1. Black Hawk Online Games –
Groups
Black Hawk Online Games has your back covered
when it comes to online gaming -- from all sorts of
multi-player online games to offline ones. Our
constantly updated Blog features game reviews,
console updates and latest installments (and cheats,
when we feel extra generous).
3. Recent Post by Black Hawk Reviews - Online
http://www.facebook.com/notes/henrich-fritz/how-hosting-providers-
can-battle-fraudulent-sign-ups/233169273476251
How hosting providers can battle fraudulent sign-ups
Hosting providers are increasingly asking Spamhaus how they can
prevent so-called "fraudulent sign-ups" -- new customers whose
only intention is to spam, host malware, host botnet controllers, or
engage in other activities that are forbidden by the hosting
provider's acceptable use policy (AUP). Such customers normally
target cheap VPS and cloud hosting with automated sign-up
procedures. These customers know that their accounts will be
terminated swiftly when the host becomes aware of their activities,
so they usually use stolen credit cards or compromised Paypal
accounts to obtain service. This allows them to hide their real
identities and avoid spending their own funds.
4. Spamhaus has received several independent reports from hosting
providers that the volume of such fraudulent sign-ups has increased
dramatically in the past few months. Some hosting providers report
that 50% of all new subscriptions are fraudulent -- every second
subscription. No hosting company is immune, neither small local
operations nor large multinational hosting firms with data centers
on several continents.
While Spamhaus' mission is to protect internet users and
organizations from spam and other cyber-threats, we lack the
resources and time to act as an abuse reporting service (FBL -
Feedback Loop) or a consulting company. However, we would like
to do what we can to help. This article provides some tips to help
hosting providers prevent fraudulent sign-ups and increase the
detection rate for such sign-ups. These tips are not a solution, but
should help mitigate the damage and administrative costs caused by
criminals.
5. Verify User Information
First, create and implement a verification mechanism for automated
sign-ups. It should verify at least some personal information from
new subscriptions. For example:
Customer email address (by sending an email with a
confirmation link)
Customer phone number (for a mobile, by sending an SMS with
a confirmation code, or for a land line, by making a verification
phone call)
6. If you are unable to verify any of this information, place the
account on hold until the customer contacts you and you can verify
their identity by other means. If a criminal must provide an email
address or telephone number that he answers, he must either risk
identifying himself to you or move on to a less vigilant provider.
You can also block subscriptions from customers who use phone
numbers previously used in a fraudulent sign-up. While it is easy to
compromise an email account, it is more difficult to compromise a
phone number assigned to another person.
Blacklist Abusive Customers
Maintain a blacklist of the names, postal addresses, telephone and
mobile numbers, and email addresses of customers who have
violated your AUP, and check the blacklist for every subscription.
Do not allow blacklisted customers or those using the same
information to sign up for service with you again.
7. Include some or all of the following types of information on the
blacklist:
First name
Last name
Postal address
Phone number
Mobile number
Email address
PayPal, Webmoney, etc. payment service data
IP address used to sign up
Browser (User-Agent)
Blacklisted customers often try to sign up for service again under a
new name and postal address, but frequently do not change the
email address and often attempt to sign up from the same IP
address. By using a blacklist, you can detect such sign-ups.
8. Have a strong Acceptable Use Policy (AUP) or Terms of Service
(ToS)
A key point in fighting abuse and fraudulent customers on your
network is to implement a strong Acceptable Use Policy, also
known as Terms of Service. If you are in the hosting business, it is
vital to have an AUP. Without one, you leave yourself open to legal
threats when you terminate services to abusive customers or refuse
to allow a previously terminated customer to sign up again.
Spammers specifically seek out hosts with weak AUPs, or hosts
who are known to be lax on spam/security issues. Lack of an
effective AUP permits them to abuse your network and then
threaten to sue when you terminate their service.
9. Several hosts have excellent AUPs which, among other measures,
allow the ISP to terminate a customer account upon receiving an
SBL notification from Spamhaus. In addition, hosts that state
clearly on their corporate web sites that they will fully cooperate
with law enforcement and private anti-spam and security
companies such as Spamhaus when their AUP is violated,
discourage abusers from signing up in the first place.
To help hosts revise or implement their AUPs, Spamhaus has set up
a small tool:
AUP Document Builder
You can use this tool to create or revise an AUP for your company.
