I have started to look around for a new product for use on a free webhosting provider, but as of now it doesn't look like thehostingtool supports fraud prevention services such as MaxMind. It is becoming more important than ever that we do everything we can to prevent fraudulent orders from being processed.

Obviously the cost involved in using these services is key. MaxMind's minFraud service costs $0.04 per query (order) so this can be used for hundreds of signups at a very low cost. This can be combined with telephone confirmation from MaxMind at a rate of $0.20 per call. A fully confirmed legitimate user from the USA can cost less than $0.25.

An alternative to the telephone confirmation from MaxMind is SMS confirmation through http://www.clickatell.com/ It would be very simple to have someone enter a mobile telephone number then have it confirmed after receiving an SMS message. GeoIP lookup through MaxMind will confirm the Name, Address, and Phone Number are all from the same geographic area while SMS confirmation confirms the phone number is valid. A fully confirmed legitimate user from the USA can cost less than $0.07.

The order process could work something like:

1) User signs up at a new post2host called legitimatefreehost.com
2) After posting 20, 40, 60, etc posts, user is granted access to the thehostingtool order form.
3) After entering all required information, user is checked against MaxMind's minFraud using all available data. If the fraud score is too high, based on settings the system can use SMS confirmation or telephone confirmation to allow the user to proceed with the signup process.
4) After SMS or telephone confirmation with a low enough MaxMind score, the order can be automatically created or flagged for manual review depending on settings.
5) If the fraud score is too high and SMS/telephone confirmation is successful, the order is flagged for manual review before creation.
6) If the fraud score is too high and SMS/telephone confirmation is failed or incomplete, the order is flagged as fraud and put into a special fraud category.


Obviously MaxMind isn't the only provider, there are others such as:

http://www.varilogix.com/
http://www.telesign.com/

Is there any ETA on support for fraud prevention via MaxMind and order confirmation via telephone/SMS?

Thank you in advance.

To be honest, since this THT is mostly something that is focused on free hosting providers, fraud prevention is not something that has been considered beyond basic admin validation and reCaptcha. This is an interesting concept, but I cannot see it being implemented until 2.0, if at all.

That is unfortunate. It seems very possible to build a sustainable free business model giving away webhosting utilizing post for host as payment. The problem is the anonymous nature of the internet invites abuse including DDoS, copyright infringement, and spam. Just consider Google's Gmail as the model of the future. New email signups require SMS confirmation. It is cost effective costing only pennies, instant to a mobile device, and most people have mobile phones even overseas where landlines are rare.

I hope this topic is reconsidered. There are numerous standard APIs available to provide users with their choice of SMS provider as well as public free APIs for each fraud prevention service. Perhaps thehostingtool pro?

(02-22-2011 03:04 AM)LinHost Wrote:  That is unfortunate. It seems very possible to build a sustainable free business model giving away webhosting utilizing post for host as payment. The problem is the anonymous nature of the internet invites abuse including DDoS, copyright infringement, and spam. Just consider Google's Gmail as the model of the future. New email signups require SMS confirmation. It is cost effective costing only pennies, instant to a mobile device, and most people have mobile phones even overseas where landlines are rare.

I hope this topic is reconsidered. There are numerous standard APIs available to provide users with their choice of SMS provider as well as public free APIs for each fraud prevention service. Perhaps thehostingtool pro?

Post2Host services can't survive for long even with advertising and overselling. I am one of the execs over at Tyreus and we've been one of the longest lasting Post2Host providers around. However, each year we loose more and more money. In order to preserve this type of business model, we're opening up other payment plans.

(02-22-2011 09:05 PM)Kevin Wrote:  Post2Host services can't survive for long even with advertising and overselling. I am one of the execs over at Tyreus and we've been one of the longest lasting Post2Host providers around. However, each year we loose more and more money. In order to preserve this type of business model, we're opening up other payment plans.

It is interesting to discuss this topic since most aren't involved at the owner or executive level of these providers. I have been privileged enough to be involved with the day to day operations of free webhosting providers for the last 10 years. The innovative nature of the industry is what attracted me to it in the first place, but it also makes an excellent testbed for security related research.

