14 DAY TRIAL // The Spamhaus Project – the international nonprofit organization whose main goal is to help organizations in their battle against spam and other malicious campaigns – has issued an advisory to help hosting providers prevent fraudulent sign-ups.
Numerous hosting companies have contacted Spamhaus, seeking help in preventing cybercriminals from creating accounts they utilize in their spam operations, or to host malware and botnet controllers. In many cases, the crooks rely on stolen payment details to hide their identities and avoid paying for services with their own money.
In an attempt to help hosting providers in the battle against these fraudulent sign-ups – which in many cases rely on automated systems – an advisory has been released.
The first thing hosts can do is implement a verification system that checks at least some pieces of information when new subscriptions are made. For instance, automated sign-ups can be prevented by sending confirmation links via email or by sending confirmation codes via SMS messages.
Another way to mitigate the threat is by maintaining a customer blacklist. The blacklist can include details such as names, postal addresses, phone numbers, email addresses, payment service data, IP addresses, and browser information.
A strong Acceptable Use Policy (AUP) or Terms of Service (ToS) is also a good way to prevent abuse. Recent studies have revealed that the most targeted hosting firms are the ones with week AUPs. This exposes the organization not only to ill-intended cyber operations, but also to legal threats.
Traffic monitoring is also a good solution against fraudulent sign-ups. Most cybercriminals use a VPN to forward traffic from the victim’s servers to botnet or snowshoe spam cannons or web proxies on a compromised machine.
So, by monitoring traffic, a host could easily identify connections to known black hat VPN nodes.
The verification of customer IPs against known blocklists, or the use of Spamhaus’ Don't Route Or Peer Lists (DROP/EDROP) is also recommended, the latter being highly efficient in filtering out bad traffic.
Furthermore, hosts should implement special registration systems for customers that reside in countries where the fraud and abuse risk levels are high.
For more details on how to protect your hosting company against fraudulent sign-ups check out the advisory made by Spamhaus.