homepage Welcome to WebmasterWorld Guest from 54.205.241.107
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

This 32 message thread spans 2 pages: 32 ( [1] 2 > >     
How can I block African (Nigerian) traffic from my site?
tomld2

10+ Year Member



 
Msg#: 3091 posted 6:10 pm on Nov 19, 2004 (gmt 0)

I am so fed up with these darn African fraudsters. Not only do they order and try to get stuff shipped to them, but they order using the stolen credit cards real address just to be annoying. I've had up to $5,000 in fraudelant orders in a single day.

Is it possible to block african traffic by IP? What's it called, Geo Targetting or something? What's a good company that offers this?

 

FraudAdvisor

10+ Year Member



 
Msg#: 3091 posted 6:35 pm on Nov 19, 2004 (gmt 0)

Hi Tomld2

There are stacks of perl and php scripts with GeoLocator dbs to be attached (for a price) out there - try Google.

With specific regard to your problem one simple solution would be don't ship where the billing address is not even on the same continent as the shipping address ;)

IMHO IP blocking has limited use other than removing casual fraudsters... the heavies know how to on-ramp via a local provider to make it seem they are connecting from a local IP range.

The devil is in the ship-to address. If you're selling anything remotely desirable to poorer countries (from experience auto parts, printer toner cartridges, PC's or PC kit) then you may want to consider a "delivery only to validated addresses" caveat on your order page and use Bank AVS and/or third party scoring to help you make a decision.

Hope this helps

Voxman

10+ Year Member



 
Msg#: 3091 posted 7:06 pm on Nov 19, 2004 (gmt 0)

Here's what we did. In our shopping cart we removed offending countries like Nigeria so there was no way they could order.

Hope this helps

uncle_bob

10+ Year Member



 
Msg#: 3091 posted 7:09 pm on Nov 19, 2004 (gmt 0)

Wow Voxman, that is such a simple solution, yet so effective. Sometimes reading this board really highlights what a bright bunch you all are.

luckychucky

10+ Year Member



 
Msg#: 3091 posted 7:29 pm on Nov 19, 2004 (gmt 0)

We did that too. Works like a charm.
On rare occasions we'll get a dim Nigerian who still tries, and the city and country come in as 'Lagos, Sweden'.
lol

jsinger

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3091 posted 7:32 pm on Nov 19, 2004 (gmt 0)

We never had Nigeria on our ship-to drop down form. Still, occasionally we get orders to be shipped to "Lagos, Nebraska" or the like. Hard to stop them.

Only problem is that those huge fraudulent orders sometimes mess up our stats program.

Otherwise I kind of like 'em. I know that some of our competitors DO fall for those obvious scams.

tomld2

10+ Year Member



 
Msg#: 3091 posted 11:01 pm on Nov 19, 2004 (gmt 0)

No you guys aren't understanding me. I don't ship to any suspicious countries. But they still are ordering with addresses such as...

Jerjhe JKHJKH
jdfhdjh jkhkjh
jhkjhkj, CA 99999

Or even the stolen card owners real USA address. They are doing this for no reason other than to be annoying. I wish I could see these people face to face to end it real quick.

The only IP service company I found was quovo. Any ideas? I have IP ranges of these fraudsters.

jsinger

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3091 posted 5:49 am on Nov 20, 2004 (gmt 0)

We get some fraudulent orders from Nigeria to be shipped to real addresses in the U.S. In some cases the Nigerian will attempt to have UPS reroute the shipment in transit to another address. These are pretty obvious because the orders are always huge.

Why kind of cart are you using? Perhaps they are testing it. I really doubt they are playing games merely to bother you.

I do know that Nigerians will "mark" bulletin boards with code phrases to indicate they have "harvested" the email addresses on the board. They want other Nigerian fraudsters to stay away. Those emails are used in Nigerian Letter Scams.

hfwd

10+ Year Member



 
Msg#: 3091 posted 6:38 am on Nov 20, 2004 (gmt 0)

Ah, this jogs a memory - we had an order that went through fine without a warning flag: billing address match, zip code match the whole deal. It was to be shipped to another address, but it was a valid US address - so no problem there.

Then a couple of months later, the real cardholder charged it back - it was a stolen card. No wonder the billing address was okay.

Here's the rub: the ship to address was a mail-forwarder business. They receive packages and send them out again. I don't remember the name of the business, but their website claim that many of their customers live abroad and would like to be able to get packages in the US.

Wonder how many of their customers are scammers...

jsinger

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3091 posted 6:54 am on Nov 20, 2004 (gmt 0)

The subject of freight forwarders has come up several times here. There are many of them in major port cities, especially Miami. Usually you can determine whether it is a forwarder by searching for the address in Google. Many forwarders have websites. I'm not an expert on their riskiness, but I know that they are often used for legitimate reasons. It's a tough call.

boxrec

10+ Year Member



 
Msg#: 3091 posted 10:36 pm on Nov 22, 2004 (gmt 0)

You can block access from entire countries quite easily using the FREE maxmind geoip download.

