It’s pretty obvious there is zero risk involved while carding or building profiles for higher valued targets blah blah. Regardless we should be following some safety measures in order to reach that zero risk possibility. Carding is hard work and not easy money. Methods are always changing and methods are getting burned quickly. Just like security we need to stay on top of on going trends in the communities we’re involved in or else we’ll have out dated and misinformation.
Not seeing a profit for a few months? second guessing your setup? or wasting money on shitty fullz?!? That’s for another time. You can expect future posts from me, /u/James_May and /u/enthusiast_of_lsd to help make sure your carding journey goes as smoothly as possible yet in a scam free zone. Feel free and don’t hesitate to ask us any questions or concerns you may have. As always feel free to add your input below. All criticism is welcome but please follow the rules and be ethical.
Now on some safety tips –
1. Change your MAC address.
Here are a few methods to changing or spoofing your MAC address. MAC addresses are hard coded into your NIC (Network interface card) and can only be spoofed in theory. To change it technically you’d have to switch your network card.
TMAC (Technitium MAC address changer) for Windows – technitium.com/tmac/
This is a GUI tool so it should be pretty easy to figure out.
macchanger for various Linux distros – github.com/alobbs/macchanger
open a terminal
ifconfig eth0 down
root macchanger -r eht0
If you run into any errors make sure your interface is down and run macchanger as root.
ifconfig eth0 up
You should have a spoofed MAC address. macchanger is a great tool and I would suggest checking out it’s other parameters.
2. Flushing DNS traces on your network.
Erasing any traces your ISP provider/DNS settings may leave is vital. It’s important to step away from your current ISP’s DNS settings.
For example – Google’s main DNS settings are 220.127.116.11, 18.104.22.168. You may want to change yours to something open-source like openNIC may provide. Check out prism-break.org for everything open-source which honestly wouldn’t hurt your setup and /d/OpSec utilizing any of those services for your carding. Get creative.
Changing your DNS settings is pretty easy on every OS so give it a “duckduckgo” search and you’ll be on your way. Now onto flushing your DNS cache.
On Windows –
ipconfig/release press “enter”
ipconfig/renew press “enter”
ipconfig/flushdns “enter again”
net stop dnscahce “enter one more time”
First make sure DNS caching is enabled. Not all Linux distros work the same nor have DNS caching enabled by default. If you’re running Ubuntu or Debian they’re probably running “systemd-resolve”
sudo systemd-resolve –flush-cache
sudo systemd-resolve –statistics
If not, follow below, So many options in Linux. Open up a terminal, konsole, xterm whatever and –
ps aux | grep dnsmasq
you will be able to see a field call “cache-size”. If this is set to 0, it means caching is disabled.
sudo /etc/init.d/dns-clean restart
sudo /etc/init.d/networking force-reload
If you’re using nscd, dnsmasq or bind for DNS caching or other various services –
sudo /etc/init.d/nscd restart
service nscd restart
service nscd reload
sudo /etc/init.d/dnsmasq restart
service dnsmasq restart
sudo /etc/init.d/named restart
sudo rndc restart
sudo rndc exec
sudo rndc flushname example.com
sudo rndc flush lan
sudo rndc flush wan
DNS caching works a little differently in Unix like OS’s. PS: If you’re carding on freeBSD or something hit me up!
DNS leakage – Some VPN’s worth noting if you plan on carding USA targets, ExpressVPN and IPVanish are great in tackling DNS leakage. Most do it but some do it better. Always check your VPN provider out thoroughly before purchasing.
3. Some tools worth mentioning –
CCleaner will erase all your cookies and navigation history and more. The free version will suffice but the pro version never hurt. You can find cracked versions as well but that leads into problems with the integrity of the cracked software over the non-cracked? Choice is yours. Something to think about when using different types and versions of software for your carding.
Bleachbit for Linux etc… Step away from carding on Windows or an RDP and give carding on Linux a shot. Bleachbit is just as good as CCleaner if not better. Besides it is free only.
4. Your VPN and SOCKS5 –
Some methods require only the use of a VPN, some others require the use of a VPN and your SOCKS5 but keep in mind that you must not use only your SOCKS5. Your anonymity and privacy could be compromised. Use a VPN or VPN plus your SOCKS5. Not SOCKS5 alone!
Free VPN’s and SOCKS5 are unsafe for a few reasons. They could be simply bad quality and all your personal identifiable information could be leaked easily or recorded by the provider. It is also risky to use a random VPN/SOCKS5 provider. Make sure to do your research beforehand like I previously said.
A good VPN provider located in Romania worth mentioning that is pretty under rated in my opinion is vpn.ac. Works great for carding EU or UK targets especially.
SOCKS5 are pretty easy to set up. Register an account, choose your plan, purchase your SOCKS5, use Firefox and replace the IP info in the SOCKS5 section via the Network Tab in Firefox’s preferences.
A good SOCKS5 provider I can recommend would be 911.re.
5. Using Bitcoin or Monero –
Using cryptocurrencies for transactions depending how it was obtained is without a doubt better unless you’re getting someone to go get prepaid visa/mastercards in cash for you. That still runs the risk of giving up your approximate location if LE ever runs down your rabbit hole.
When using Bitcoin not really monero because once you have monero you’re good. Obtaining your bitcoin for purchases there are various methods in obtaining bitcoin anonymously.
My favorite method right now is carding e-gift cards and exchanging them on paxful for bitcoin. Soon as you receive the bitcoin, exchange it for monero. Job done. This needs to be done quickly to achieve efficient results while carding.
Use CCleaner/Bleachbit before each login, Change your MAC address everyday and flush your DNS before each login as well.
Happy carding everyone and stay safe.