Bidding & Buying
cancel
Showing results for 
Search instead for 
Did you mean: 
Bookmark Share Post
Highlighted

Redirection on eBay.

Redirection on eBay.

When I try to open and view listing 172437353234 I get redirected.

1,063 Views
Message 1 of 22
21 REPLIES

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 21, 2017 9:13:09 PM
Rockstar

If you mean to a login page with a very funny URL, I see what you mean.  Obviously you do NOT want to try to login there.

1,039 Views
Message 2 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 22, 2017 8:51:59 AM
Last Edited 08:56:40 AM

Just tried to post following reply to:
http://community.ebay.co.uk/…/Please-someone-f…/td-p/5186224
Yep you guessed it, it lasted for about 5 seconds.
----------------------------------------------------------
No one is stealing any accounts from anyone, eBay members are “giving” their User IDs and Passwords to cyber criminals and they are collecting them leisurely one after another with eBay facilitating it.

An example of this is actually active on the site right now and it has been left by eBay since 13/12/2016 and there are still 100s of listings on that account that are redirecting.

http://www.ebay.com/…/COXO-Dental-Optic-Fiber-…/172437353234

And the answer why is here:

https://news.netcraft.com/…/ebay-scripting-flaws-being-acti…
“eBay previously explained that allowing active content in legitimate listings is worth the security risk, as the benefits outweigh the likelihood of being attacked.”

and also

http://www.bbc.co.uk/news/technology-29241563

So if 100s of people in UK are loosing 1000s of £s because of eBay, eBay is not (as they see it) loosing £0.01 and that is all it cares about.

Btw eBay does not have a “new look”, just old habits.

1,019 Views
Message 3 of 22
Ebay Fake Signin.JPG

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 22, 2017 5:24:11 PM
Rockstar

@j-a-c-o-b-u-s-t-e-r-o

Thank you for bringing up that issue.  I have found that hundreds of that seller's listings have been compromised, and generally, this sort of problem is the work of a hacker who has gained access to the pages of an innocent seller. I will report them in bulk to eBay. When eBay's ban on Active Content goes into effect next summer, this sort of account hijacking with malicious intent will no longer be possible.

 


997 Views
Message 4 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 23, 2017 1:04:38 AM
Last Edited 01:08:58 AM

@shipscript

 

Hi shipscript,

 

Thanks you very much for your reply, much appreciated.

 

I have couple of questions if I may as I’m not an expert in these matters.

Bearing in mind that there are currently 3418 listings on that account, 2,448 active and 970 completed, and even listings on feedback page are redirecting is there a way of determining which are the listings affected with malicious redirection code?

 

I know roughly which ones they are as this account was attacked around 13/12/2016

 

http://community.ebay.com/t5/My-Account/Please-help-me-about-my-account/qaq-p/26333449

 

and it seems every listing active, ended and on feedback page on this account prior to that date is affected with redirection code.

 

In fact eBay have worked on this account around that time as there were over 100 fraud listings on it placed by cyber criminals which were removed, but somehow the phising redirection was left untouched.

 

How would you report it to eBay in bulk? The web form allows you to select only 1 item number at a time.

 

I hope you meant eBay's ban on Active Content goes into effect in summer 2017 not summer 2018 as by then I would not even like to imagine how many accounts will be compromised in this way.

 

Is there any information published about eBay's ban on Active Content?

 

Thanks.

978 Views
Message 5 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 23, 2017 1:16:18 AM

@shipscript

Sorry typo *Thank you

973 Views
Message 6 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 23, 2017 10:13:27 AM
Rockstar

j-a-c-o-b-u-s-t-e-r-o wrote:
is there a way of determining which are the listings affected with malicious redirection code?

 

I know roughly which ones they are as this account was attacked around 13/12/2016

@j-a-c-o-b-u-s-t-e-r-o

I was able to detect all of the active listings that contained the questionable script via this scanner, which was set to search for a line from the malicous script using the custom filter on the tool.

http://www.isdntek.com/ebaytools/ActiveContentScanner.htm

 

But first, I had to locate the script by viewing source, which I was able to do in this tool:

http://www.isdntek.com/ebaytools/ActiveContentSandbox.htm

Because the above sandbox tool both exposes the source code and marks scripts, it was easy to locate the marked script at the bottom of the source code.

