TigerTom's Fraud Filter Perl Script. Version: 1.1, Sept. 2002. http://www.tigertom.com/perl-script.shtml ##################### IMPORTANT ############################ ## TigerTom scripts need a file named 'tigertom_lib.cgi' ## ## to work. If it is not present in this distribution, ## ## email tom@tigertom.com to get it. ## ############################################################ An anti-fraud and data-saving program. Bars many free web-based email providers. Bars popular anonymous proxy services. The package 'bookends' an order placed via a third-party credit-card processor, or your own shopping cart. Ideal for use with services like Revecom, Clickbank, Kagi or Paypal. Saves more customer data. Saves to a flat-file database for easy import. Emails you the raw database entry. Can pass form data to other scripts of yours. Works with any web-based credit card processor. ---------- Version 1.1 Free web-based email addresses are barred more thoroughly, and faster. The script checks the index page of the email address provider, to see if it's a freebie email provider. ---------- Version 1.0 This Perl script package 'bookends' an order placed via a third-party credit-card processor. You can: 1. Save customer data to *your own* flat-file database. 2. Have that information emailed to you. 3. Cut fraud by... 3a. Barring many free web-based email addresses. 3b. Barring some popular anonymous proxy services. 3c. Barring surfers using fake IP's SETUP: ------- Create two directories: One called 'fraud_filter' in your cgi-bin One called 'fraud_filter' in your web-facing directory. ------ Open: 'fraud_filter_config.cgi' in a text editor. Define all the the variables required therein. Open: 'fraud_filter_ante.cgi' 'fraud_filter_post.cgi' in a text editor. On the first line of each, define the path to Perl on your web server. Specify the absolute path to the the required files 'fraud_filter_config.cgi' and 'tigertom_lib.cgi'. ------- Open: 'header.html' 'footer.html' in a text editor. Change these header and footer files to suit your site. -- Open: 'fraud_filter.html' in a text editor. Change the URL of 'fraud_filter_ante.cgi' script in the form call, to that of your site. Change the form layout to suit your needs. TIP: Only ask for the MINIMUM data you need. The customer won't be happy entering a load of data twice. Change the value of the hidden form field 'insecure_save_form_fields' to whatever form values you want to save and have emailed to you. ====== Open: '.htaccess' in a text editor. This file bans various countries from accessing your site. Check there isn't one which is important to you there. ========== Upload: 'fraud_filter_ante.cgi' 'fraud_filter_post.cgi' 'fraud_filter_config.cgi' 'tigertom_lib.cgi' to your cgi-bin directory. CHMOD them to 755. --------- Upload: 'fraud_filter_ante.dat' 'fraud_filter_post.dat' to your cgi-bin directory. CHMOD them to 666 --- Upload: 'free_email_providers.dat' to your cgi-bin directory. Leave as-is. --- Upload: 'fraud_filter.html' 'header.html' 'footer.html' '.htaccess' to your web facing directory. ------------ How it works: The surfer completes and sends the form in 'fraud_filter.html'. This form posts to 'fraud_filter_ante.cgi'. 'fraud_filter_ante.cgi' checks for anonymous proxies, bad IP's and free email addresses ('free_email_providers.dat'). It then saves the data to 'fraud_filter_ante.dat'. It can post the form information entered to another script, or just re-direct to another web page (your shopping cart or order page). The order completed, your shopping cart or order page redirects the customer's browser to 'fraud_filter_post.cgi'. 'fraud_filter_post.cgi' checks if 'fraud_filter_ante.dat' has an entry for the current browser and IP number. If it has, it saves that entry to 'fraud_filter_post.dat' and emails the raw database entry to the webmaster. It can then send any data sent to it to *another* cgi-script, or just redirect the surfer to the web page of your choice. WARNING: This script should not be used to confirm that an order is valid. Confirmation should come from your credit-card processor. If an order looks suspect, refund it immediately. Trust me, it'll save you a lot of aggravation. You should also telephone the customer if the order has a 'high ticket value'. ------ T. O' Donnell, London, August 2002.