Hosting providers are increasingly asking Spamhaus how they can prevent so-called "fraudulent sign-ups" -- new customers whose only intention is to spam, host malware, host botnet controllers, or engage in other activities that are forbidden by the hosting provider's acceptable use policy (AUP). Such customers normally target cheap VPS and cloud hosting with automated sign-up procedures. These customers know that their accounts will be terminated swiftly when the host becomes aware of their activities, so they usually use stolen credit cards or compromised Paypal accounts to obtain service. This allows them to hide their real identities and avoid spending their own funds.
Spamhaus has received several independent reports from hosting providers that the volume of such fraudulent sign-ups has increased dramatically in the past few months. Some hosting providers report that 50% of all new subscriptions are fraudulent -- every second subscription. No hosting company is immune, neither small local operations nor large multinational hosting firms with data centers on several continents.
While Spamhaus' mission is to protect internet users and organizations from spam and other cyber-threats, we lack the resources and time to act as an abuse reporting service (FBL - Feedback Loop) or a consulting company. However, we would like to do what we can to help. This article provides some tips to help hosting providers prevent fraudulent sign-ups and increase the detection rate for such sign-ups. These tips are not a solution, but should help mitigate the damage and administrative costs caused by criminals.