10. Active Netflow / Traffic Monitoring
We have seen some cases where it is nearly impossible to
determine that a customer is fraudulent when they sign up. In such
cases, you may be able to detect the abuse after they sign up but
before you get feedback reports from third parties such as
Spamcop, Spamhaus or other security firms. You do this by
actively monitoring network traffic for patterns that do not
normally occur with legitimate use, but often occur when a user is
spamming, hosting malware, or running a botnet from your
network.
For example, spammers and malware hosts frequently use a VPN
to forward traffic from their permanent, back-end locations on your
server to botnet or snowshoe spam cannons or web proxies on a
compromised server.
11. They use stolen personal data obtained from an infected computer,
or even the computer itself, to sign up. As soon as Spamhaus
detects and reports abuse, the host terminates the account, but the
spammer just signs up again using a different (stolen) identity.
Often there is one constant amidst the changed identities: the VPN
end node (back-end)! A host that monitors network traffic for
connections to known blackhat VPN nodes can detect abusers
quickly and prevent them from profiting from their abuse.
Customer IP address verification
When a new customer signs-up, you should check the IP address
that they use against a number of blocklists, and either not accept
or not activate any subscription that originates from an IP address
that is listed on the Spamhaus SBL or XBL.
13. Use Spamhaus DROP/EDROP to filter bad traffic
A significant number of malware hosting sites and botnet control
sites are in fact proxy nodes, forwarding traffic to a back-end
server. These back-end servers are often hosted on rogue networks
that are already listed on one of the Spamhaus Don't Route Or Peer
Lists (DROP/EDROP). You can prevent these criminals from
abusing your network by implementing DROP and EDROP on
your network routers, and then denying all traffic from or to those
listed IP addresses. The text-version of these lists is available free-
of-charge. Spamhaus also offers a BGP feed (BGPf) for an annual
fee.
15. Geo-specific customer handling
Frequently, small or medium sized hosting providers accept
business from foreign customers without any limitation. Such
providers are likely to be overwhelmed with fraudulent sign-ups,
especially when they open for business or add a new VPS or cloud
service. Criminals want to test how good or bad your abuse
handling is. So -- before you start accepting business from foreign
customers -- please be sure that you have sufficient abuse expertise
and resources to deal with the increase in fraudulent sign-ups. If
you deal with the initial spate of sign-ups quickly and effectively,
before long the criminals will give up on you and move to a less
prepared and knowledgeable service provider.
16. While many companies offer hosting with monthly billing, you
might want to require foreign customers, especially customers from
countries with high rates of online fraud and abuse, to sign up and
pay for at least 6-months of service. If you also require a payment
method that is not easily reversible for the first payment (such as
wired funds or a cleared check), cybercriminals will usually avoid
you. They do not want to pay for six months of service when they
know that you will terminate their accounts as soon as you realize
what they are doing.
In extreme cases, you might also demand a scanned copy of a
customer's passport. Several ISPs are requiring that for a few
countries that have extremely high rates of fraud and abuse.
However, be aware that some cybercriminals actually use stolen
and forged documents to circumvent such security checks.
17. Abuse Desk Response Time
While one part of a hosts responsibility is to keep cybercriminals
away, the second part is to react quickly to abuse that gets past
preventive measures. An understaffed and overwhelmed abuse desk
will make your service attractive to cybercriminals. Hosts should
null-route a customer's IP address upon a credible report of spam,
malware hosting, or botnet activity until they can contact the
customer and find out what happened. In cases of fraudulent sign-up,
the customer usually will not respond to emails or return phone calls.
If you make sure that your AUP or ToS allows you to suspend a user's
access and null-route traffic upon credible reports of abuse, you will
not risk legal action because you shut down an abuser. Simply state in
your AUP/ToS that you reserve the right to null route the customer's
IP address if you get credible abuse reports (e.g. botnet hosting,
spammer sites, malware DNS etc).
18. Outsourcing fraud checks
Some hosts do not have the time or resources to implement anti-fraud
checks into their systems. There are companies that offer services that
are specifically aimed towards these hosts. Spamhaus cannot endorse
a specific service, but we strongly recommend using these if you're
overwhelmed by criminals seeking hosting on your network.
19. Conclusion
While it takes effort to keep cybercriminals away from your
network, it takes even more effort to deal with the effects when you
ignore abuse and abusers then flock to your network. It requires
considerably more resources (human and financial) to stop abuse
on a network after having ignored abuse issues. It will also cost
more, partly because the "business" that abusers bring to your
network is short-lived and they usually pay by using stolen credit
cards or other fraudulent means, and partly because cleaning up a
poor reputation takes time during which legitimate paying
customers may avoid your network. To avoid this situation, you
must find a good balance between abuse prevention and abuse
handling.