Author

Topic: Risk of BTC in Web Hosting Business (Read 2918 times)

full member
Activity: 141
Merit: 100
July 31, 2014, 12:42:45 AM
#22
Just ban users that spam other.
full member
Activity: 228
Merit: 100
July 30, 2014, 10:30:14 PM
#21
I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.

Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).

Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.

Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.

They are using free email address. We do receive email confirmation, but again the email addresses are disposable.

Maybe you should require phone number verification via SMS or a phone call? Most legit customers have landlines and/or cell phones.

It doesn't need so troublesome, just change a web hosting business
newbie
Activity: 9
Merit: 0
July 29, 2014, 07:04:31 PM
#20
My friend is in web hosting business accepting Bitcoin. There is an alarming level of customers using bitcoin spamming emails out from his servers. Due to the anonymous nature of BTC users, abuser signed in as another customers and continue the spam activities. Multiple servers have been taken down by network providers due to spamming activities.  Angry

I have been helping him to look for different ways to detect such users up-front during checkout. We are using FraudLabs Pro and it detects highly anonymous, blacklists and recurring abusers.

Are there other screening services we can use? Preferably with free plan like FraudLabs Pro.



Have you considered detecting spamming activity of existing users?  I know that some web hosts will suspend your account if you send too many emails from a server.

That way, you wouldn't need to worry about screening users - you can just stop them if they start sending tons of emails.
hero member
Activity: 490
Merit: 500
July 29, 2014, 04:44:59 PM
#19
This would be a very simply solution as it would prevent people from creating multiple accounts (there is no real reason for your customers to have multiple accounts as they could simply purchase additional capacity, likely at a discount).

Technically, no, it wouldn't.  All the people would have to do is know about Google Voice and they can create another phone number.  Took me about five minutes to setup my GV account.
newbie
Activity: 54
Merit: 0
July 29, 2014, 01:02:43 PM
#18
This thread caught my attention, i was also looking to get one hosting with this one using BTC, thanks to it, i saved my time & money else something spam would have caught me up Sad
donator
Activity: 1617
Merit: 1012
July 27, 2014, 09:30:07 PM
#17
It is reasonable to disallow anonymous customers from using outgoing port 25 directly from his servers. If his customers want to send emails, he could provide them SMTP relay services (at additional cost) with some kind of cap to prevent spamming.
newbie
Activity: 50
Merit: 0
July 26, 2014, 03:51:40 PM
#16
I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.

Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).

Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.

Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.

They are using free email address. We do receive email confirmation, but again the email addresses are disposable.

Maybe you should require phone number verification via SMS or a phone call? Most legit customers have landlines and/or cell phones.
This would be a very simply solution as it would prevent people from creating multiple accounts (there is no real reason for your customers to have multiple accounts as they could simply purchase additional capacity, likely at a discount).
hero member
Activity: 675
Merit: 502
#SuperBowl50 #NFCchamps
July 26, 2014, 01:49:39 PM
#15
Couldn't he just watch the IP addresses of the people who are logging in to he abuser's account?
sr. member
Activity: 313
Merit: 250
i ♥ coinichiwa
July 25, 2014, 05:28:04 PM
#14
I'm not an expert but isn't it possible to monitor/limit/shape/throttle outgoing mail traffic?
sr. member
Activity: 434
Merit: 250
July 25, 2014, 12:30:57 PM
#13
I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.

Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).

Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.

Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.

They are using free email address. We do receive email confirmation, but again the email addresses are disposable.

Maybe you should require phone number verification via SMS or a phone call? Most legit customers have landlines and/or cell phones.
newbie
Activity: 4
Merit: 0
July 25, 2014, 09:42:10 AM
#12
I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.

Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).

Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.

Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.

They are using free email address. We do receive email confirmation, but again the email addresses are disposable.
legendary
Activity: 1512
Merit: 1012
July 25, 2014, 09:06:45 AM
#11
what a problem ?

