Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


For hosts, FraudRecord.com - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

For hosts, FraudRecord.com

2»

Comments

  • @Jonny_Evorack said: Also, salt is good for you ;)

    >

    salt won’t increase brute force time only when you have sources.

  • edited April 2012

    @Taylor Salt can increase brute force time if it adds entropy (i.e. randomness) and length to your original string :)

    But yes I agree, the main use of using a salt is to prevent rainbow tables from being used.

    See, Salt really is good for you! :)

  • Also, it's always good to iterate a hash multiple times.

  • Sigh. Most hashes/encryption CAN be cracked in theory, given enough time/computing power. Suppose a novice fraud DB programmer doesn't know about salts, and decides to use just a hash. He also thinks everyone has "English" names, so allocates 10 characters each for the first/last name. He's also stuck in the 90's and only knows of the three big TLDs, giving 20 characters total to the complete email address. So that's 40 characters, total.

    For simplicity's sake, we'll go with the Amazon cracker. We have 34 more characters, so the time to crack would be 49*2^34 minutes = 1.6 million years.

    Of course, when quantum computers become viable, all bets are off ;)

    Thanked by 1Roph
  • if it was as easy to crack as most people said it would have been cracked and posted. cracking can happen but with hash collisions it would be hard to know 100%

  • @Boltersdriveer said: Nah, not proxy'd. My StarHub connection.

    I got that with SingNet as well. A lot of sites do not understand there's something call transparent proxy.

    Anyway, use VPN solved the issue. :)

  • @exussum said: but with hash collisions it would be hard to know 100%

    AFAIK collisions in SHA-1 have yet to be found, but they will fairly soon. Of course, collisions have very little practical relevance to this application --- some poor sap is accidentally labeled a fraudster? He talks to the provider and sorts things out. Where they matter is when they are relied on for security, such as SSL certs, etc.

    Hashing is cheap, so perhaps someone could recommend the developer use a stronger hash just to reassure the jittery folks? SHA-512 or Whirlpool (also 512-bits) would be ideal.

  • of course there are collisions. the sha1 space is a set size so anything over that size must have a collision.

    i was talking about the password really. its less likely for a persons email hash to clash

  • komokomo Member

    I did not test this service but does someone check the companies/reporters too? How do you know that a "Constantine" did not decide to bug some people becuase s/he is just "evil"?

    Could I register and just report KuJoe or exussum because i.e. I got their email address and/or name on my blog?

    Is there a possibility to draw back the report? Will the companies who read the old/false report get updated about changed status of the report?

  • KuJoeKuJoe Member, Host Rep
    edited April 2012

    @komo said: How do you know that a "Constantine" did not decide to bug some people becuase s/he is just "evil"?

    They are building a "reputation" system for providers. Not sure how or what it is but if I were to do it, I would use a lot of factors to determine whether a company is legitimate or not and only accept reports from legitimate companies (i.e. registered companies, companies that pay taxes, companies registered for X years, companies with legit and public information, etc...).

    The whole point of the system is to be a guide and not a silver bullet so users will have to use common sense and still do some legwork to combat fraud.

  • SpiritSpirit Member
    edited April 2012

    I though that whole point of a system is automation to save your time just like with maxmind and similiar services. And as we had this discussion at LET already it's known that some hosts tend to refuse service by default regarding maxmind decision even if/when refused person is willing to clarify situation over support ticket. In those cases I wouldn't call this exactly "guide" but final decision without human involved.

  • KuJoeKuJoe Member, Host Rep

    Different people run their companies differently. I personally wouldn't use this service if it was automated, but if it's all a manual process I would consider it when it's more developed.

  • gsxgsx Member

    This seems like a great idea, until someone entirely legit is blacklisted by an angry host and a major legal storm appears.

  • innyainnya Member

    Maxmind GeoIp thing might not be filtering correct. I got flagged fraud from maxmind when I tried to order inceptionhosting current promo using my Voip home phone and from home computer. I have never gotten a called from Maxmind and flag as fraud.
    Also, I tried from work and inception site ban me from coming in from my work ip address.
    That's very strange and new to me. I'm in usa and I have no problem ordering with others provider in the pass.

    How do they verify the real home IP and home (voip) phone as fraud?
    Just wondering.

  • Some providers don't like USA. I have seen at least one person here on LET claiming that he bans all orders from USA.

  • innyainnya Member

    Maxmind flag me as fraud because Maxmind GeoIp detection think that my home ip and phone number location distance show more than 25 miles. So, they flag me as very high risk fraud.

    I live in Midwest of USA and i can keep and use my old phone numbers as long as first three digits area code is same although I had moved from more than 45 miles from where I used to lived. However, current address and old address have same 3 digit area code phone numbers and last 7 digit number point to old area. (e.g. (111) 222-2222 )

    This is my first time I got flag as fraud. That's why, I was amazed about it.
    I understand the host provider point of view. It has to protect his business and interest.

    I think I should try to see that I can order one or two of the over sea datacenter provider plans other than UK and France.
    I have the UK and France provider accounts.

    Could anyone suggest any good one?
    I have too many vps already. I just want to try out to test the water.

  • @innya I turned that feature off because of local number portability. If a host flags you because of that you can always remind them about it. I'm more concerned when the address and IP are a long ways apart aside from a wireless modem, most IP's should RDNS back to the ISP and usually it has the name of the town the connection exists.

Sign In or Register to comment.