lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 10 Jun 2011 02:40:16 +0300
From: nix@...roxylists.com
To: fulldisc@....hu
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: (no subject)

> HELo tor.hu
> MAIL FROM:<fulldisc@....hu>
> RCPT TO:<full-disclosure@...ts.grok.org.uk>
> DATA
> From: "TOR" <fulldisc@....hu>
> To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk>
> Subject: Re: [Full-disclosure] NiX API
>
>
>> However though, any merchant that accepts purchases from user's behind
>> proxies
>> or other anonymizer's is taking a siginificant risk.
>
>
> You don't just block anonymizers: you block webhosting providers, server
> hostings, hosts based on proxy HTTP headers, TOR, etc.
> According to the stats on your control panel (number of subnets vs number
> of IP's) you seem to prefer to just put the whole /24 on block when you
> notice a new 'suspicious' IP.
> In the end, I think you are blocking a lot more potential customers than
> fraudsters.
> By the way, we do something similar here (we have an extensive list of
> throwaway mail providers, we collect proxies, etc), only we use these
> lists to block people from getting free VPN access through proxies, not
> customers who are willing to pay. Doing the latter would reduce our
> revenue by at least 50%.

I investigated all transactions that paypal reversed due to the
chargebacks or unauthorized account use. Guess what?

A majority of those IP's originated from the blocked hosting provider
IP-address ranges or from open proxies that our system could not detect at
that time (for example botnet proxies are bitch to detect due to various
reasons). Im not saying our system is 100% and unbreachable but I do know
it does give you reasonable protection to address this issue.

We're verifying very carefully those hosting providers ranges before we
add any to the blacklist. I don't go in to details on how we do it but I
can assure you we have very effective way to detect who is a hosting
provider or not. Needless to say, this is very hard work.

Why we're blocking hosting providers? Lets mention two big names, godaddy
and softlayer. Have you ever heard about a web-proxy? All these thousands
of daily freely accessible web proxies by whole world are hosted of course
in hosting providers datacenters for obvious reasons. They attract a lot
of legit users and also abusers. We can also add those hundreds or
thousands of hacked dedicated servers as well to this list that are being
used for scraping, hacking attempts, brute forcing and so on.

** You've the option to choose will you block those hosting providers or
not. ** It does not block anything automatilly unless you configure it to
block something. We leave this decision to you what to block or allow.

Im happy to hear you're using similar technology. You've just said
yourself why you do want to block proxy users.

>
>
>> Guess what will happend to that merchant? They are frustrated while
>> answering unauthorized paypal claims. If this purchase was done using a
>> stolen credit card, PayPal will charge this merchant for outrageous fees
>
>
> I agree that Paypal's charges are outrageous (for example, 3 EUR purchase
> -> 30 EUR fees for the chargeback, regardless of whether we accepted or
> disputed it).
> For us, what helped the situation in the end was focusing on user data
> consistency, immediately refunding suspicious purchases from China and so
> on, not the IP's.
> We've gotten chargebacks from regular ppp pools in China and have many
> satisfied returning customers who are using proxies or just some network
> that is natted behind a server in a server hosting.
> It doesn't mean they are trying to be anonymous, it just means their
> network works like that. For example, it is typical for a wi-fi provider
> to NAT users on their server in a server hosting (that you probably block
> as a /24 subnet), but they're still potential customers of any online
> shop, not just our VPN.
>
>
>> wondered why they could not login using the proxy, I said, remove the
>> proxy and try again and then do purchase. They did.
>
>
> Some people might be more patient and write emails about how they cannot
> make a purchase, but most will just find another place.

This is true indeed. But if you would have 50 fraudulent purchases in a
short period. What would you do? You sell TV's. Someone will order a $2500
nice new TV from your online shop. OK, you go and check this client IP,
it's a proxy or Tor exit node. Will you deliver this TV instantly to this
customer? I don't think so. If you accept PayPal. Paypal will charge you a
4% reversal fee from that 2.5k which is $100 bucks is the payment happened
to be fraudulent. So you've just lost 2,6k.

At this point you start thinking will you stop using PayPal and if you do
so, prepare to lose even more renevue because they are the most popular
payment gateway. OK, you've stopped using PayPal and another gateway.
You'll still have the same issue and risk. Of course those gateways have
some sort of security, but there are hundreds of daily proxies from public
lists that can bybass any payment gateway ...

How many times I have to say this?

>
>
>> "You're a legit user --> Why in earth you would like to use a proxy or
>> or anonymizer to do the purchase?"
>
> Torrents, general privacy, HTTP connection to my websites, etc. I use
> TorVPN 24/7, make payments through Paypal and with my credit card as well
> from this IP without any problems.
>

Im happy to hear it works out to you. A few days ago, i received an email
from https://www.proxpn.com/ admin that he suspended fraudulent user VPN
account due to the abuse. A fraudster used a stolen credit card using
their VPN to purchase a service from us. Needless to say, their CIDR's has
been also added to this list.


>
> https://torvpn.com/
> http://torvpn.com/temporaryemail.html
> http://torvpn.com/proxylist.html
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