New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How do you handle anonymous orders and crypto payments?
juniorrrrr
Member
in General
Lately, I’ve been seeing a lot more VPS orders using temporary emails, fake details, and crypto payments. Up until the end of last year, we were outright blocking these orders, but starting this year, we decided to take a different approach—blocking SMTP ports by default to reduce spam instead.
Now, I’m considering opening things up and accepting these orders, but I still have some concerns. The obvious risks are abuse, botnets, attacks, and other shady activities. At the same time, I know there are legitimate users who just value privacy.
So I’m curious—how do you guys handle this?
- Do you approve these orders without much verification and just deal with issues if they come up later?
- Do you use any kind of filtering, like blocking temp emails or flagging certain IPs?
- How do you balance preventing abuse without making life harder for legit customers?
- Any tips for keeping resource usage and IP reputation in check?
Would love to hear how others are managing this.
Thanked by 1oloke
Comments
Forbid tempmails and be fast to act on abuse complaints received
Personally, I vet every order, I work in a completely manual mode, and I only work with people that I know personally, or through word-of-mouth. I pondered for a very long time whether or not I should sell en-masse or sell to the few and but make sure that it counts, and I decided that the risks outweigh the benefits.
Generally speaking, I know my entire user base - to a point, I don't know their every website, but I know that there is no spam, or funny business going on. They, obviously, mainly do not even use an email, let alone an identity - only a Telegram account, so you are essentially selling to a "ghost". It comes with risks, but I don't think you can do anything other than block all of these orders if you sell en-masse, and have no fraud preventions set in place.
For crypto payments, I think you should be fine as long as you take full customer information (name, address, phone, email, etc) and block Port 25. There is no need to block VPN/Proxies or limit spending amount, IMHO.
in China, u must have a thorough understanding of ur users, otherwise if they engage in illegal activities while using the service, u may be convicted of aiding information network activities
damn seriously?
Solid way to do solid businesses.
Call it luck, but I kid you not, I've not had a single issue (yet, touch wood) from crypto paying customers. I mean, we clearly do checks on name and address as well as a bunch of other things. If your name is Tom Cruise or Will Smith, yeah, it's a no go.
We don't do a full fledged KYC, but at least the signup information needs to look legit
Crypto customers are usually better than the fiat ones.
What attracts abuse more than anything is a low price. A $3 VPS is a throwaway, single use.
We require no KYC and most issues I've had have honestly come from our LET promos and stupid cheap deals posted here sometimes.
Low price often attracts low quality customers. It sounds bad, but quite frankly its true.
The vast majority of these I get are fine. The few that aren't get immediately deleted when I find their abuse
Spot on! @crunchbits , any words of widsom to add?
No, pretty well covered by everyone. I find crypto customers to generally be very good as well. Off the top of my head I can't think of any issues we've ever had specific to that group, in fact they're generally exceptionally friendly and polite. Maybe the higher trust required to pay with something where you can't leverage a $70B payment processor to beat up a small business keeps everyone a bit more cordial and rational. Though, I do get it can be riskier (for the customer) if it's not someone/a business you have some history or trust with.
realy,u can search "帮信罪" to learn about that
@beanman109 I feel attacked
i think manndude can make this up to you by giving you a $3 deal
Is this true @MannDude ?
3 dolla holla
If I pay in crypto, i preffer triple chain vpn on top of proxy. That’s my preference. If you use anonymous payment method and just doc your-self - than what’s the point? I have paypal for that.
Personally i prefer crypto payments mostly for this reason: saving money on conversion rates
paypal takes fees and also adds extra conversion fees
if i use cc directly, same.... bank adds extra conversion fee and then 18% GST on it.
in crypto also, there is a small fee but small compared to PP/CC and i prefer paying yearly for same reason..to save on these fees.
Another reason is being..when i pay with PP, one day i have to pay it again and i regret buying idle or unwanted vps that day.....if i use crypto...i don't need to feel any regret
If somebody is concerned about privacy, they should set their home datacenter. When a user ask for crypto, 99%, it can be for shady activities. There can be exceptions but is it worth the risk?
