Bitcoin Forum
December 15, 2024, 09:24:03 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Risk of BTC in Web Hosting Business  (Read 2925 times)
Mike Cameron (OP)
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
July 25, 2014, 05:36:43 AM
Last edit: August 05, 2014, 12:28:01 AM by Mike Cameron
 #1

My friend is in web hosting business accepting Bitcoin. There is an alarming level of customers using bitcoin spamming emails out from his servers. Due to the anonymous nature of BTC users, abuser signed in as another customers and continue the spam activities. Multiple servers have been taken down by network providers due to spamming activities.  Angry

I have been helping him to look for different ways to detect such users up-front during checkout. We are using FraudLabs Pro and it detects highly anonymous, blacklists and recurring abusers.

Are there other screening services we can use? Preferably with free plan like FraudLabs Pro.

Reference: http://www.fraudlabspro.com/tutorials/how-to-prevent-bitcoin-fraud
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
July 25, 2014, 05:50:20 AM
 #2

Ouch - yeah, I'm not sure I would provide anonymous hosting service.

They can pay with bitcoin but they sure as hell better provide some proof of their identity before I would let them have access to a system capable of spamming (or scamming) others.

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
July 25, 2014, 05:51:59 AM
 #3

Oh, btw, given how this appears to be your first post and you link to a service, I'm guessing you yourself are nothing but a spammer.

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
Mike Cameron (OP)
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
July 25, 2014, 05:57:06 AM
 #4

Oh, btw, given how this appears to be your first post and you link to a service, I'm guessing you yourself are nothing but a spammer.

I've removed the link if this is not acceptable.
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
July 25, 2014, 06:01:46 AM
 #5

Oh, btw, given how this appears to be your first post and you link to a service, I'm guessing you yourself are nothing but a spammer.

I've removed the link if this is not acceptable.

If you are advertising that service, there's a services section where it is perfectly fine.

If you are genuine I apologize, but it is just a really common marketing tactic to register at boards and "ask" about a service in order to drive traffic to it.

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
Mike Cameron (OP)
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
July 25, 2014, 06:06:32 AM
 #6

Ouch - yeah, I'm not sure I would provide anonymous hosting service.

They can pay with bitcoin but they sure as hell better provide some proof of their identity before I would let them have access to a system capable of spamming (or scamming) others.

In credit card transaction, we can use the ID to verify the card holder name. However, in BTC case, there is no way to confirm that the ID received is indeed the real user.
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
July 25, 2014, 06:13:41 AM
 #7

Ouch - yeah, I'm not sure I would provide anonymous hosting service.

They can pay with bitcoin but they sure as hell better provide some proof of their identity before I would let them have access to a system capable of spamming (or scamming) others.

In credit card transaction, we can use the ID to verify the card holder name. However, in BTC case, there is no way to confirm that the ID received is indeed the real user.

Yes, that is a problem for porn sites too. I have some ideas for a solution but I can't start working on it until I get home (I'm on vacation).

You can require credit card for sign up - and then accept bitcoin for payments after the fact.

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
ljudotina
Legendary
*
Offline Offline

Activity: 1260
Merit: 1029


View Profile
July 25, 2014, 07:58:00 AM
 #8

Asking for credit card just to accept Bitcoin is wrong way to do it. What your friend needs to do is limit outgoing traffic on his hosting machines and raise limit as customer is longer with him. There are anti spam mesures he can deploy (like max number of outgoing mails per minute etc.) that can help with this kind of situation big time.

Sheldor333
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


View Profile
July 25, 2014, 08:41:34 AM
 #9

I realize that is a bit problem, but I think he should update his ToS if he already hasn't to include those things and then get some way to detect when they do that, he should find out how other hosting companies do it, and kick those people out. Another way to limit is allow to buy hosting for at least a year, that way it is less likely someone will risk all that money being taken if they spam.

Hope he stays in business.

phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1001

Let the chips fall where they may.


View Profile WWW
July 25, 2014, 02:02:06 PM
 #10

I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.

Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).

Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.

Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
Meuh6879
Legendary
*
Offline Offline

Activity: 1512
Merit: 1012



View Profile
July 25, 2014, 02:06:45 PM
 #11

what a problem ?

- customer pay in bitcoin (no chargeback)
- customer kill the contract by spam
- server kill account of customer
- no chargeback

win/win  Grin
Mike Cameron (OP)
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
July 25, 2014, 02:42:10 PM
 #12

I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.

Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).

Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.

Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.

They are using free email address. We do receive email confirmation, but again the email addresses are disposable.
RichG
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile
July 25, 2014, 05:30:57 PM
 #13

I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.

Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).

Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.

Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.

They are using free email address. We do receive email confirmation, but again the email addresses are disposable.

Maybe you should require phone number verification via SMS or a phone call? Most legit customers have landlines and/or cell phones.
vit1988
Sr. Member
****
Offline Offline

Activity: 313
Merit: 250


i ♥ coinichiwa


View Profile WWW
July 25, 2014, 10:28:04 PM
 #14

I'm not an expert but isn't it possible to monitor/limit/shape/throttle outgoing mail traffic?

Panthers52
Hero Member
*****
Offline Offline

Activity: 675
Merit: 502


#SuperBowl50 #NFCchamps


View Profile WWW
July 26, 2014, 06:49:39 PM
 #15

Couldn't he just watch the IP addresses of the people who are logging in to he abuser's account?

PGP 827D2A60

Tired of annoying signature ads? Ad block for signatures
cutepuppy
Newbie
*
Offline Offline

Activity: 50
Merit: 0


View Profile
July 26, 2014, 08:51:40 PM
 #16

I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.

Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).

Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.

Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.

They are using free email address. We do receive email confirmation, but again the email addresses are disposable.

Maybe you should require phone number verification via SMS or a phone call? Most legit customers have landlines and/or cell phones.
This would be a very simply solution as it would prevent people from creating multiple accounts (there is no real reason for your customers to have multiple accounts as they could simply purchase additional capacity, likely at a discount).
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1617
Merit: 1012



View Profile
July 28, 2014, 02:30:07 AM
 #17

It is reasonable to disallow anonymous customers from using outgoing port 25 directly from his servers. If his customers want to send emails, he could provide them SMTP relay services (at additional cost) with some kind of cap to prevent spamming.
chogath
Newbie
*
Offline Offline

Activity: 54
Merit: 0


View Profile
July 29, 2014, 06:02:43 PM
 #18

This thread caught my attention, i was also looking to get one hosting with this one using BTC, thanks to it, i saved my time & money else something spam would have caught me up Sad
halfawake
Hero Member
*****
Offline Offline

Activity: 490
Merit: 500


View Profile
July 29, 2014, 09:44:59 PM
 #19

This would be a very simply solution as it would prevent people from creating multiple accounts (there is no real reason for your customers to have multiple accounts as they could simply purchase additional capacity, likely at a discount).

Technically, no, it wouldn't.  All the people would have to do is know about Google Voice and they can create another phone number.  Took me about five minutes to setup my GV account.

BTC: 13kJEpqhkW5MnQhWLvum7N5v8LbTAhzeWj
AcaciaTrading
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
July 30, 2014, 12:04:31 AM
 #20

My friend is in web hosting business accepting Bitcoin. There is an alarming level of customers using bitcoin spamming emails out from his servers. Due to the anonymous nature of BTC users, abuser signed in as another customers and continue the spam activities. Multiple servers have been taken down by network providers due to spamming activities.  Angry

I have been helping him to look for different ways to detect such users up-front during checkout. We are using FraudLabs Pro and it detects highly anonymous, blacklists and recurring abusers.

Are there other screening services we can use? Preferably with free plan like FraudLabs Pro.



Have you considered detecting spamming activity of existing users?  I know that some web hosts will suspend your account if you send too many emails from a server.

That way, you wouldn't need to worry about screening users - you can just stop them if they start sending tons of emails.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!