Instant Activation

[HostingSoftware]

What types of security/anty-froud/anty-spam methods do you (I'am asking free hosting with instant activation owners) use?

Captcha? What else?
Do you check if there is proper website uploaded? (I mean changed default page, changed index.html and so on).

 

[TSO]

CAPTCHA, keyword catching, IP catching, etc.

 

[azoundria]

How about, asking them their plans?

I also have spiders that crawl the client pages to look for any warning signs.

And then, there's the good old human review.

 

[SiberForum]

user acout activation via email + whm. That would be the best for antifraud
Phone call to the number they use

 

[SnoorkAdvertiser]

You may use Captcha or even phone verification service.

 

[Seraphim]

Capcha is ineffective, many 'bots' are able to defeat it now faster than most humans can.

The way I would do it is if I create an account for somebody, they have one week to begin moving in. If I don't see them having logged in and begun to upload content, I will first send a reminder email. If it gets rejected or does not result in activity, the site will be removed again after about a month- sooner if I see it being a security problem.

 

[JonnyH]

To be honest, there's no bots that can find their way around customer free hosting scripts especially P2H. I know there's been no cases of THT been spammed at all.

 

[Devoted Hosting]

MaxMind has a good system (it's easily integrated into WHMCS and similar programs, but could be custom coded to a custom billing system, too) - it'll basically look at a range of data and see if the order makes sense.

For example, if they say they like in (for example) America but their IP address shows they are in another country, this could indicate a fraud order.

If you didn't want to try and integrated MaxMind, then the above thing (i.e. IP address to given country match) could be a good simple place to start.

 

[GS-Dylan]

I use maxmind before automatically creating accounts.

 

[revolve3]

We used to have instant activation and the methods we used were first checking the provided email address to make sure it actually existed (or the very least that the domain was actually in use) and then having clients activate their email. We also never used CAPTCHA and we never got flooded with bots (usually because of the email validation required).

However, that never stopped the abusers from signing up and causing issues so now we manually review every order which has worked surprisingly well.