Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Trace IP Address


jon_l

Recommended Posts

I need to find out the ip address that an order was placed from (no prizes for guessing why) and from which the customer subsequently logged on from.

 

I've got all the web logs from the relevant period.

 

Can someone tell me what I should be searching for in the logs to find all the relevant entries?

 

Thanks,

 

Jon.

 

PS This is urgent.

Link to comment
Share on other sites

1. There is a basic IP collector contribution available - this will help for next time ;)

 

2. Look for the IP address which is in your logs for the time/date the product was bought.

 

3. Go to;

- http://www.ripe.net/perl/whois

- http://ww2.arin.net/whois/

 

To get the IP provider. Then provide your evidence to said ISP/Police and sit back whilst they do little to nothing...

 

HTH

Link to comment
Share on other sites

I'm pretty sure I've tracked the entries that relate to the order being placed. However, the customer logged on a number of times and it would be nice to track those entries as well.

 

I also want to be 100% before I start reporting the ip addresses to the powers that be.

 

I'm wondering if there is certain pages or strings that I could search for, as I obviously know the order number and customer number.

 

Jon.

Link to comment
Share on other sites

What happened?

 

A mail order transaction was charged back, due to the card holder denying any knowledge of the transaction. The reason? Probably card fraud. Which can be difficult to protect against.

 

I realise this has been covered by other threads, and that there is a mod (or one in development), but I think we really need something in the cvs to track ip addresses.

 

I don't know how the mod does (or is planned to) work. All we need is a simple logging of the ip address every time a user logs on, which a single new table should cope with. I realise this will not be fool proof, and probably of little help, but at least it will be something.

 

Jon.

Link to comment
Share on other sites

Hi John,

 

Harvesting the IP will do nothing for you incase of fraud.

The CC companies don't care about this, YOU take the fall anyway.

 

Besides, how easy is it to spoof an ip or just surf from an anonymous internet cafe connection?

Damn, if you set your proxy setting to match an open proxy (which can be found by the hundreds in pre-compiled lists) you're suddenly surfing from Japan while you're in the States, that's how easy it is.

 

IP Collecting is of no use whatsoever to prevent chargebacks.

 

More succesfull things are blacklists of card numbers, name's & addresses, email addresses etc.. Try to discover a pattern in those.

 

If you get a client with an USA card that wants his stuff shipped to Indonesia at least an alarm bell should go of.

Things like that prevent fraud, IP collecting really doesn't.

 

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

You're totally correct that there are plenty of not too difficult ways to mask the real ip address, or use a connection that isn't traceable (i.e. an internet cafe). You're also correct that it doesn't help prevent chargebacks.

 

Having the ip address does give you something to go on when chargebacks occur though. It gives you more information to pass to the Police, though whether they will actually do anything with it is another question.

 

Jon.

Link to comment
Share on other sites

Anyway about this contribution.

 

I am trying to install it and have not really had any luck.

 

The snap shot has change a bit since this contrib and my snapshop late august.

 

Does anyone know what needs to be done to get his to werk.

 

I have imported the sql file and made changes to the best of my interpretation to the .php files. but it does nother accept show me the customers order number in the admin/orders

 

 

TIA

Shawn

Link to comment
Share on other sites

You can get the $HTTP_REFERER which will give you the url they came from BUT you will have to do this upon entry to your site otherwise it will be a local (ie yoursite.com/whatever.php) url. The referer only saves one single url.

 

So the basic technique would be to include code in the header that checks if there is a 'referer' session and if not registers the current one. That way you'll grab it anywhere from the site.

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

As a non-programmer, this would be beyond me - sorry! I am really surprised this is not already a contribution, as knowing which advertising spend produces buyers is so key to ecommerce. Perhaps I should request this on the development forum.

Link to comment
Share on other sites

  • 9 months later...
If you get a client with an USA card that wants his stuff shipped to Indonesia at least an alarm bell should go of.  

Things like that prevent fraud, IP collecting really doesn't.  

Mattice

 

Hi Mattice,

 

I'm from Indonesia :oops: , and I realy need to do prevent fraud.

I have a question: How to know the countriy's card and work with OSC checkout process?

 

Thank's

zaenal

Link to comment
Share on other sites

As a non-programmer, this would be beyond me - sorry! I am really surprised this is not already a contribution, as knowing which advertising spend produces buyers is so key to ecommerce. Perhaps I should request this on the development forum.

The information of where a user came from to your site is contained in your web logs.

 

Your server should have an analyzing tool (e.g. webalizer) that will show the top referrers along with relelvant search terms if a search engine was used.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

I'm from Indonesia :oops:

Don't worry about it - me too, only just a tiny little bit :D

My great-great-great grandparents came from Indonesia (Maluku Tanah Airku - Saparua to be exact ;) )

 

I have a question: How to know the countriy's card and work with OSC checkout process?

 

You can tell the country code of the card by the last 2 of the first 4 digits.

The problem is the credit card companies do not like to hand out lists with it - but if you look at your clients cards over time you will notice the cards from certain countries all are within a certain range. There might be documentation on it somewhere - but I do not have it - sorry.

 

Once you know all the codes it will not be hard to implement a check that looks if that card number is actually from that country...

 

 

Regards,

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

You can tell the country code of the card by the last 2 of the first 4 digits.  

