any site owner saw this happen (ccbill related)?
 

So, earlier today I had an influx of aprox 20 new signups within 45 minutes
Needless to say, that isn't an expected volume, at least not for me.

Most sales were big ones (single purchase, 180 days, 100$), which was even more weird.
Upon further investigation, they were all coming from fake mails (those temp mail providers) and ccbill support said they all have the same password.

All sales were purchases via "checks"


I deleted them all and ticket is made within ccbill risk department.
I also temporarily disabled checks purchases all together.

My site uses two step process (you sign up at the script itself then you click pay and go to ccbill form). I still see the hacker (probably script) is trying something with no luck because new members (without paying) is off the charts, like 1 new every minute or so.


Anyone had that level of fraud or whatever happen to him?

No affiliate tagged on to the sales? Just straight up fraudulent transactions?

Yep, nothing affiliate related. Just dummy emails with fraudulent check transactions.

I wonder if they were testing the checking accounts to see if they worked, so that they can then go use the checking account for something they actually care about.

Hmm, maybe..

I'm having those check frauds for several months now, but it is usually like 1 per week so I didn't give it much attention.

However, this thing today is definitely done through some script. I blocked all sales via checks and no new fraud sales are coming in but I see in my script that hack is still "running". I'm getting one new member and new denial mail from ccbill almost every few minutes.

I haven't had the checks option turned on in years so no issues on my sites. Every check I ever got always bounced :1orglaugh

The checks option is the worst and I would do away with it altogether. People may use the check option but since checks take so long to hit their account, then hit the CCBill account, by the time they do the buyer has an overdraft resulting in a bounced check/chargeback.

Not worth it. Only broke-ass losers use online checks for fuck's sake. I don't even know how to use one if I wanted to! LOL

This is hilarious..

I just got this mail from (supposedly) Mohammed something:

Hi
I just want to use other payment methods like sepa or check
Can you add them? so i can be a memeber of your Amazing website

I'm guessing he is the one behind trying to get free access with this wild check fraud thing and through some insane spammy script that uses multiple mails, IPs and what not... insane.

Who the fuck goes through so much trouble to get free access to a porn site with membership starting at 29.95... crazy

A porn tube site owner

Yes, i´ve had this kind of fraud happen once, last year.

A new affiliate joined, sent me 10 sales all within an hour or so and within a week, they were chargebacks...


sad news when you get assholes wanting to make a quick buck and ruin the respect between webmasters & programs :(

that one is easy to understand, an affiliate trying to get a payout through fraud

my situation had no affiliate id attached to it, just fraud sales, by the looks of it - to gain access to the site, as simple as that.. insane

He's probably still on dialup too.
Was the email from an America Online address?

:1orglaugh:1orglaugh:1orglaugh

Thread title says "ccbil related" and specifically notes in the post it is not about affiliate fraud, still, here comes piss-ant-gary-the-cock and talks schmuck out of his ass on a totally unrelated subject, being on a different biller and all.

Actually, quite the contrary...

Definitely seems like some pretty advanced script is used, automatic:

1. random IPs from all over the world
2. random mails from all kinds of places for registration, from those temporary mails all the way to gmail and such
3. every few minutes one signup on my script and then one hit on ccbill signup form
4. random usernames
5. SAME password on all successful transactions, which proves it is one person's doing.. for whatever the purpose


Funnily enough, seems like the hacker is gone for the weekend because his script is still running but producing only free memberships on my site, because ccbill checks are now disabled.

Pretty awkward really..

I know CCBill Support sucks these days (outsourced to some Middle Eastern country) but CCBill should have a setting on their merchant account to disable the burst signup script. It's usually a fraud protection setting. Being the weekend there's probably nobody IN at CCBill right now so you will have to wait til Monday. Contact your personal Rep and ask them to connect you to the Fraud Dept. (Don't go through Support as they will ask endlessly annoying questions before telling you they can't transfer you lol.)

It's now CCBill's responsibility to stop this craziness - and to NOT penalize your account in any way. Good luck man!! :)

They may be testing stolen accounts to see if they can buy other stuff.

Just a note to paysite owners - when you see something like this and it is through an affiliate, they may have nothing to do with it.

I've seen this happen, fraudsters using our site to pick websites to join. Stolen CCs, some kind of check signups, and European bank accounts for doing direct debit signups I believe. (Guessing based on the join emails that show the country and the biller sometimes). They use proxies from all around the world. Many joins in a row. Then lots of chargebacks a few days later. :-(

Why they join through affiliate links sometimes I still don't understand. Maybe that's where they find the best sites to join, or it makes the joins seem more legitimate, or in some cases, they do it to get a discount.

It's also interesting that they often get 1 year memberships, making me think that the fraudsters might sell these passwords on the black market. Just guessing really - if anyone knows, it would be good to know.

It's basically impossible for affiliates to filter these out, as they get minimal info about the joins and don't really have the tools to fight the scammers using their join links.

Anyway, my point is - if you see an affiliate sending such fraud joins, be prudent, and check their history etc. If it's an affiliate who has been 100% legit in the past, then out of the blue had a bunch of chargebacks - then probably the affiliate is a victim too.

They were getting the biggest (6 months) memberships on my site too, but not through affiliate code.

However, I was thinking the same, perhaps they are trying to sell them on some forum or something for like 10$ or bitcoin or something such... no idea.