DreamHost Announcements

It’s a fraud, fraud, fraud, fraud world.

419 Scammer with Bread on Head

You don’t need me to tell you there’s a lot of skeeziness on the Internet.

Stolen credit cards, spyware, Nigerian 419 scams, identity theft… if it’s possible, some Vietnamese or Romanian is trying it to reunite themselves with your hard-earned cash. (And I don’t mean all Vietnamese and Romanians of course… I just mean that 99% of the sign-ups we get from those countries are FRAUD FRAUD FRAUD FRAUD!)

And quite a lot of them are hosted with DreamHost.

Not on purpose! And not for long.. as soon as we detect their first string of spam or fake paypal website, we shut them down and clean up the mess. But it’s really hard, and recently getting harder, to catch them all before they make their first move. Nowadays, about 20% of our daily sign ups are with stolen credit cards (or stolen paypal accounts), and are for the express purpose of spamming, conning, storing “warez”, or cracking (our system or somebody else’s).

What’s a poor host to do?

Just like there’s no 100% accurate way to filter spam, there’s no 100% accurate way to catch these fraudsters before they’re approved. Even with a 99% success rate, that means a few a week get by, spend a bunch of spam, and get us in trouble with AOL, Paypal, Bank Of America, etc..

We could do something like require a faxed rubbing of the actual credit card for every new sign up, but what a hassle for the 80% of people who aren’t fraud! We could manually review each account for tell-tale signs of fraud, but that would mean longer waits for new account set ups, not to mention more work for us!

That’s where FRAUDINATOR comes in!

FRAUDINATOR is our hueristics-based system for determining if a new sign up is fraud. Inspired by Spam Assassin, FRAUDINATOR runs dozens of automated tests on new sign ups and attempts to determine automatically if they’re fraudulent! Each test has been given a score from -15 (very un-fraudy) to 15 (very fraudy), with the scores based on running the test on old accounts that we know to be fraudulent or not. If the sum of the score of all the tests you pass is above a certain threshold, your account is automatically disabled. If it’s below a certain threshold, it’s automatically approved, and everybody else we actually look at a few times a day and decide for ourselves.

Those ones we look at ourselves are the problem ones: it turns out humans are even worse at determining if an account is fraud than we are at determining if an email is spam! Fortunately, only about 2% of our sign ups fall into this range. Our false positive rate for auto-approved and auto-disabled accounts is less than 1%, which could be better but isn’t totally unacceptable.

So what sort of things does FRAUDINATOR look for?

Even though we’re pretty sure most of the people reading this blog arean’t doing this stuff, we’d prefer to keep that a secret! “Security through obscurity,” we say!

Suffice it to say there are a lot of tests, with a bunch of really obvious ones and a few not so much so.

And that’s all I have to say about that,

About the author

Josh Jones