The problem is the credit card companies do not like to hand out lists with it - but if you look at your clients cards over time you will notice the cards from certain countries all are within a certain range. There might be documentation on it somewhere - but I do not have it - sorry.

 

Once you know all the codes it will not be hard to implement a check that looks if that card number is actually from that country...  

 

Hi Mattice,

 

I''ll try to find this kind of credit card country code. Maybe I'll post as contribution if I have implemented this for OSC.

 

Thank's for your information

zaenal

Link to comment
Share on other sites

  • 3 years later...
Hi John,

Harvesting the IP will do nothing for you incase of fraud.

The CC companies don't care about this, YOU take the fall anyway.

Besides, how easy is it to spoof an ip or just surf from an anonymous internet cafe connection?

Damn, if you set your proxy setting to match an open proxy (which can be found by the hundreds in pre-compiled lists) you're suddenly surfing from Japan while you're in the States, that's how easy it is.

IP Collecting is of no use whatsoever to prevent chargebacks.

More succesfull things are blacklists of card numbers, name's & addresses, email addresses etc.. Try to discover a pattern in those.

If you get a client with an USA card that wants his stuff shipped to Indonesia at least an alarm bell should go of.

Things like that prevent fraud, IP collecting really doesn't.

Mattice

 

Just so you know, it helped me immensely - without it I probably would not have gotten my money on a transaction after a chargeback. The customer claimed fraudlent use of the card and no knowledge of said transaction, and also claimed the card had been stolen. The issuing bank was no help even though I had all documentation and proof, and processed the trans with the cvv. So I contacted the local police who investigated, and they were able to determine by the IP address that the person that we shipped to and placed the order was the cardholder.

 

Without the IP address I wouldn't have stood a chance. I had a very sympathetic and competent detective who subpoeaned the logs from the ISP and then traced it.

 

Under threat of prosecution, customer wasted no time sending me a money order and I got all my money back (400+), and even convinced my bank to refund my money on the chargeback fee.

 

IP logging won't always be of help certainly, but as my situation demonstrates it can be indespensable. BTW, this is the only chargeback for fraudulent use of a card that I have had in ten years of doing business. It pays to be very vigilant.

Link to comment
Share on other sites

Hey guys:

 

I have been had a couple of times, too. Both times my concience got the best of me and no products left because I realised this was a fraud buy, and once the American Card owner called me directly. I said little and she gave me enough clues before we both indulged the hard facts.

 

One this that is helping is that I turned on the Fraud Guard in my Authorize.com account. Now I get alert with a "suspicious transaction" email. Then it is up to me to allow or dis allow the transaction.

 

Hope this helps.

Link to comment
Share on other sites

  • 2 months later...
  • 5 weeks later...
Hi all,

 

Any idea how can we include IP address displayed in the email order? Thanks

 

You can get $REMOTE_ADDR on checkout_process.php and have it included on the order email. I actually add it to the DB on all the orders I receive, just in case...

MindTwist of Twisted Reality and Twisted Tienda

Link to comment
Share on other sites

  • 3 months later...

Just FYI to help anybody out, there are some quick, free tools on the net you can use to trace IP's, i.e. http://www.ip-adress.com/ I also use a service when I am suspicious called www.readnotify.com , this tool gives you the ip address and location and more when the person responds to your emails. This is a very effective tool when you are suspicious; you email them asking a basic question and when they respond if their emails shows they are on Ghana (tons of scams come out of there) but their shipping address is Philadelphia, red flag!. By the way, I have seen tons of these lately, emails and orders from Ghana shipping to philly....something is going down in PA.

 

Also, for those if you who dont use 2checkout.com for CC processing, they have a pretty extensive verification dept. Every order goes into hold and then pass/fail status. It normally takes them 24 hours or less to check all the p's and q's of your orders done with CC's to see if things match up. Only downside is they dont have any shipping featurs. I have been selling online for 7 years and for what its worth, here are some things you may keep an eye out for when getting orders-

 

-Look at the email addy of your customer (free emails like yahoo, hotmail etc) are questionable but keep in mind many honest buyers have these

-Keep an eye out for broken english when customers are asking questions

-Keep an eye out if the customer wants large order and does not balk at the price you quote them. Honest buyers typically want a better deal when purchasing in bulk. Scammers dont care.

-For those of you with brick and mortar stores as well as online, watch out for TDD calls, this is a dead give away. If you do take the call, quote your highest price if they dont balk and want to order, hang up.

-Watch out for anyone who wants to have their shipping company pick up items from you, using "their own" shipping acct.

-Watch out on next day express mail orders, especially if its a yahoo or hotmail acct. Verify your order with IP address location, phone# etc.

-Be leary of course if someone wants to fed ex you a cheque and then have you ship items. I got one of these last year and called the bank to verify the funds. The funds were actually good, but then I called the company who was the check holder to verify the order, and they freaked. Someone got a hold of their cheques and was sending them out ordering stuff all over the USA (I caught this because the guy didnt balk at the pricing I gave him). The company cancelled that account instantly but could have been a victim had I not checked.

-Another thing to consider is using paypal, they actually have measurers in place now to protect sellers from fraud if you meet their terms (ship within 7 days, ship to a confirmed (verified) address and have a tracking #). Then you dont have to worry.

 

Hope that helps ya.

 

Eric

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...