I can't confirm that, 99% of our crypto customers are not shady, Paypal payments are worse. In the last 30 days we have had around 50 Paypal cases, 49 of which are hacked Paypal accounts. Crypto is, except for refunds, super relaxed, so many non-shady customers pay with it and we still save thousands of euros every month in Stripe/Paypal fees.
How do you handle the bank side? In our country, the payment from crypto need to have proof and documents.
I use crypto because it usually sidesteps KYC -- how can they validate if a bitcoin address belongs to me vs if a credit card is stolen? Also, it sometimes makes a host more accommodating because they don't need to worry about chargebacks (even if you broke the TOS and forfeited that right). Also, with Stripe, I seem to get flagged as fraud, even when using my genuine details.
As for accepting crypto payments, I can vouch for SHKeeper open source crypto gateway from the amazing @vsys_host. Supports major coins (BTC, XMR, LTC, ETH). Took a bit of learning how to setup the network securely in Kubernetes and how to handle updates, but otherwise very straightforward. They are quite receptive to issues and PRs as well
Some crypto gateways (bitpay and coingate from my experience) still shadow ban you and force logins if they think you are shady. Shady = using anything other than Chrome on windows 11, and an IP recognised as residential. These are a cancer on the crypto payment world. Bitpay for example will delay or freeze your invoice (after paying), and then require you to email them for a refund. Coincidentally during high periods of crypto volatility after the value has gone down
. The eastern european gateways don't seem to have these problems, nor other self-hosted solutions like BTCPayServer.
you have been loosing customers ,
simply make them go through a kyc process and that solves it all
It seems you're trying to solve one problem with a set of irrelevant actions.
What kind of abuse do you experience?
Email spam? ⇒ Block port 25 by default, require contacting support to activate. Activate it with the delay (say, 2-3 days after the ticket), so the spammers won't see your offer as an attractive instant one-shot service for cheap spam.
Outgoing attacks? ⇒ Monitor the amount of connections to different hosts+ports. If there are 50000 connections, all for different ports, that's a flag to check further.
Botnets, as in CnC for bots? I don't have proper answer, but maybe scanning what's hosted on the web in on your IP range, make screenshots of the main web page and check it manually once in X day.
I use temp emails very often, and I'm connected always via VPN. I don't have any issues with many hosting providers and payment processors I use, but I remember one silly case: when I tried to donate for Mailcow software suite, their donation system did not allow to do that from the VPN IP address. When I reported this issue, all I got is: "Disconnect the VPN then". No dude, that means you won't receive the donation instead.
CnC are often hidden on some random TCP ports, no way you as an hosting provider can (or should) monitor this. I would just be fast to react on abuse complaints involving botnet CnC nodes from reputable services (spamhaus, aws shield, netcraft etc)
Accept push-ups as payment.
Order number must be in the video.
You can then know it's a real person instead of a bot making the order.
Cancel the order first. If the customer opens a ticket, ask them why they need to remain anonymous and what the purpose is. If it seems reasonable, inform them that if they violate the terms of service, the service will be shut down immediately, Then, activate the service and closely monitor various blacklist lists for the first one or two months. If the customer found to be engaging in spam, all orders from the IPs used for placing orders, logging into the panel, and SSH will be banned for two years.
Shhh... don't show him this.
It's the basic human right to keep anonymity over the Internet. Would you like to get my money? Don't crash my privacy!
Some don't want to sell their privacy and reputation only for money. So some providers are really concerned about your identity before providing your their valuable service.
@fatchan
Thank you so much for mentioning us and SHKeeper! We’re thrilled to read such positive feedback and would love to hear your more detailed thoughts. Please feel free to message us directly! We are always striving to make SHKeeper even better!
We’re also excited to share that SHKeeper now supports even more coins: BTC, ETH, LTC, DOGE, XMR, XRP, TRX, BNB, SOL, MATIC, AVAX, USDT (ERC20, TRC20, BEP-20, Polygon, Avalanche), and USDC (ERC20, TRC20, BEP-20, Polygon, Avalanche). We’re continuously working on improvements!
If anyone in this thread is looking for a non-custodial processor to accept crypto payments, feel free to explore SHKeeper or reach out to us directly – we’d be happy to share more details and answer any questions!