DISQUS

ColderICE eCommerce Blog: eBay’s Daily Deal is Now A Malware Victim from the Auctiva Trojan

  • James · 10 months ago
    For those of you who may be interested there is an option to ebay. Since Thousands of sellers have left eBay for for a better solution there is www.bonanzle.com Growing at an incredible pace. Nearly 33,000 members Strong and 1.4 million listings now and growing by leaps and Bounds every day. They offer Live Chat, No Listing Fee’s, Free Store or Both and a FVF so small you can barely see it. Plus you do not even have to be a Member to buy there. You will be signed in as a Guest and you can Complete you Purchase using Google Checkout, Money Orders or if you need to the eBay owned Paypal. You will have more choices than eBay has ever or ever will offer their buyers. Drop by say say Hello. Pull up a chair and stay. You will be Welcomed from the first time you are there.
  • James · 10 months ago
    While you are at Bonanzle stop in and say hello to me.

    http://www.bonanzle.com/booths/HereUntilSold
  • colderice · 10 months ago
    Never miss an opportunity for a shamless self promotion, LMAO
  • James · 10 months ago
    Well Shameless as it is eBay has more Problems than just Auctiva now. Plus with the upcoming changes they have coming promoting a sure thing seems good. By the way Thanks for not deleting the comments. You to are welcome to stop by. We do not take names or even email addresses for that matter.
  • colderice · 10 months ago
    Delete it? Heck no...I am an evangelist of self promotion...Thank you for the invite. Long as it is NOT spammy, they are welcome.
  • James · 10 months ago
    You Sir without a Doubt are Top Notch. Consider me a Member now and forgive the Picture. it's the most recent one I have. I have my ears cropped now and had a Jaw lift.
  • tree411 · 10 months ago
    Hello colderice..Please see your e-mails. I have sent over some e-mails from Feb. 8th. when I first noticed and reported issues. It just seems to me that this may be the same thing from as long if not longer from when I first started to get warning when viewing imported eBay listings, as well as the warnings on the eBay site.
  • Dave · 10 months ago
    Hey John,

    I get the error with Chrome, but not with IE 7. Enjoy your blog. Thanks!

    Dave
  • Lisa · 10 months ago
    Hey James,

    Bonanzle is affected too. I just found your forums. All those Ebay uploads you have been promoting has affected Bonanzle as well.
  • Bill · 10 months ago
    To be clear regarding Lisa's comments, Bonanzle is NOT affected in the sense that any malware has been detected in any of our listings, forums, or anywhere else on site. However, if one were to leave our site and visit Auctiva (for instance, by clicking on an Auctiva image), then (depending on their browser) they would get the Auctiva malware warning.

    I may have more sympathy for Auctiva than most, since I know how extremely difficult it can be to keep a site free of the thousands of different security threats out on the web. And in the case of Auctiva, chances are they didn't even *know* they had been compromised until they Googled their name one day and saw the Google message. And now they've got a regular bruhaha on their hands. Sucks to be them.

    From my experience, there are two main attack vectors that get exploited to cause 95% of these types of break-ins. The first is leaving one's site vulnerable to XSS attacks (http://en.wikipedia.org/wiki/Cross-site_scripting) by having insufficient filtering of potentially malicious Javascript in item listings. If I were to guess, I would imagine that was what bit Auctiva. eBay's HTML filter is extremely permissive, since they've had the resources to tweak it for years to ensure that it allows every possible good HTML element through an no bad ones. Bonanzle's HTML filter is very strict, which means we often get annoyed sellers telling us that HTML elements imported from eBay don't work at Bonanzle, but it's the price we pay to ensure that we are as immune as possible to a potential XSS attack.

    The other vector of attack is running one's server on Windows with ASP, where the systems are much more complex, and thus have historically had a greater number of vulnerabilities. Bonanzle runs on Linux with open source software that is simple and transparent, so very unlikely to be vulnerable to a direct attack on the system.

    I hope that Google gets a chance to verify Auctiva's fix soon -- it's a really rotten position they've been put in.