- customer pay in bitcoin (no chargeback)
- customer kill the contract by spam
- server kill account of customer
- no chargeback

win/win  Grin
legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
July 25, 2014, 09:02:06 AM
#10
I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.

Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).

Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.

Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.
sr. member
Activity: 406
Merit: 250
July 25, 2014, 03:41:34 AM
#9
I realize that is a bit problem, but I think he should update his ToS if he already hasn't to include those things and then get some way to detect when they do that, he should find out how other hosting companies do it, and kick those people out. Another way to limit is allow to buy hosting for at least a year, that way it is less likely someone will risk all that money being taken if they spam.

Hope he stays in business.
legendary
Activity: 1260
Merit: 1029
July 25, 2014, 02:58:00 AM
#8
Asking for credit card just to accept Bitcoin is wrong way to do it. What your friend needs to do is limit outgoing traffic on his hosting machines and raise limit as customer is longer with him. There are anti spam mesures he can deploy (like max number of outgoing mails per minute etc.) that can help with this kind of situation big time.
full member
Activity: 168
Merit: 100
July 25, 2014, 01:13:41 AM
#7
Ouch - yeah, I'm not sure I would provide anonymous hosting service.

They can pay with bitcoin but they sure as hell better provide some proof of their identity before I would let them have access to a system capable of spamming (or scamming) others.

In credit card transaction, we can use the ID to verify the card holder name. However, in BTC case, there is no way to confirm that the ID received is indeed the real user.

Yes, that is a problem for porn sites too. I have some ideas for a solution but I can't start working on it until I get home (I'm on vacation).

You can require credit card for sign up - and then accept bitcoin for payments after the fact.
newbie
Activity: 4
Merit: 0
July 25, 2014, 01:06:32 AM
#6
Ouch - yeah, I'm not sure I would provide anonymous hosting service.

They can pay with bitcoin but they sure as hell better provide some proof of their identity before I would let them have access to a system capable of spamming (or scamming) others.

In credit card transaction, we can use the ID to verify the card holder name. However, in BTC case, there is no way to confirm that the ID received is indeed the real user.
full member
Activity: 168
Merit: 100
July 25, 2014, 01:01:46 AM
#5
Oh, btw, given how this appears to be your first post and you link to a service, I'm guessing you yourself are nothing but a spammer.

I've removed the link if this is not acceptable.

If you are advertising that service, there's a services section where it is perfectly fine.

If you are genuine I apologize, but it is just a really common marketing tactic to register at boards and "ask" about a service in order to drive traffic to it.
newbie
Activity: 4
Merit: 0
July 25, 2014, 12:57:06 AM
#4
Oh, btw, given how this appears to be your first post and you link to a service, I'm guessing you yourself are nothing but a spammer.

I've removed the link if this is not acceptable.
full member
Activity: 168
Merit: 100
July 25, 2014, 12:51:59 AM
#3
Oh, btw, given how this appears to be your first post and you link to a service, I'm guessing you yourself are nothing but a spammer.
full member
Activity: 168
Merit: 100
July 25, 2014, 12:50:20 AM
#2
Ouch - yeah, I'm not sure I would provide anonymous hosting service.

They can pay with bitcoin but they sure as hell better provide some proof of their identity before I would let them have access to a system capable of spamming (or scamming) others.
newbie
Activity: 4
Merit: 0
July 25, 2014, 12:36:43 AM
#1
My friend is in web hosting business accepting Bitcoin. There is an alarming level of customers using bitcoin spamming emails out from his servers. Due to the anonymous nature of BTC users, abuser signed in as another customers and continue the spam activities. Multiple servers have been taken down by network providers due to spamming activities.  Angry

I have been helping him to look for different ways to detect such users up-front during checkout. We are using FraudLabs Pro and it detects highly anonymous, blacklists and recurring abusers.

Are there other screening services we can use? Preferably with free plan like FraudLabs Pro.

Reference: http://www.fraudlabspro.com/tutorials/how-to-prevent-bitcoin-fraud
Jump to: