Home > IT Answers > Networking > Is there a way to trace real ip address from ...
Whimsical11
15 pts.
 Is there a way to trace real ip address from linux/apache web server?
Natting, NAT, ip masquerading, Web site security, Credit Card Fraud
I'm having a serious problem with some evil entity submitting fraudulent credit card transactions through my web site.  They apparently have a database of credit card numbers, along with the 3-4 digit CVS, and have sent 9,000 transactions through my web site (same name, address, all for $25.00).  Some of these tx have gone through, most have failed.  When I notice this behavior, I block the ip of the sender.  They then come at me from a different ip.  I believe they have modified their ip (NATting, or ip masquerading?). 

This has cost me around $6,000 in the past two months and may bring my web business down entirely.  I need to find this person.  Any ideas on how to track them down?  I am not a networking expert, but am a programmer and can figured out whatever needs to be done.


Thanks so much in advance!


Software/Hardware used:
Linux, apache
ASKED: Jan 19, 2012  1:30 AM GMT
UPDATED: February 28, 2012  11:26:49 AM GMT
RELATED QUESTIONS
Harisheldon1960
1,120 pts.
Answer Wiki:
This might help a little, but, like all things in the Internet spamming world, there are ways around anything. There is a program called Visualware in which you can type in the IP address and it will show you the route it took and the final destination of where it came from, if it is really the true IP address. I have this program at home and I know the DOD uses it.

Just go to google, type in Visualware and read up on it and see if it is what you are looking for. You might be able to block the IP range if that helps. Other than blocking the IP range, I am not sure they is much more than you can do because they can always spoof their IP address into another range which is just as frustrating or find another ISP and continue their game.

Unfortunately, this type of thing is common and is very frustrating to those in the security field because for every one that is taken down, three more pop up within a few hours.

I know it is not the answer you really wanted to hear, but this is just the tip of the iceberg. Good luck.
Last Wiki Answer Submitted:  Feb 13, 2012  7:43 PM (GMT)  by  Harisheldon1960   1,120 pts.
To see other answers submitted to the Answer Wiki View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



 

What needs to be done is to report it to your local police, your state’s Attorney General office and the FBI (or the relevant authorities in your country). All of them will have procedures that they will follow.

Most likely, the IP addresses are real, probably taken over as zombies. It is extremely unlikely that you will otherwise have individual authority or knowledge to do anything (anything that’s legal) to find out useful info. Tracking the source IPs will likely be effectively impossible without breaking into the systems that are probably being used without knowledge of their owners. And most likely, all you will find is one or more additional addresses.

a database of credit card numbers, along with the 3-4 digit CVS, and have sent 9,000 transactions through my web site (same name, address

You don’t validate names/addresses to correlate with a credit account?

Tom

TomLiotta
 66,955 pts.
 

This is actually one kind of cyber crime. It is best to take help from local administrative department as Tom suggested. See here for more info

Rechil
 20,980 pts.
 

Thanks, I have reported the crime to my local sheriff’s office. The investigator looked into things and ultimately said there it was too sophisticated and there was nothing he could do, so he was putting it “on a shelf.” I also filed something on the FBI web site but haven’t heard anything from them. I need to follow up on that.

With respect to names and addresses… I do trap names and addresses and send them along for verification. However, to my knowledge, the names are no longer used. Addresses are used via AVS handlers, and my AVS handler has declined most of these transactions. Around 800 got through the AVS handler because some credit card companies don’t support AVS, i.e. almost every other country in the world. Also, there are times when the address is not available from the credit card company and in those cases AVS defaults to authorize the transaction. It’s complicated… Despite strict standards on AVS and CVS handling, some transactions still get through when there is such a high volume.

Whimsical11
 15 pts.
 

How are these transactions being sent to your server ? a web service ? a web page ?

If they are submitted through a web page, adding some captcha-like verification would stop machine-generated transactions.

Carlosdl
 60,255 pts.