Quote:
Originally Posted by lezinterracial
Good luck. Could be the Home Depot dumps. Krebs was talking about dumps being sold. Do you block TOR and common proxy ips?
|
I had a good number of them blocked, but that has to be updated all the time and sadly, it's been awhile.
Right now my process is effective but time consuming, tedious and hard to be consistent with:
I look for multiple signups or attempted signups on a single IP address and then look to see if it's a shared IP like a cell phone tower, also if the referring affiliates are random that's usually no problem. If it's all the same guy that's another story. And once I know someone is a carder, then every IP they touch is suspicious and so is anyone else who's traffic comes from that IP, and any IP's that THEY use.
All the suspicious IP's get a lookup on Maxmind proxy detection, which is decent but will only catch maybe half or less. Then I look them up on whatismyipaddress.com, which IMO is way better, but limits the amount of queries per IP and there seems to be no way to buy the database. On whatismyipaddress I find many of these IP's are webhosts, where presumably some squid configuration, vpn or other such proxy service is installed. whatismyipaddress also lists recent spam sources, which many proxies do double duty as forum and mail spam sources, but not all.
When detecting fraud, few single indicators give a clear picture, but many taken together bring things into focus.