CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 712
- Points
- 83
Introduction:
Imagine a Michael from the United States who wants to pay for an iPhone. He goes to the shop, sees the payment via PP, opens the account and pays.Michael doesn't lie down with his self-esteem, doesn't go shopping for tea and other tripe, he goes in and pays.Michael does not need to gain the trust of the PP, read entire branches on such forums before buying something for himself. So how do we make ourselves look like Michael and not Bob in the eyes of an anti-fraud?
1. Ports
Imagine that you are an antifraud. Sit and watch the orders and here you want to buy a person who has opened 80, 443, 3389, 22 ports. Just by looking at these ports, it's already clear what this person is up to. After all, Michael would not pay with RDPs, tunnels, socks, proxies.
Solution: we use the RDP on which we configure the firewall or raise the firewall on the tunnel.
2. Two-way ping and belonging to a hosting provider
Two-way ping detects tunnels, VPNs, and socks based on the ping and time difference received in the loop.
Solution: before the tunnel, vpn, or socks, add TOR.
Belonging to a hosting provider-well, I think it's clear here, we don't use tunnels, socks, vpn hosting providers, consider if the ip belongs to the hoster, then it's in black.
3. Webrtc and DNS
There is a lot of information on preventing these leaks, I will not duplicate them 1000 times now. Just keep in mind that they need to be checked and fixed.
From yourself: do not use the DNS from Google, as your actions are logged.
4. Flash
Of course, we include it, because we have nothing to fear and we can pay for goods from our account.In general, turn on the flash – do not arouse suspicion.
With flash, you need to be extremely careful, downloading flashplayer on your computer (using an anti-detection or RDP) is the same as deliberately launching a Trojan into the system. Don't forget about your OS language and timezone.
I recommend checking for leaks via flash on browserleaks.com
5. Tab history and refer
Used by antifraud to detect recently visited sites.
Here everything is simple no whoer and other sites that cause pale yellow.
We walk around Google and Facebook, imitating Michael's behavior.
Refer-determines which site we came from, so we go from Google like all people.
6. Тab name
In short, using this parameter, antifraud sees all open tabs in your browser in real time.
7. Audio Fingerprint
https://audiofingerprint.openwpm.com/ - test
I checked on the main OS and on a virtual machine with anti-detection – the fingerprints are the same.I haven't tested it on Dedik yet, so check it on dedik and unsubscribe.
An audio fingerprint can really hurt you in 2 cases:
1) Deanonymization.Let's say that you go to the site of a software company and they take an audio fingerprint from you.Then, after a successful case, you turn off the virtual machine and go to youtube or Google ,even worse if in social networks and all these sites you also have an audio fingerprint.Deanonymization will roughly look like this: "20: 00 fingerprint 2a3b4c5e entered the user account under the ip 192.168.0.1, 20: 30 fingerprint 2a3b4c5e entered youtube under the ip 192.168.1.100 (The ip from which you came to youtube).
2) PP or other sites can use this fingerprint to see that you have already visited them.
Solution: watch the latest Vector webinar on substituting this parameter.
8. Uptime and Os fingerprint
Uptime is the time that your vpn, socks, or tunnel is online.
Agree that it is strange that Michael's computer has been working without rebooting for half a year.
Solution: go to the tunnel console and write reboot.
OS fingerprint-in simple language, each OS has different packages. That is, when you use a tunnel on top of Windows, it turns out that the packages you have are from Linux and the user is a Windows agent
Solution: use RDP or raise the openvpn server on the tunnel and add the mssfix 0 line to the server and client configuration. There is a simpler solution to this problem, but it is still at the testing stage.
Imagine a Michael from the United States who wants to pay for an iPhone. He goes to the shop, sees the payment via PP, opens the account and pays.Michael doesn't lie down with his self-esteem, doesn't go shopping for tea and other tripe, he goes in and pays.Michael does not need to gain the trust of the PP, read entire branches on such forums before buying something for himself. So how do we make ourselves look like Michael and not Bob in the eyes of an anti-fraud?
1. Ports
Imagine that you are an antifraud. Sit and watch the orders and here you want to buy a person who has opened 80, 443, 3389, 22 ports. Just by looking at these ports, it's already clear what this person is up to. After all, Michael would not pay with RDPs, tunnels, socks, proxies.
Solution: we use the RDP on which we configure the firewall or raise the firewall on the tunnel.
2. Two-way ping and belonging to a hosting provider
Two-way ping detects tunnels, VPNs, and socks based on the ping and time difference received in the loop.
Solution: before the tunnel, vpn, or socks, add TOR.
Belonging to a hosting provider-well, I think it's clear here, we don't use tunnels, socks, vpn hosting providers, consider if the ip belongs to the hoster, then it's in black.
3. Webrtc and DNS
There is a lot of information on preventing these leaks, I will not duplicate them 1000 times now. Just keep in mind that they need to be checked and fixed.
From yourself: do not use the DNS from Google, as your actions are logged.
4. Flash
Of course, we include it, because we have nothing to fear and we can pay for goods from our account.In general, turn on the flash – do not arouse suspicion.
With flash, you need to be extremely careful, downloading flashplayer on your computer (using an anti-detection or RDP) is the same as deliberately launching a Trojan into the system. Don't forget about your OS language and timezone.
I recommend checking for leaks via flash on browserleaks.com
5. Tab history and refer
Used by antifraud to detect recently visited sites.
Here everything is simple no whoer and other sites that cause pale yellow.
We walk around Google and Facebook, imitating Michael's behavior.
Refer-determines which site we came from, so we go from Google like all people.
6. Тab name
In short, using this parameter, antifraud sees all open tabs in your browser in real time.
7. Audio Fingerprint
https://audiofingerprint.openwpm.com/ - test
I checked on the main OS and on a virtual machine with anti-detection – the fingerprints are the same.I haven't tested it on Dedik yet, so check it on dedik and unsubscribe.
An audio fingerprint can really hurt you in 2 cases:
1) Deanonymization.Let's say that you go to the site of a software company and they take an audio fingerprint from you.Then, after a successful case, you turn off the virtual machine and go to youtube or Google ,even worse if in social networks and all these sites you also have an audio fingerprint.Deanonymization will roughly look like this: "20: 00 fingerprint 2a3b4c5e entered the user account under the ip 192.168.0.1, 20: 30 fingerprint 2a3b4c5e entered youtube under the ip 192.168.1.100 (The ip from which you came to youtube).
2) PP or other sites can use this fingerprint to see that you have already visited them.
Solution: watch the latest Vector webinar on substituting this parameter.
8. Uptime and Os fingerprint
Uptime is the time that your vpn, socks, or tunnel is online.
Agree that it is strange that Michael's computer has been working without rebooting for half a year.
Solution: go to the tunnel console and write reboot.
OS fingerprint-in simple language, each OS has different packages. That is, when you use a tunnel on top of Windows, it turns out that the packages you have are from Linux and the user is a Windows agent
Solution: use RDP or raise the openvpn server on the tunnel and add the mssfix 0 line to the server and client configuration. There is a simpler solution to this problem, but it is still at the testing stage.
