Question
Feedback' Forgers Suspended by EBay
Advertisement
By Brian Krebs
washingtonpost.com Staff Writer
Friday, January 23, 2004; 6:25 PM
Online auction giant eBay said today it has suspended several sellers for uploading special programs to the eBay Web site that allowed them to remove negative "feedback" left by previous customers.
Ebay spokesman Hani Durzy said the recent activity was limited to a "handful" of accounts. He said the company religiously scans all of its auction listings to ensure that sellers and buyers are not violating auction rules.
"We are aware of this trick and proactively look for malicious scripts in all of our listings," he said.
According to eBay, the fraudulent sellers forged their feedback profiles using Javascript, a Web programming language designed to work well with nearly all operating systems and Internet browsers.
On eBay, like most other auction sites, sellers create Web pages for each product they are putting up for sale. The pages must include such basic information as the auction deadline, product description and last bid. But many sellers dress up the pages with photos and other add-ons. For example, Marsha Collier, an avid ebay seller and author of "Ebay for Dummies," said she uses Javascript to better track which sites are referring potential buyers to her auctions and to prevent visitors from downloading content or product photos from her auction pages.
By uploading a specifically crafted script inside the Web page describing the product for sale, eBay said the fraudulent sellers were able to replace negative feedback with more glowing reviews.
Trust is everything in the multi-billion dollar market of online auctions. Buyers can't investigate a product up close, and sellers have no idea if an auction winner will pay for the goods quickly.
Trust is established through "feedback" -- reviews submitted by buyers and sellers alike about the quality of purchased products, the time it took for payments to be processed and for goods to arrive in the mail. Many eBay users simply refuse to do business with users who have accrued a certain amount of negative feedback.
With "feedback" playing such a central role in the auction world, it's no surprise to learn that eBay took action against the fraudulent listings, said Kevin Wray, vice president of marketing for Vendio, which changed its name last year from AuctionWatch.com.
"In addition to a powerful search engine that links up buyers and sellers, feedback is one of the two main pillars of eBay's business," Wray said. "For that to be in any kind of jeopardy at all is a threat to their business."
Ebay officials would not go into any more details about how the perpetrators managed to pull off their scam or how many listings or accounts were involved.
Neel Mehta, a research engineer with Atlanta based Internet Security Systems, said the culprits may have taken advantage of a previously unknown bug in Javascript.
"Web scripting languages are extremely complex and can generate unexpected results when used maliciously," Mehta said. "New bugs are discovered in Web scripting languages on a weekly basis."
Ebay's Durzy said the company is working on a technical fix to ensure the problem does not arise in the future. One way to do that would be to institute stronger restrictions that automatically prevent users from uploading auction pages that appear to contain the Javascript in question, Durzy said.
He added that Ebay allows sellers to use scripting in their listings largely because the auction community has demanded it.
The disclosure comes at a time when Ebay and other major Internet companies are battling a wave of online fraud schemes. On Thursday, the Federal Trade Commission said its received more complaints about Internet auction fraud than any other online scam. Internet auctions accounted for 48 percent of all Internet fraud complaints filed with the commission last year, the FTC said.
Source
Answer
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> For example, Marsha Collier, an avid ebay seller and author of "Ebay for Dummies," said she uses Javascript to better track which sites are referring potential buyers to her auctions <HR></BLOCKQUOTE>
I thought this wasn't allowed either? Or am I behind the times?
Version 1.0 Version 2.0
here Cavalry
Silence is frequently misinterpreted, but it is never miss quoted.
Answer
I'm with you, Shari. Last I heard it was against the rules to include JavaScript in a listing.
_________________________________
My Auction Gallery ~ My art ~ My music at SoundClick
It is the mark of an educated mind to entertain a thought without accepting it. Aristotle
Answer
I know they changed some of it and thought they said no no to javascript. But every so often you hit a page on ebay that just takes over!
Answer
It is not allowed, but Marcia's book is sort of old and was possibly published before Ebay had an official "rule" about this.
Answer
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> He said the company religiously scans all of its auction listings to ensure that sellers and buyers are not violating auction rules.
<HR></BLOCKQUOTE>
Huh?
Answer
I recall when it came to light about 4 years ago that dishonest sellers were using javascript in their auction descriptions to harvest eBay passwords from anyone who was unfortunate enough to bid on their auctions. In those days, the bidder had to key in their user name and password right on the auction description page in order to bid.
eBay initially shrugged the problem off and rather implied on the eBay boards (if I recall right) that there was nothing they could do and it wasn't their problem. I remember being surprised that eBay couldn't (or wouldn't) write some sort of program to search for malacious javascript.
Anyway, eBay did eventually figure out a solution - taking the password field off the auction description page and adding an additional step to the bidding process by placing the password field on a separate page. I think that was probably around the time that eBay outlawed javascript.
Answer
I can't wait for the best-selling book, "The History of eBay", by Irene.
Bill
Answer
Ooops, correction, eBay only started to outlaw certain types of javascript in May 2001.