On Mon, 23 Aug 2004 14:33:56 -0700, Brian Dunning <[EMAIL PROTECTED]> wrote: > The plot thickens. I added AVS *and* CVM to the site - and the Amex > orders are still going through. Amex ignores CVM, and the address was > correct, so the thieves must have gotten ahold of printed statements > that show the billing address. Any idea how to combat THAT? They are > using fake IP addresses now so I can't keep up by blocking IP's. > > Your clever ideas appreciated. >
"Fake"? There's always a real IP on the other end or you can't communicate with them. There *has* to be a way to get the real IP address. How are you doing it now? What makes you think it's fake? One thing nobody mentioned was a CAPTCHA. There's a new, simple, one in PEAR: http://pear.php.net/package/Text_CAPTCHA http://www.captcha.net/ I know they're annoying, but it could cut things down if they're automating this. You could also resort to the "create a login" method. Or even a "valid e-mail address" option if you really want to stop them. We implemented a nice one-step credit card, address, and login method on www.pnicorp.com. Go to the link below and click "Continue Checkout". http://www.pnicorp.com/pniCart/?addItem=60 -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
