amuck-landowner

OK, which one of you stole my credit card...

raindog308

vpsBoard Premium Member
Moderator
Got a call from my bank today - one of my credit card numbers was apparently stolen and the thief ran up a bunch of charges, all of which my bank declined.

Funny thing is that the thief apparently used it mostly to sign up for VPS services.  Not with any provider here or anyone I've ever used.

Considering the size of the charges, he must have been trying to build out the next reddit on CloudSigma.com.
 

earl

Active Member
Curious, do you always use your credit card when purchasing VPS's?  I always use paypal linked to a card with a very minimal limit, only time I use the card directly is probably when purchasing domain names..
 

raindog308

vpsBoard Premium Member
Moderator
I typically use Paypal.  I don't think my card number was stolen from a VPS provider - more likely a coincidence that the thief who took it also was into VPSes.
 

Aldryic C'boas

The Pony
Well, there have been an abnormal number of buyouts lately.  Some of the parties involved not very trustworthy to begin with, too... perhaps someone thought they could make an extra buck after selling their company by selling a backup of the DB with client info and CCs.
 

nunim

VPS Junkie
Very few VPS providers around here actually accept credit cards, even fewer process the cards themselves.
 

perennate

New Member
Verified Provider
Very few VPS providers around here actually accept credit cards, even fewer process the cards themselves.
Most accept credit cards via PayPal (without processing it themselves). Which ones don't accept credit cards at all?
 

rds100

New Member
Verified Provider
He means that VPS providers are generally not receiving and processing / storing your credit card number at all. Paypal does this. The VPS provider doesn't know your credit card number so can't leak or steal it.
 

earl

Active Member
Is there a possiblitiy that you have a keylogger in one of your computers? I got the ZEUS virus once, and MBAM tracked it to an add-on I installed for for zpanel.. luckily it was only my shared hosting they hacked..
 

drmike

100% Tier-1 Gogent
Are you sure you weren't a Colocrossing/ChicagoVPS/Hudson Valley Host customer with that card?

Not many companies do the direct card acceptance because it is a HUGE liability and attack target.  That's why all these fully handled processors exist.

Now why did I bring the trio into this?  1.  CC is ongoing target for foolishness, hacks, etc.   2. ChicagoVPS has already been compromised multiple times on large scale, including recently when oh 300 accounts were perhaps compromised in WHMCS.   3. HVH does their card processing through ... ColoCrossing.... or has in the past.   They also have skids known to be associated with HackForums in the mix doing their support and other tasks.

Those are the reasons why I steer clear of a number of providers and why risk level is through the roof with them and unsure how payment processors even allow them to operate.
 
Last edited by a moderator:

MannDude

Just a dude
vpsBoard Founder
Moderator
Are you sure you weren't a Colocrossing/ChicagoVPS/Hudson Valley Host customer with that card?

Not many companies do the direct card acceptance because it is a HUGE liability and attack target.  That's why all these fully handled processors exists.

Now why did I bring the trio into this?  1.  CC is ongoing target for foolishness, hacks, etc.   2. ChicagoVPS has already been compromised multiple times on large scale, including recently when oh 300 accounts were perhaps compromised in WHMCS.   3. HVH does their card processing through ... ColoCrossing.... or has in the past.   They also have skids known to be associated with HackForums in the mix doing their support and other tasks.

Those are the reasons why I steer clear of a number of providers and why risk level is through the roof with them and unsure how payment processors even allow them to operate.
This was my thinking too, which is why I asked what provider(s) he uses.

I suspect all card data would be hashed anyhow. Unsure what the process would be to transform it into anything useful.

It's very strange that his card would be compromised and be used to purchase Virtual Servers if, say, it was compromised from a more traditional method such as an ATM skimmer or something.

raindog308 please let us know what providers you used. Some of us here may use them too and need to know so we can check our statements.
 

raindog308

vpsBoard Premium Member
Moderator
The card was used for a variety of online and offline purchases, so it could very easily be a coincidence.

The only non-paypal providers I've were AWS and Azure, and if those two were hacked it'd be in the news.  All the rest were via Paypal.
 

Aldryic C'boas

The Pony
I suspect all card data would be hashed anyhow. Unsure what the process would be to transform it into anything useful.
With WHMCS, the CC hash key is stored in configuration.php.  With all of the recent WHMCS exploits, it would've been trivial to see that file as plaintext, and use the key to reverse all of the stored CCs.
 

drmike

100% Tier-1 Gogent
It's very strange that his card would be compromised and be used to purchase Virtual Servers if, say, it was compromised from a more traditional method such as an ATM skimmer or something.
Nope, wrong :)   Seems like carders and associated theft rings are racking up VPS accounts with stolen accounts.

Go back and see the recent Stripe thread on here.  4 accounts, all stolen and all used to buy VPS accounts.   No idea where those folks used their cards or if they were tech-centric people.  

I am thinking it is about time to embark on pre-paid cards for online payments.  Unsure how to facilitate this with say PayPal.  Anyone?
 

earl

Active Member
The card was used for a variety of online and offline purchases, so it could very easily be a coincidence.

The only non-paypal providers I've were AWS and Azure, and if those two were hacked it'd be in the news.  All the rest were via Paypal.
if you are using windows just try scanning your computer with malwarebytes.. I had avast installed and unfortunately it did not detect the virus at all..
 

Ruchirablog

New Member
I am thinking it is about time to embark on pre-paid cards for online payments.  Unsure how to facilitate this with say PayPal.  Anyone?
We have that here in Sri Lanka :) Basically we can get a prepaid card (Visa) by paying about $20 and spend it all. No fees or anything. You can go to the bank and recharge it or if you have a bank account on the same bank the card was issued then you can attach the prepaid card to the online portal and transfer money to the prepaid card from the bank account by just few clicks :)
 

Aldryic C'boas

The Pony
I am thinking it is about time to embark on pre-paid cards for online payments.  Unsure how to facilitate this with say PayPal.  Anyone?
I remember PayPal used to issue temporary CC numbers that would pull right from the account balance for a single transaction.  Might be worth checking to see if they still do this.
 

KS_Phillip

New Member
Verified Provider
I remember PayPal used to issue temporary CC numbers that would pull right from the account balance for a single transaction.  Might be worth checking to see if they still do this.
They cancelled that program years ago, sadly.
 

notFound

Don't take me seriously!
Verified Provider
I have used Entropay with providers which I don't totally trust and with autocharging 'cloud' stuff etc. The fees are quite high though.
 
Top
amuck-landowner