Install mod_geoip and configure your httpd.conf (or .htaccess) with :-

GeoIPEnable On
GeoIPDBFile /path/to/GeoIP.dat

#To block Nigeria
SetEnvIf GEOIP_COUNTRY_CODE NG BlockCountry
Deny from env=BlockCountry

tomld2

10+ Year Member



 
Msg#: 3091 posted 7:58 pm on Nov 30, 2004 (gmt 0)

Does anyone know if the IP database offered by [ip2location.com...] is highly accurate? I want to make sure I wont be blocking any legit traffic by using it. Anyone know?

Rubylily

10+ Year Member



 
Msg#: 3091 posted 10:26 am on Dec 1, 2004 (gmt 0)

No you guys aren't understanding me. I don't ship to any suspicious countries. But they still are ordering with addresses such as...

Jerjhe JKHJKH
jdfhdjh jkhkjh
jhkjhkj, CA 99999

Have exactly the same problem every week, drives me nuts. Nearly all the IPs resolve to Lagos, funnily enough...

topr8

WebmasterWorld Senior Member topr8 us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3091 posted 10:49 am on Dec 1, 2004 (gmt 0)

i suspect they are just testing how your cart works, going through the checkout process to see how the pages fit together, that kind of thing, there could be all kinds of reasons to do this - they could be trying to inject sql code to try and bypass your filters or run queries on your database.

one of the main guards against fraud (in any country) is that if an order seems too good to be true, then it probably is.

Rubylily

10+ Year Member



 
Msg#: 3091 posted 12:36 pm on Dec 1, 2004 (gmt 0)

You could be right topr8, which is not a pleasant thought, although I have always assumed they are testing card numbers.

martyt

10+ Year Member



 
Msg#: 3091 posted 7:12 pm on Dec 2, 2004 (gmt 0)

My hosting provider will block ranges of IP addresses for me. I nuked most of China about a year ago because of some really obnoxious activity on the web site (not necessarily fraudulent orders).

The danger is that you *might* end up blocking more than you intended, but it's a minor price to pay. I can't imagine any reason someone in Nigeria needs to even *see* my web site, let alone place an order on it.

Voxman

10+ Year Member



 
Msg#: 3091 posted 8:03 am on Dec 7, 2004 (gmt 0)

As for China...I bet that it was hacking attemps which we figured a much better way of thwarting..but I can't for obvous reason publicize how it was done...company secret..It's an awfully big market to just ignore...

Voxman

10+ Year Member



 
Msg#: 3091 posted 8:05 am on Dec 7, 2004 (gmt 0)

Testing card numbers and sometimes a competitor just testing your cart system. For the former... batch don't go live to the bank...for the latter...nothing you can do...I mean you test your competitors systems don't you? Lol

luckychucky

10+ Year Member



 
Msg#: 3091 posted 4:16 pm on Jan 7, 2005 (gmt 0)

This just in for your amusement- I just received this eMail and I find it so absurd from the getgo, I simply had to share, as one of the more ridiculous examples of the genre. I can't believe he expects it to have even the slightest chance of success. Good for a larf anyway:
<<
Dear Sales,
Am intrested in buy some items in your store,but i want to confirm if you ship international by credit card.In the maintime i will like to know if you are going to ship to my warehouse,Pls send me your website so i can order for the items am really intrested in so you can send me total cost plus shippment to my warehouse.
plot 22,o____ street
off l____ access road,
mushin,
lagos state,
west africa 23401
am looking forward to read from you soon
Larry
>>

netscan

10+ Year Member



 
Msg#: 3091 posted 4:25 pm on Jan 7, 2005 (gmt 0)

LOL! You must have a really hot product for him to want to buy a large quantity sight unseen and having no idea what it actually is!

That's classic!

luckychucky

10+ Year Member



 
Msg#: 3091 posted 8:09 pm on Jan 7, 2005 (gmt 0)

The big mystery is why all this fraud originates primarily out of Nigeria. Why not Mali? Why not Chad? Why not Burkina Faso, Madagascar, Somalia or Equitorial Guinea? I mean, did a foresighted Nigerian government embark upon a 5-year plan to make Internet fraud the national enterprise and dominate the field? Did they grant scholarships to all the top Nigerian universities to offer advanced degrees in (inept) online fraud, or what?

