Mike Cameron (OP)
Newbie
Offline
Activity: 4
Merit: 0
|
|
July 25, 2014, 05:36:43 AM Last edit: August 05, 2014, 12:28:01 AM by Mike Cameron |
|
My friend is in web hosting business accepting Bitcoin. There is an alarming level of customers using bitcoin spamming emails out from his servers. Due to the anonymous nature of BTC users, abuser signed in as another customers and continue the spam activities. Multiple servers have been taken down by network providers due to spamming activities. I have been helping him to look for different ways to detect such users up-front during checkout. We are using FraudLabs Pro and it detects highly anonymous, blacklists and recurring abusers. Are there other screening services we can use? Preferably with free plan like FraudLabs Pro. Reference: http://www.fraudlabspro.com/tutorials/how-to-prevent-bitcoin-fraud
|
|
|
|
AliceWonder
|
|
July 25, 2014, 05:50:20 AM |
|
Ouch - yeah, I'm not sure I would provide anonymous hosting service.
They can pay with bitcoin but they sure as hell better provide some proof of their identity before I would let them have access to a system capable of spamming (or scamming) others.
|
|
|
|
AliceWonder
|
|
July 25, 2014, 05:51:59 AM |
|
Oh, btw, given how this appears to be your first post and you link to a service, I'm guessing you yourself are nothing but a spammer.
|
|
|
|
Mike Cameron (OP)
Newbie
Offline
Activity: 4
Merit: 0
|
|
July 25, 2014, 05:57:06 AM |
|
Oh, btw, given how this appears to be your first post and you link to a service, I'm guessing you yourself are nothing but a spammer.
I've removed the link if this is not acceptable.
|
|
|
|
AliceWonder
|
|
July 25, 2014, 06:01:46 AM |
|
Oh, btw, given how this appears to be your first post and you link to a service, I'm guessing you yourself are nothing but a spammer.
I've removed the link if this is not acceptable. If you are advertising that service, there's a services section where it is perfectly fine. If you are genuine I apologize, but it is just a really common marketing tactic to register at boards and "ask" about a service in order to drive traffic to it.
|
|
|
|
Mike Cameron (OP)
Newbie
Offline
Activity: 4
Merit: 0
|
|
July 25, 2014, 06:06:32 AM |
|
Ouch - yeah, I'm not sure I would provide anonymous hosting service.
They can pay with bitcoin but they sure as hell better provide some proof of their identity before I would let them have access to a system capable of spamming (or scamming) others.
In credit card transaction, we can use the ID to verify the card holder name. However, in BTC case, there is no way to confirm that the ID received is indeed the real user.
|
|
|
|
AliceWonder
|
|
July 25, 2014, 06:13:41 AM |
|
Ouch - yeah, I'm not sure I would provide anonymous hosting service.
They can pay with bitcoin but they sure as hell better provide some proof of their identity before I would let them have access to a system capable of spamming (or scamming) others.
In credit card transaction, we can use the ID to verify the card holder name. However, in BTC case, there is no way to confirm that the ID received is indeed the real user. Yes, that is a problem for porn sites too. I have some ideas for a solution but I can't start working on it until I get home (I'm on vacation). You can require credit card for sign up - and then accept bitcoin for payments after the fact.
|
|
|
|
ljudotina
Legendary
Offline
Activity: 1260
Merit: 1029
|
|
July 25, 2014, 07:58:00 AM |
|
Asking for credit card just to accept Bitcoin is wrong way to do it. What your friend needs to do is limit outgoing traffic on his hosting machines and raise limit as customer is longer with him. There are anti spam mesures he can deploy (like max number of outgoing mails per minute etc.) that can help with this kind of situation big time.
|
|
|
|
Sheldor333
|
|
July 25, 2014, 08:41:34 AM |
|
I realize that is a bit problem, but I think he should update his ToS if he already hasn't to include those things and then get some way to detect when they do that, he should find out how other hosting companies do it, and kick those people out. Another way to limit is allow to buy hosting for at least a year, that way it is less likely someone will risk all that money being taken if they spam.