 

With the script located, which is so mildly obfuscated that one can almost see that it is the problem, I selected a unique line from the script that partially identifies the hacker's account on their website (user546).

var gx = "u"+"s"+"e"+"r"+"5"+"4"+"6";

 

In fact eBay have worked on this account around that time as there were over 100 fraud listings on it placed by cyber criminals which were removed, but somehow the phising redirection was left untouched.

 

How would you report it to eBay in bulk? The web form allows you to select only 1 item number at a time.


I found 1305 contaminated listings. To report those in bulk, I telephoned eBay Trust & Safety through their site help menu, waiting until late evening when the phone queue had diminished (I seem to do this about once or twice a month, so I've almost worked out a routine dialog). I gave them the seller account name and explained precisely the problem, which they were unable to duplicate due to security settings on their internal systems. However, they accepted the instructions about where to find the script in the code and how it redirects to the popup login screen. They send that info over to another team, which may take a couple of days to review and act. Specifically, they want to examine all the circumstances surrounding the case in order to mop up other issues, like affected buyers.

 

Is there any information published about eBay's ban on Active Content?

The information on our US site for Active Content is here, and I believe the UK would have identical info:

http://pages.ebay.com/sellerinformation/news/fallupdate16/active-content.html

http://pages.ebay.com/sell/itemdescription/bestpractices.html

 

The mechanism that eBay will use to turn off Active Content is an industry standard "sandbox" attribute that will be added to seller description pages. This industry-designed security measure is built into all modern browsers, and those browsers will block the functionality of specific page elements, like scripts, when they are framed within a page. Since eBay frames a seller description within its own page, it will be simple for eBay turn on "sandbox" interference by adding that single word "sandbox" to seller frames as the page loads.

 

However, because the "sandbox" blocks more than eBay wants blocked, like videos and links to other eBay pages that sellers may want in their descriptions, eBay is trying to find some workarounds that will allow some  functionality to remain.

 

The Active Content scanners at the top of my post are designed to help sellers locate and remove or replace their Active Content in time for the ban coming June 2017 to both the US and the UK. But, they have also been expanded a wee bit to include custom scanning to help members in situations like this.

 

 


936 Views
Message 7 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 23, 2017 10:52:12 AM

@shipscript

 

You are beautiful,

thank you for all this,

I’ll try to get round all this

& try to understand what it all means.

 

All the best,

Thanks.

928 Views
Message 8 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 24, 2017 12:15:39 AM

which they were unable to duplicate due to security settings on their internal systems.

@shipscript

 

That is precisely what I have come across too, in case of UK you will only get connected to farmed out call centre in Philippines and they use their internal tools meanwhile every eBay member uses one tool, an internet browser, so how on earth is anyone supposed to report anything they have observed/detected if eBay Customer Support chooses not to see it.

 

Even if you ask them to use a browser most of them do not even know their way round eBay website to quickly determine details on an account someone is trying to report. They just take numbers without even knowing and understanding why and probably sending all to Listing Practices who has nothing to do with ATOs and related issues.     

 

To dictate them 1305 listing numbers over the phone how long would this conversation last? This is all because the Account Security who understand these issues and where “mopping up” is undertaken, it has been decided, is not contactable by anyone by any means.

897 Views
Message 9 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 24, 2017 10:07:41 AM
Rockstar

@j-a-c-o-b-u-s-t-e-r-o

 

I seem have more faith in the T&S team than you do. In all the times I have phoned eBay's Trust & Safety, the reps may have had different levels of understanding, but they have always been helpful and I was satisfied with each session. In many cases I had to short-circuit their script to prove my identity because they expected the call to be about me, when all my calls were about others. But this is to be expected because I use the "my account has been hacked" phone number. 

 

As you suggest, those who can see listing practice violations, like fraudulent listings for 20 new iPhones at $95 each, are off the phone quickly and the listings come down within the hour.

 

The type of case we are describing here is harder to report. I've reported several of this type, and what I have found is that not all eBay members see the problem because of their security settings, thus, it is reasonable to expect T&S staff will not see the problem due to their security settings. The rep tried two different browsers and confirmed she was viewing externally and not internally, but still saw nothing. That did not deter her from reporting the issue, as she acknowledged security might be blocking the malicious page.

 

I did not report all 1305 listings to the rep. I simply gave the seller name and told her 1305 listings contained the script (to provide a sense of urgency), gave a few example items, explained how the script worked, that it was probably inserted by a hacker, and that it was the last bit of code in the description.  It appears that eBay has started addressing the problem already.

 


872 Views
Message 10 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 25, 2017 1:23:34 AM

@shipscript

 

Thank you for taking time to reply.

Excuse my ignorance in these matters again but there’s one thing that continues to puzzle me.

 

I get it that every 1305 listing contains the script and I have witnessed several of these incidents in 2016.

 

It always follows the same pattern: high volume seller, business account, 1000s+ feedback score & 1000+ active account owners’ BIN listings, regardless of nature of items seller is trading in, there were in the past fishing equipment, sweets products, pet grooming items and dental equipment.

 

One day such “chosen” account receives in bulk around 100+ fraudulent auction listings of highly attractive and expensive items starting at £0.99 with instruction in descriptions that the item is available to buy today at highly reduced price, compared to current market value, if you contact the email address provided.  

 

Not every time it happens redirection is used, after all the hacker’s main business it to steal money apart from harvesting User IDs and passwords but when it is deployed it turns out that the entire account and everything on it is affected, the 100+ auction listings fraudsters placed, all 1000+ of account owner’s active BIN listings, all completed listing and listings on feedback page.

 

It would appear that there quite possibly may be a way of automating this process, I mean I would not think that a hacker would be inserting a code in 1000+ listings manually, and if fact why on earth and for what purpose would they also spend time contaminating completed listings and those that appear on feedback page.

 

Hard to believe but I spoke to one of those guys once, I do remember it well as it was Easter Sunday last year. In the morning their listings popped up on someone’s account, I discovered that redirection was in use so I stopped page during loading to check the info. On this occasion they left a mobile number in the listings, so I decided to have a chat. It was a UK mobile number but when I rung it ringing tone was international and someone picked it up.

 

After few un-pleasantries he replied in more of less following words:

“Look I have stopped the redirection now but if you would like to bother me further I will restart it again.”

 

I checked and indeed it was true, all fraudulent listings were still there but the whole redirection stopped.

 

Anyway last we heard any news about these guys it was more about a drop in the ocean.

http://www.standard.co.uk/news/crime/lucy-gang-of-ebay-scammers-jailed-for-fraud-on-an-industrial-sc...

856 Views
Message 11 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 25, 2017 1:30:28 AM
*more or less
853 Views
Message 12 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 25, 2017 12:14:54 PM
Rockstar

@j-a-c-o-b-u-s-t-e-r-o

 

eBay has a Trading API that allows sellers to modify their listings in bulk. One only needs some programming skills or access to programming services to use the API. Once an account password is compromised, it is quite easy to add content in bulk through the API. It is harder to remove content in bulk.

 

It is highly unlikely ended listings were modified because even the API can't reach those. Most likely, the listing was already infected. However, if a listing has multiple quantity, then the ended listing might point back to the infected live listing.

 

Because the script in the listing pulls in a remote script, the hacker can have the remote script do anything they want. They can make the script redirect or they can make the page load or replace other content in the listing. Once the hacker remotely controls the listing, the options are endless.  This is why eBay has never allowed remote scripts, but sellers and designers use them anyway. The ban on Active Content will eliminate remote scripts.

 


826 Views
Message 13 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 25, 2017 1:04:02 PM

Thank you again, it certainly makes things a lot clearer.

As if by coincidence they came back today and placed 191 of their listings on http://www.ebay.co.uk/sch/alphonse0908/m.html?LH_Complete=1

on this occasion there was no redirection and account owner spotted it relatively quickly and ended every one which I think ought to require further mopping up.

