Msg#: 4450870 posted 3:32 pm on May 8, 2012 (gmt 0)
I am currently tracking the IPaddress of users that submit orders on my website. Is there a way to automatically lookup if they are on the spam list via zen XBL, CBL, PBL and then temporarily block the order?
Msg#: 4450870 posted 4:12 pm on May 8, 2012 (gmt 0)
What's the logic?
Blacklists usually blacklist server IP's.
A person placing an order on your site will be using the IP allocated to them by their ISP which is their modem/router, not a web server IP.
If you look up the email address and see what IP **that** server is from, it may very well be that they are not the source of the blacklisting. Example, I had one dedi server with a customer with an easy123 password that got hacked and the hacker started a spam campaign that got the entire IP blacklisted. All clients on that server now have to suffer due to one lazy site owner.
Msg#: 4450870 posted 6:35 am on May 9, 2012 (gmt 0)
The logic problem here is the fact that we're talking about residential IPs which would already be in the PBL or ZEN DNSBLs. Residential IPs aren't allowed to send email by policy (that's the P in PBL) so all known residential IP blocks that are in the PBL will generate positive results. Even if they did generate spam from their IPs, the odds are it wasn't the person making the purchase, it was most likely their machine was infected by a botnet so you're punishing someone for being a victim and losing an order to boot.
The rest is like @rocknbil said, that most spam comes from hosting company servers and humans typically can't post orders from a hosting company unless they're doing it via a web proxy.
Anyway, if you try block anyone trying to placing an order from the ZEN or PBL, then you're possibly going to block *ALL* residential IPs.
Good luck with that ;)
I would recommend using just the opposite, if the order comes from a server farm or hosting company IP range, then toss it.
Better yet, just get a bot blocking script for your server which will kick them out based on user agent, IP range, and lots of other criteria. Several decent ones out there, and they'll stop a lot of this rogue behavior from hitting your server in the first place and you won't have to worry about maintaining it yourself.
Then, if your bot blocker doesn't supply one, get a big list of proxy IPs which are very popular with ecommerce fraudsters and drop them in the IP black list.
Also, have you checked commercially available anti-fraud services? Many merchant account transaction processors already provide that kind of technology and some of it is quite good IMO. I'd recommend you start by looking at something like minFraud by MaxMind which is inexpensive for what it does compared to many other similar services and go from there.