Hope he stays in business.
|
|
|
|
phillipsjk
Legendary
Offline
Activity: 1008
Merit: 1001
Let the chips fall where they may.
|
|
July 25, 2014, 02:02:06 PM |
|
I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.
Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).
Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.
Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.
|
James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE 0A2F B3DE 81FF 7B9D 5160
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
July 25, 2014, 02:06:45 PM |
|
what a problem ? - customer pay in bitcoin (no chargeback) - customer kill the contract by spam - server kill account of customer - no chargeback win/win
|
|
|
|
Mike Cameron (OP)
Newbie
Offline
Activity: 4
Merit: 0
|
|
July 25, 2014, 02:42:10 PM |
|
I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.
Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).
Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.
Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.
They are using free email address. We do receive email confirmation, but again the email addresses are disposable.
|
|
|
|
RichG
|
|
July 25, 2014, 05:30:57 PM |
|
I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.
Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).
Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.
Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.
They are using free email address. We do receive email confirmation, but again the email addresses are disposable. Maybe you should require phone number verification via SMS or a phone call? Most legit customers have landlines and/or cell phones.
|
|
|
|
vit1988
|
|
July 25, 2014, 10:28:04 PM |
|
I'm not an expert but isn't it possible to monitor/limit/shape/throttle outgoing mail traffic?
|
|
|
|
Panthers52
|
|
July 26, 2014, 06:49:39 PM |
|
Couldn't he just watch the IP addresses of the people who are logging in to he abuser's account?
|
|
|
|
cutepuppy
Newbie
Offline
Activity: 50
Merit: 0
|
|
July 26, 2014, 08:51:40 PM |
|
I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.
Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).
Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.
Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.
They are using free email address. We do receive email confirmation, but again the email addresses are disposable. Maybe you should require phone number verification via SMS or a phone call? Most legit customers have landlines and/or cell phones. This would be a very simply solution as it would prevent people from creating multiple accounts (there is no real reason for your customers to have multiple accounts as they could simply purchase additional capacity, likely at a discount).
|
|
|
|
Soros Shorts
Donator
Legendary
Offline
Activity: 1617
Merit: 1012
|
|
July 28, 2014, 02:30:07 AM |
|
It is reasonable to disallow anonymous customers from using outgoing port 25 directly from his servers. If his customers want to send emails, he could provide them SMTP relay services (at additional cost) with some kind of cap to prevent spamming.
|
|
|
|
chogath
Newbie
Offline
Activity: 54
Merit: 0
|
|
July 29, 2014, 06:02:43 PM |
|
This thread caught my attention, i was also looking to get one hosting with this one using BTC, thanks to it, i saved my time & money else something spam would have caught me up
|
|
|
|
halfawake
|
|
July 29, 2014, 09:44:59 PM |
|
This would be a very simply solution as it would prevent people from creating multiple accounts (there is no real reason for your customers to have multiple accounts as they could simply purchase additional capacity, likely at a discount).
Technically, no, it wouldn't. All the people would have to do is know about Google Voice and they can create another phone number. Took me about five minutes to setup my GV account.
|
BTC: 13kJEpqhkW5MnQhWLvum7N5v8LbTAhzeWj
|
|
|
AcaciaTrading
Newbie
Offline
Activity: 9
Merit: 0
|
|
July 30, 2014, 12:04:31 AM |
|
My friend is in web hosting business accepting Bitcoin. There is an alarming level of customers using bitcoin spamming emails out from his servers. Due to the anonymous nature of BTC users, abuser signed in as another customers and continue the spam activities. Multiple servers have been taken down by network providers due to spamming activities. I have been helping him to look for different ways to detect such users up-front during checkout. We are using FraudLabs Pro and it detects highly anonymous, blacklists and recurring abusers. Are there other screening services we can use? Preferably with free plan like FraudLabs Pro. Have you considered detecting spamming activity of existing users? I know that some web hosts will suspend your account if you send too many emails from a server. That way, you wouldn't need to worry about screening users - you can just stop them if they start sending tons of emails.
|
|
|
|
|