On Tue, 24 Aug 2004 09:51:53 +0200, Markus Mayer <[EMAIL PROTECTED]> wrote: > It may well be that they're using anonymous proxies. I know of a couple that > spread the visiting IP addresses over a wide range of IP addresses, although > everything does make it back eventually. Also possible is that they are > using infected Windows machines and proxies. > > In the case of anonymous proxies, it should be possible to get the full range > of IP addresses from somewhere and block all access through anonymous proxies > - serious customers won't wast time going through such proxies, only people > who really have something to hide go through such proxies. In the case of > infected windows machines, you have a different problem because there are > millions of such machines which act as spam relays, virus distributors, ... > > Keeping in mind that you want to make sales on your site as easy as possible, > the best I can think of is to create a session cookie for the visitor which > contains their IP address and check that IP address against one that you have > stored locally for that session. If the IP address differs, blow the whistle > on that visitor. To conceal that you are checking their IP address, call the > cookie something like 'SaleID' or 'ItemID' and run the IP address through > md5sum to get an md5 checksum and use that instead of the IP address itself. > It wont get all of them, but it will make a difference, and make them have to > work harder to get around the security on your site. In a case like this, > you would also have to keep a database entry of what credit card number came > from what IP address. If that card tries and fails more than twice and comes > from different iP addresses every time, block that card number.
If you do "store the card number" you may want to store an md5 only. Storing credit card #'s is a huge liability risk. > > Does Amex keep an online database of stolen/disabled credit cards? Maybe > being able to query something like that in real time would be of advantage > (actually I think some idea like this was presented very early in the > thread). > > At the moment I don't have any other ideas. Hopefully what I've suggested > here helps. > > best regards > Markus > > > > On Monday 23 August 2004 23:33, Brian Dunning wrote: > > The plot thickens. I added AVS *and* CVM to the site - and the Amex > > orders are still going through. Amex ignores CVM, and the address was > > correct, so the thieves must have gotten ahold of printed statements > > that show the billing address. Any idea how to combat THAT? They are > > using fake IP addresses now so I can't keep up by blocking IP's. > > > > Your clever ideas appreciated. > -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php