I actually capture the IP addresses, the order number and the domains in a SQL database setup to reconcile purchases at the end of the day...i simply wrote a short perl module with a couple of routines that I insert at key places in reg_system.cgi and voila...$ENV(REMOTE_ADDR) is the correct CGI var to get the address from...
-bryanw HalfPriceNames Domain Registry http://www.halfpricenames.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robert Sent: Tuesday, November 06, 2001 3:08 PM To: Jeff Miller; [EMAIL PROTECTED] Subject: Re: Logging IP Address of Orders? I was beginning to think I had this problem to myself... I had a spate of fraudlent transactions over two months recently. It's costing me a _fortune_. I've thought of pulling the plug on online orders. What I make in valid transactions is being lost in chargeback fees and other bank fees on the dodgey transactions. The root of the problem is the banks. Or at least the CreditCard companies. Their joint policies of always deferring to the customer, rather than the merchant, ensures that even though a person is stupid enough to keep using their card after it has obviously been used in dodgey transactions doesn't lose out. I was informed by the Merchant Service that the only time I can query a chargeback, is if I have a signed imprinter slip in my hand. Which means any and all online, phone, or other electoninc (non-signed) transactions can be reclaimed, and there is nothing the seller can do about it. To make matters worse - there seems to be no time limit. If someone sees a transaction six months laterthen they can still do a chargeback. valid reasons or not! I had a person phone me at 2am from Texas the other night, complaining that two transactions had been done on his card by my company - he had "tracked me down over the internet". I explained to him that I had no idea who he was, and that what had actually happened was that even though he micht still have his credit card in hei hot little hand - the details had been stolen. Probably from a handfull of restaurant imprinter slips, and it was being used that way. What he should do is cancel his card to stop all the other transactions. Probably too late, I've no doubt his account had been cleaned out. What I did do then was look through the server logs, and found the IP of the offending transaction - and all the others. All from Jakata. So what can you do. It seems we - any shopkeeper - are the ones who have to cover the MerchantCard companies from losses. We will get nowhere until that can be fixed. Sorry for the rant - I'm really annoyed by the attitude of the banks to this. They are making profits even from dodgey transactions. As to your problem of capturing the IP address. I'll have a look at it now. I'll post it to this list if I find something out.... bob > I just finished setting everything up on my account and was wondering if > there is a way to log the IP address of every order submitted. > > I've been doing web hosting for over three years and about 60% of the orders > I receive are fraud. The easiest way to tell is to take the IP address off > the order and do a Traceroute using VisualRoute. It will show you where the > order was placed from. Most of the time the fraudulant orders I receive > have all the correct info of a US resident, name, address, telephone number. > When I see the order was placed in Russia, Indonesia, Malaysia, etc. I > delete it. > > Back when I first started web hosting I didn't think about getting orders > with stolen credit card numbers. This ended up costing me over a thousand > dollars due having to pay my web host and the $25 chargeback fees. > > > Is there some way to log the IP address of orders? I don't even want to > think about accepting any domain orders until this is possible. > > > Jeff > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > >
