Is there a way to trace real ip address from linux/apache web server?

15 pts.
Tags:
Credit Card Fraud
NAT
Natting
Security
I'm having a serious problem with some evil entity submitting fraudulent credit card transactions through my web site.  They apparently have a database of credit card numbers, along with the 3-4 digit CVS, and have sent 9,000 transactions through my web site (same name, address, all for $25.00).  Some of these tx have gone through, most have failed.  When I notice this behavior, I block the ip of the sender.  They then come at me from a different ip.  I believe they have modified their ip (NATting, or ip masquerading?). 
This has cost me around $6,000 in the past two months and may bring my web business down entirely.  I need to find this person.  Any ideas on how to track them down?  I am not a networking expert, but am a programmer and can figured out whatever needs to be done.
Thanks so much in advance!


Software/Hardware used:
Linux, apache

Answer Wiki

Thanks. We'll let you know when a new response is added.

This might help a little, but, like all things in the Internet spamming world, there are ways around anything. There is a program called Visualware in which you can type in the IP address and it will show you the route it took and the final destination of where it came from, if it is really the true IP address. I have this program at home and I know the DOD uses it.

Just go to google, type in Visualware and read up on it and see if it is what you are looking for. You might be able to block the IP range if that helps. Other than blocking the IP range, I am not sure they is much more than you can do because they can always spoof their IP address into another range which is just as frustrating or find another ISP and continue their game.

Unfortunately, this type of thing is common and is very frustrating to those in the security field because for every one that is taken down, three more pop up within a few hours.

I know it is not the answer you really wanted to hear, but this is just the tip of the iceberg. Good luck.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    What needs to be done is to report it to your local police, your state's Attorney General office and the FBI (or the relevant authorities in your country). All of them will have procedures that they will follow. Most likely, the IP addresses are real, probably taken over as zombies. It is extremely unlikely that you will otherwise have individual authority or knowledge to do anything (anything that's legal) to find out useful info. Tracking the source IPs will likely be effectively impossible without breaking into the systems that are probably being used without knowledge of their owners. And most likely, all you will find is one or more additional addresses. a database of credit card numbers, along with the 3-4 digit CVS, and have sent 9,000 transactions through my web site (same name, address... You don't validate names/addresses to correlate with a credit account? Tom
    125,585 pointsBadges:
    report
  • Subhendu Sen
    This is actually one kind of cyber crime. It is best to take help from local administrative department as Tom suggested. See here for more info
    28,590 pointsBadges:
    report
  • Whimsical11
    Thanks, I have reported the crime to my local sheriff's office. The investigator looked into things and ultimately said there it was too sophisticated and there was nothing he could do, so he was putting it "on a shelf." I also filed something on the FBI web site but haven't heard anything from them. I need to follow up on that. With respect to names and addresses... I do trap names and addresses and send them along for verification. However, to my knowledge, the names are no longer used. Addresses are used via AVS handlers, and my AVS handler has declined most of these transactions. Around 800 got through the AVS handler because some credit card companies don't support AVS, i.e. almost every other country in the world. Also, there are times when the address is not available from the credit card company and in those cases AVS defaults to authorize the transaction. It's complicated... Despite strict standards on AVS and CVS handling, some transactions still get through when there is such a high volume.
    15 pointsBadges:
    report
  • carlosdl
    How are these transactions being sent to your server ? a web service ? a web page ? If they are submitted through a web page, adding some captcha-like verification would stop machine-generated transactions.
    69,510 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following