The costs associated with a free webhosting providers aren't considerably different from paid webhosting providers. Allowing for free labor/staff, the cost structure would be as follows:

Server: $145 per month per 600 - 1000 users (Core 2 Duo or better)
Forum: $195 one time (vBulletin)
Helpdesk: $299.95 one time (Kayako eSupport 3.x owned license)
Recurring helpdesk license support: $130 per year after first year
Domain names: 4 for a choice of subdomains at $12.00 each: $48 per year (Namecheap.com with WhoisGuard)
Fraud prevention: $14 per month allowing for 200 attempted signups.
SSL certificates for servers and website: $20

Total monthly cost (first year): $212
Total monthly cost (after first year): $171

Allowing for typical donation rates among a confirmed userbase (fraud prevention isn't an entirely new idea), the total first year monthly cost drops to: $172.00

Allowing for referrals to paid providers paid at a rate of $25 per signup via a confirmed userbase, the total first year monthly cost drops to $47

Alternatively directly sold advertising at a rate of $30 per month per text forum advertising spot, the total first year monthly cost drops to $85.

The costs are far from insurmountable for a Post2Host provider that focuses on marketing to people who are willing to pay for webhosting rather than the masses who aren't willing to confirm their identity.

(02-22-2011 10:46 PM)LinHost Wrote:  

(02-22-2011 09:05 PM)Kevin Wrote:  Post2Host services can't survive for long even with advertising and overselling. I am one of the execs over at Tyreus and we've been one of the longest lasting Post2Host providers around. However, each year we loose more and more money. In order to preserve this type of business model, we're opening up other payment plans.

It is interesting to discuss this topic since most aren't involved at the owner or executive level of these providers. I have been privileged enough to be involved with the day to day operations of free webhosting providers for the last 10 years. The innovative nature of the industry is what attracted me to it in the first place, but it also makes an excellent testbed for security related research.

The costs associated with a free webhosting providers aren't considerably different from paid webhosting providers. Allowing for free labor/staff, the cost structure would be as follows:

Server: $145 per month per 600 - 1000 users (Core 2 Duo or better)
Forum: $195 one time (vBulletin)
Helpdesk: $299.95 one time (Kayako eSupport 3.x owned license)
Recurring helpdesk license support: $130 per year after first year
Domain names: 4 for a choice of subdomains at $12.00 each: $48 per year (Namecheap.com with WhoisGuard)
Fraud prevention: $14 per month allowing for 200 attempted signups.
SSL certificates for servers and website: $20

Total monthly cost (first year): $212
Total monthly cost (after first year): $171

Allowing for typical donation rates among a confirmed userbase (fraud prevention isn't an entirely new idea), the total first year monthly cost drops to: $172.00

Allowing for referrals to paid providers paid at a rate of $25 per signup via a confirmed userbase, the total first year monthly cost drops to $47

Alternatively directly sold advertising at a rate of $30 per month per text forum advertising spot, the total first year monthly cost drops to $85.

The costs are far from insurmountable for a Post2Host provider that focuses on marketing to people who are willing to pay for webhosting rather than the masses who aren't willing to confirm their identity.

One of the main advantages of the Post2Host model has been the ability to get a website with a full control panel interface and many advanced features to little or no out-of-pocket costs for the client. The problem with most people running Post2Host providers is keeping the costs low enough so they can justify the lost time and money.

Lack of funds is pretty much the main reason I've seen Post2Host providers close down in the past couple years. It makes sense, their user-base isn't large enough to sell ads that people would pay standard rates for and most people aren't willing to donate anyway.

We at Tyreus are trying a joint Post2Host and Paid business model. Our Post2Host services advertise our more lucrative Paid services and our Paid services help financially support our Post2Host services.

I've been involved in several different post 2 host companies, and I can say that the method Kevin has mentioned is the only sustainable method I have found. People are not that interested/able to donating to a free hosting company, thus the selling of paid services must support the free host. 2 of the companies I have been involved with have been able to reach a sustainable income, and even generate a small amount of profit this way. However, expenditures of $200 a month for a free host is ludicrous. The Host that I am currently involved in has expenditures closer to $80 a month, which includes both VPS's and iPanel. Using free alternatives to paid products (Such as replacing MyBB for vBulletin and using Trellis Desk instead of Kayako are essentials for a post2host company that does not want to be overwhelmed by expenses.

I was revisiting the idea of user confirmation a few days ago and found a few viable options:

1) User confirmation via SMS (like Google and Facebook) using Email to SMS or http://www.zeepmobile.com/

http://funsms.net/email2sms.htm - Email to SMS list. Not every mobile provider supports this, but many do.

2) minFraud Basic from MaxMind

http://www.maxmind.com/app/ccfd_promo_free

You can use this to confirm up to 1000 signups for free each month. Screening out a lot of users with SMS/GeoIP confirmation would reduce the usage to well below the cap.

3) GeoIPCity.dat from MaxMind / http://ip-geo.appspot.com/ and other free Geo-IP Lookup Services.

Send a user to a special page when their IP and entered city/state/country do not match.

I agree. That would be a nice addition