822 Views
Message 14 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 26, 2017 12:57:22 AM

shipscript wrote:

@j-a-c-o-b-u-s-t-e-r-o

 

it is quite easy to add content in bulk through the API. It is harder to remove content in bulk.


@shipscript

 

It would appear so, on 23/1 there were 2,448 active and 970 completed listings on that account, today there are 1,182 active and 735 completed.

One might consider it lucky they have any listings left.

805 Views
Message 15 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 26, 2017 9:59:56 AM
Rockstar

 @j-a-c-o-b-u-s-t-e-r-o

 

j-a-c-o-b-u-s-t-e-r-o wrote:
As if by coincidence they came back today and placed 191 of their listings on http://www.ebay.co.uk/sch/alphonse0908/m.html?LH_Complete=1

on this occasion there was no redirection and account owner spotted it relatively quickly and ended every one which I think ought to require further mopping up.

I don't see any ended listings. Are they still visible for you? Perhaps the owner reported to T&S.

 


j-a-c-o-b-u-s-t-e-r-o wrote:

shipscript wrote:

it is quite easy to add content in bulk through the API. It is harder to remove content in bulk.


It would appear so, on 23/1 there were 2,448 active and 970 completed listings on that account, today there are 1,182 active and 735 completed. One might consider it lucky they have any listings left.


 

It is sad that a seller has to lose 1300 listings that way. I had even asked T&S whether they could filter and purge, but no reponse. It will take the seller a long time to reconstruct all those listings, and there was nothing in their code that indicated they were using a listing service.

 

I could have worked with that seller to help them purge the code, but my tools are not yet up to performing the task automatically. I have perhaps another month of work to get the purge-and-replace tool fully automated. Smiley Sad

  


776 Views
Message 16 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 26, 2017 11:13:16 AM
Last Edited 11:16:50 AM

@@shipscript

 


I don't see any ended listings. Are they still visible for you? Perhaps the owner reported to T&S.

That account has been cleared now, firstly the account owner ended all 191 listings placed by the hacker and later eBay AS have removed them.

It was reported separately as most sellers who opt to remove these fraud listings manually, even if it may take couple of hours and eBay can do it in a minute, usually do not bother contacting eBay CS.

 

One might argue justifiably so as eBay CS will not remove them for the seller, they are instructed to make a report about it. Thus the seller acting themselves minimizes time expose to multiple active fraud listings on site otherwise eBay CS would male acknowledgement of the situation and leave it putting eBay members in danger of being defrauded.

 


It is sad that a seller has to lose 1300 listings that way.

I was under impression, probably incorrectly, that eBay were meant to fix the

listings on seller’s account, who is after all 'High Volume Seller' and brings

eBay substantial income, not remove them.

 

However I have observed this being done frequently and I have witnessed last year a Business Seller’s account entirely wiped off therefore their business and livelihood wiped off in a day.

 

I have just checked that account and there has been no trading on in since, the seller has been on eBay since 2001 and has a feedback of 15000+.            

770 Views
Message 17 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 26, 2017 11:22:30 AM

Typo.

*would make acknowledgement

765 Views
Message 18 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 26, 2017 11:06:06 PM

@shipscript

 

Because majority of accounts this type of attack of being flooded with 100+ fraud listings happens to are ‘Business Seller’ accounts in UK there is usually contact information in listings (if hacker has not also altered it) I have spoken to many  such sellers to worn them they have been compromised and that they have 100+ fraud listings placed, and many have confirmed the same thing that they have called eBay CS and afterwards waited and waited and waited and eventually resorted to ending every listing themselves.

 

Thus the conclusion is that an account owner can actually speak to eBay CS, they can confirm they are speaking to rightful account owner, acknowledge the situation and yet still are instructed not to take immediate action therefore knowingly and willingly prolonging exposure time to scam listings hosted on the site for all other eBay members.

 

The consensus is that they are so ill-trained they will either remove too little or too much.  

 

In US it may be different but in UK this is what happens.

741 Views
Message 19 of 22

Re: Redirection on eBay.

Re: Redirection on eBay.

in reply to Jan 27, 2017 12:56:11 AM

Sorry typo.   

*warn them

729 Views
Message 20 of 22