New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
The first thing to do is understand why you are attracting them. And before you say you have no idea, I do not believe you.
Sounds like you're advertising in the wrong places. Increase your fraud/abuse checking, disable automatic activation, add phone verification, reject any orders with fake details, and use common sense. You don't need to accept every order, you don't need every dollar, and you don't want every client.
In all fairness, you only need to be successfully targeted once. Advertising strategies only help so much. If they're good at what they do, the same one will appear as multiple people, making you think you're attracting more than you actually are.
Use maxmind.
I was just able to sign up using:
John Doe
1 street
City
UK
made up post code I cant remember
Phone number 12345678910
BTC is the default payment method, you have instant activation and I was taken through to the invoice to pay.
You are an open door, wide open to abuse, use maxmind, use fraud record, use common sense, this is the wild west and you are operating an honesty box.
I quite easily could have paid via bitcoin and started to send a DOS attack or create an open proxy or tor exit node and you would have no way of ever catching me.
@Lee Cheap servers and BTC
@KuJoe Some of them still can get away
@jarland Thanks, yes we do use Maxmind
Ok, so you know why you attract them, what you need to do now is identify the patterns and find a way to curb the abuse, very individual process.
Oh look:
You clearly dont, or if you think you do you have it set to "relax bro, I am sure it will be fine" mode or you have not configured it even remotely properly.
Guys you have to understand it is less than 0.01% not everyone or everything are frauds/criminals.
See above, you clearly have no real validation going on, you essentially allow instant and anonymous access to VPS servers, that is your issue.
Glad we could help.
Please mention how do you yourself measure the new orders as a provider and what you usually do when you get a new order.
And the second obvious issue is that you ignore advice:
He has already told you a key issue if you allow 100% of fake signups you cannot control what they then do until it is too late. You are enabling the Criminals/Phishers/Child Pornography guys.
@AnthonySmith @Lee Thank you guys for your feedback. I value your feedback.
If I am reading this right the fact is that you get a good chunk of business the way you operate, if you took all the advice given above you would lose most of it. Tough choice but if the element you are trying to stop really only represents 0.01% then you don't really have an issue?
We don't have it often. Not usually happens this year we had two occurrence but both they were in a month time. We had a few occurrence last year but I do love to use your valued experience on how you guys handle your business.
Thanks
The major thing to note is that 0.01% will cause 99.9% of your problems, including ones that may attract the attention of the authorities at a level that you wouldn't be able to stop or refute in a timely manner without losing business.
Exactly.
Also while we're on the subject: once upon a time, another large and popular host that doesn't participate in this forum but is used by people here had an open-door policy like you do where good people and bad people could sign up and buy a service and have it activated with zero human interaction.
The bad people got wind of this and started a revolving door of spam. After all, why bother with resolving spam complaints if you can just buy another service on another profile with no interlocking to prevent it from happening?
This nearly killed the business, because the friendly neighborhood mafia known as Spamhaus also caught wind that his was happening and responded with, basically, "lol no" to delisting requests after they listed a /13 of this company's. The good people started leaving because they couldn't get their email delivered, leaving only the bad people. As you've noted, there's far more good people than bad people, so this turned out to not be particularly efficient moneywise.
The company ended up having to buy Mailchannels at $xx,xxx per month to satisfy protection from the mafia.
Good luck!
And...? One of my brands does this also because:
Filter spam, filter outbound DDoS, check Tor lists, check blacklists, auto suspend and keep all payments.
Either you profit monetary or you profit by getting rid off them.
There are many bad hosters switching from one provider to another after abusing their network. You need to implement Know-your-customer (KYC) policy to screen all new customers like Bank to prevent abuse.
If you are using WHMCS, you can install the FraudLabs Pro module which it has a free tier. After that, configure the rules based on your own risk profiles. If you found any bad hoster, blacklist them in FraudLabs Pro immediately. If the user has been blacklisted by other web hosting company, it should be rejected for review. Do not approve any rejected orders unless you are sure it is a good customers.
I hope this suggestion helps many others.
bikies
Seller protection of paypal is a good startup.
https://www.paypal.com/us/webapps/mpp/security/seller-protection
Also try this too, https://fraudrecord.com/ but I didn't test it out because I am not a hosting provider.
This one FraudLabs Pro looks good. Do you use them?
As stated above there are a few tools like maxmind, fraudrecord, etc. Over time you will learn, see patterns, do your research and investigating before you accept an order.
The ROKSO spammers, come to mind, they are pretty good at fraud and opening new accounts trying to get service. At a glance they look legit and checkout, but a pattern appears. For example, some the domain they provide is a business website, but has very little info and only an unsubscribe page. Or some when you look up the address in Google maps it's always a residential address in a very rural area, the boonies.
For LET, any doubt, a refund may be easier. But for higher priced orders ask them for identify verification, photo id, or signature.
And finally, if your still in doubt, refund. Better to be safe than sorry.
Having such a low rate is heaven on earth, really... We are very strict and much more than .01% signups are so fake they dont even pass the automatic checks, some 5 times more after that i reject manually.
I had to learn the hard way, uncle too, originally he was very welcoming used with his business partners he mostly knew personally, he thought of quitting a few months after starting under the weight of abuse, but then he found me, which also signed up using a fake profile, but at least i used one of my "serious" ones, not some that police found later to be criminals, such as the goode ol` Abe Lincoln, the (not dead yet then) Michael Jackson and a few Jane Doe's. Obviously, the carabinieri were not happy with that and he had to hire someone to take care of this.
Half-assed (for lack of better term) simply does not work.
Either all-in (thus allow anonymous, expect abuse and either prevent it or have connections/legal representation/solid laws local) or strict filtering, anything else can only fail.
EDIT: to add personally as well; i did not run into your/his issue but did on the "other side" run into the legal problems and lack of connections/laws
Yes, we are using FraudLabs Pro.