StickyNote

5+ Year Member



 
Msg#: 3091 posted 7:11 am on Jan 9, 2005 (gmt 0)

luckychucky, I received a very similar email this week, fortunately I was on my game that day and did not sent my entire stock to the emailers warehouse hoping he would pay me upon receipt. ;)

sleepy_eye

10+ Year Member



 
Msg#: 3091 posted 12:01 pm on Jan 10, 2005 (gmt 0)

We get lots of orders from Nigeria and Indonesia too. Very irritating.
What we did was 3 things.

First have the data base from Geo targeting redirect any one from a list of chosen countries sent to a page on our site which says our site is down. This way they will think something is wrong with our site and not come back. It seems to work as there is less trafic now from those countires.

Second, when we prosses an order, all the info from Geo Targeting is included in the order. This way we can reject the order if a few fraudsters have sliped by. Also since we ship world wide, its nice to compare if the countries are correct. Example, an order from Sweden but comes from Peru. In that case of course we don't ship.
Lastly, from the 'submit a question' boxes on our site, the Geo Targeting info is included. So if someone asks a question about a product on our site and they are from Indonesia, we know not to reply.
Hope that helps

tomld2

10+ Year Member



 
Msg#: 3091 posted 8:07 pm on Jan 13, 2005 (gmt 0)

We did exactly what Sleepy said there. I bought the IP geo DB from ip2location and send all traffic from offending countries to a mock 404 page. Works like a charm. Still not perfect, but highly effective. The countries we block are...

Nigeria
Ghana
Ukraine
Indonesia
Yugoslavia
Lithuania
Egypt
Romania
Bulgaria
Turkey
Russia
Pakistan
Malaysia
Morrocco

otc_cmnn

10+ Year Member



 
Msg#: 3091 posted 10:32 pm on Jan 17, 2005 (gmt 0)

We do the same using the ip2location db (which we are happy with accuracy of) except instead of a 404 we redirect all Nigerian traffic the the FBI's Internet Fraud Complaint Center, just for fun.
[ifccfbi.gov...]

sleepy_eye

10+ Year Member



 
Msg#: 3091 posted 9:21 am on Jan 24, 2005 (gmt 0)

Glad to see other people using the same exmaple.

bears5122

10+ Year Member



 
Msg#: 3091 posted 3:53 pm on Jan 24, 2005 (gmt 0)

Why Nigeria? I'll give you a little background:

Nigeria boasts one of the most corrupt governments in the world. With this, and other economic factors, they are debt ridden and many people are unemployed or make very little.

This is what makes theft such a lucrative industry. Not to mention that Nigeria has one of the more profitible black markets for items purchased from the US. It is believed that 70% of all imports into Nigeria is done so illegally.

There is also nothing that can stop any of this from taking place. Although the government has claimed to hammer down on such crimes, there is little enforcement. Those that are enforced receive a slap on the wrist and never result in jail time.

Blocking IPs won't stop this completely. They are smart enough to nab credit cards, and they are smart enough to switch IP addresses. They will typically place 3-4 orders at once from multiple IP addresses around the globe.

The best security is a solid verification system. Besides basic address verification, throw up flags for individuals making large orders, originating from free e-mail address, suspect vowel count, and anything else suspicious.

These should be followed up with phone calls, and you'll find 99% of these orders will have fake phone numbers attached.

desertjedi

5+ Year Member



 
Msg#: 3091 posted 8:13 pm on Jan 24, 2005 (gmt 0)

Yes, in Nigeria, you can get a associates or bachelors in E-con-merce. ;)

In the past, we've had alot of trouble with Nigerian orders. We've had many an order from Lagos, Sweden. But we purchased an annual service from StoreIQ to block a list of countries that we specify. Haven't had a single Nigerian order since. Plenty of scam e-mails though. I have a Yahoo store so it was easier for me to have someone else take care of this.

We haven't been hit with the freight forwarder as ship-to scam yet. But we don't deal in expensive or hard goods either. Can't see them going to too much trouble for a pretty woman's shirt. Actually, it's extremely rare that anyone orders more than one of an item. Any more than that and we get the "fraud sniffer" out.

[edited by: lorax at 9:17 pm (utc) on Jan. 24, 2005]
[edit reason] generalized biz name [/edit]

lorax

WebmasterWorld Administrator lorax us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3091 posted 9:16 pm on Jan 24, 2005 (gmt 0)

Welcome to WebmasterWorld desertjedi!

seunosewa

10+ Year Member



 
Msg#: 3091 posted 11:52 pm on Jan 24, 2005 (gmt 0)

"he big mystery is why all this fraud originates primarily out of Nigeria. Why not Mali? Why not Chad? Why not Burkina Faso, Madagascar, Somalia or Equitorial Guinea?"
In terms of population, Nigeria is a very large country - just like China in Asia. On that basis alone, a fraudster is more likely to come from Nigeria than any other African country. Large countries are also harder to police effectively.

This 32 message thread spans 2 pages: 32 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved