which like clean IPs and good neighbours will appreciate it, it is not like a good customer has to move in a hurry to get up an running his site after being kicked someplace else, these moves are normally planned at least a week before, providers considered, VPS(es) tested, etc.
I do not say all customers that cannot wait a few hours are fraudsters, but chances are a long term relationship is built with patience and with someone which plans things in advance and considers the options well.
Prometeus is not trying to win any popularity contest, we try to offer enterprise grade solutions at affordable prices and are here on the long term.
I was about to do that and just did :-)
I agree. Quiet and friendly neighborhood is best for everyone.
Yes i understand it's proxy. And thanks for chan> @Heinz said:
Sorry. I didn't mean colocrossing is fraudulent.
I know it's someone who proxied using a colocrossing server.
I'm partner of RamSwitch. I'm not alone. I'm not technician.
Fair enough. I think everyone gave you some good information then.
Yes, but i wrote something wrong. People who reads they think i'm talking about owners of colocrossing. I didn't mean that.
You know NOW, but you thought it was ColoCrossing BEFORE everyone told you.
And you know how I was talking about facepalming with a hot clothing iron earlier? Now I want to facepalm against a stove because of the latest question you've asked: "I'm not talking about owners of colocrossing. But i don't understand why they are accept this ?"
ColoCrossing manages over 400K IP addresses. Do you really think that they are going to watch every single IP every second of the day, especially when they're the DATACENTER, who PROVIDERS lease servers and IPs from ..?
Whoever hired you to work for RamSwitch should be ashamed. I'm expressing zero sympathy for you right now because as a provider/provider partner/whatever, you should know better. And whoever is interested in purchasing services from RamSwitch is going to google the name, find this thread, and find out how unexperienced their staff members are.
well, they should use another common rDNS instead host.colocrossing.com to customer.colocrossing.com or something like that.
Understood. Thank you I know they can't watch. Just asking..
I'm not PROVIDING any TECHNICAL/SALES/SUPPORT ticket at RamSwitch. They are hired me only advertising.
So why are people not doing this in the first place?
Sigh...good thing the guy who scammed you weren't using internet from AT&T or companies like that, if they do you would have got yourself a law suit for libel.
I know English may not be your first language, but you really need to be careful of what you say on the Internet, especially we all know that these days, nothing is absolutely secure and private, particularly when you are advertising your business in the signature.
And honestly, for a business to be registered in Netherlands and having a New York phone number...I think you probably need to convince us that you are doing a honest business to start with.