eBay

Doc_scribe
We had someone trying to access our server, rentlentlessly for about 6-days earlier this year and when we traced it back to the source it was one of eBay's servers in San Jose.

While we knew that it wasnt eBay trying to gain access to our server, it was someone that had gotten into eBay's system and was using it as one of their cloaks for what-ever they wanted to use it for, from spamming to obtaining secure information on members etc.

We immediately emailed eBay at PS Customer support and spoof@ebay and followed up several more times however we NEVER rec'd any response so we felt we were on our own to disway this guy from getting at us.

I have learned directly from eBay that none of my, perhaps 10 emails sent eBay from February through April were ever recd and there are others on this board who complained of the same problem when reporting things that seemed to fall on deaf ears.

Given what you have told us, it appears that part of eBay's system itself may have been hijacked from December through ...? a problem more serious than what you suspected from your incident.

When I consider that my emails to them were through the PS link on one of the preceeding pages before getting into this forum and your belief that the people got your userid and password by way of signing onto this forum, it seems very likely that the problem may in fact center around someone hacking into the eBay system and having some control over it for several months unknown to eBay.

I have spoken to an eBay rep on a couple of recent ocassions and was assured that their technical people were looking into the problems about my emails not reaching them by checking the links however I have not heard back and I suspect the reason may be to protect themselves from a massive loss of members, both buyers and sellers from lack of confidence should the truth be that outside people had control of their system.

I hope that isnt the case but given our experience and yours, it seems highly possible.

Malcolm

Isn't that the reason that eBay stopped using Billpoint, and bought out Paypal...because of problems with security in thier system? Supposedly, turning over the financial stuff to paypals more secure system was going to help solve it all(along with some security updates that they brought about at the time...though I dont know exactly what those were).

Jaqui

Jaqui, as long as you use the SSL link to login, your password will be protected by 128 bit encryption (virtually uncrackable). Once here though, you're on an 'open' page resident on one of eBay's unsecured servers, which means anyone with the beanie and brickles to hack in could easily access any or all of these pages. However remote that possibility, nevertheless, I still would not post any sensitive personal info (like my phone number, full name etc.) in these threads.

Actually, the 'leakiest' part of these boards is the login itself...because Canadian PowerSellers have two choices (unlike the Americans who appear to have only the one, fully secured). If you're logging in via the top left link you're secure; if you're logging in via the icon link beneath the U.S. board you will be unsecured. And although I'm not absolutely sure about this, I believe that this unsecured PowerSeller login is a static page (consistently same address) on eBay's server(s). So forgetting about the possibility of a more elaborate personal hack for a moment (presumably logging in unsecurely leaves an unencrypted 'cookie' on your hard drive), it would be very easy for even a 'lite' (read-only) hack of eBay's unsecure servers to identify the unsecured login file. To be on the safe side, always login via the left link, not the right.

Malcom, although I'm now rather paranoid about the security issue here, I'm not that paranoid...at least not yet. However, it may interest you to know that after one of the Security pros had analyzed my system and not discovered any keyloggers or trojan redirects, his first thought was that somehow the unsecured servers of eBay had been hacked, and that this was how the miscreants retrieved the unencrypted file of unsecured PowerSeller logins. We'll never know for sure because eBay would never admit this, but it's at least as plausible as a local system hack.

Let's put it this way...before any of this happened, I experenced no security 'events'--none whatsoever--whistle clean system(s) and 'Net-based work for years--and since I've begun rigorously avoiding unsecure logins throughout eBay's site and these boards, as well as jettisoning the toolbar...well...once again...nothing...nada...nyet.

Entirely circumstantial evidence, but I truly believe that if you watch out for the first 3 potential hazards mentioned in my previous post (Defualt unsecure, PowerSeller unsecure, and Toolbar), you will have nothing to fear* here.

* ...except of course, those random, mysterious, somewhat dopey policy and interface changes.

I have no idea what you are talking about concering the left link vrs the right link.

I log on via a bookmark that I placed on my desktop eons ago because I couldn't find the url link to the Canadian Powersellers board via any descriptive web page, etc.

Maybe you could post the url that you log in securely from for the benefit of others.

Thanks

Jeff

Jeff
To access the Power Seller Portal, you click the link at the top titled "Site Map". Under the main caption "SERVICES" you will see the sub title "Power Sellers" and that link will take you to the Power Seller Portal where you can access the discussion boards, Power Seller support phone number and links and other related topics.

Malcolm

http://cgi1.ebay.ca/aw-cgi/eBayISAPI.dll?PowerSellerSignin ...is the problematic page.

To the left is the secure "PowerSeller Discussion Board" link. To the right, underneath the "U.S. PowerSeller Discussion Boards" icon & link, there is a "Discuss With Canadian PowerSellers" icon & link, which directs you to an unsecure 'http' page, not a secure 'https' page.

Jeff, it took me a few tries to realize what was meant by the "left link" as well. When I don't access these pages via my desktop link (unsecure as it turns out), I just click on the PS logo by my name and then click on the Canadian button when I get to that page. I always assumed that the "Power Seller Discussion Board" button at the left would just refresh the page I was already on! Live & learn!

I had noticed that there was not "https://" when I signed in to the Canadian board and I was concerned about it. Thanks doc_scribe for the heads-up on how to sign in to this board securely!

Glenda

Yes, thank you doc_scribe for the heads up, as well as all the other info. I have always used that left login for this forum, but am now also using the SSL for my regular login as well.

take care,

Jaqui

Okay, I am still lost....

When I click on doc's url above the only thing I see to the left is a register button.

Jeff

Jeff, I think the link doc_scibe put before was the insecure one.

Try this link...from this page about 2/3 up the screen on the left it says

"Looking to find out more about our PowerSellers Program? Click on any of these links.

PowerSeller Discussion Board"

Here is the link:

http://cgi1.ebay.ca/aw-cgi/eBayISAPI.dll?PowerSellerSignin&pass=9szpAvIu/3b5w4TRtaAqr1&userid=gem-n-i-gemstonz

I believe that is the secure link he is referring to(unless I am also mistaken).

Jaqui

Sorry for any confusion in my previous link, that was the URL showing when I got to that page. This *should* be the link to the actual questionable login page:

http://servlet.ebay.ca/ForumLoginPage?from-page=http%3A%2F%2Fforums.ebay.ca%2Fentry.jsp%3Fredirect%3D%252Fforum.jsp%253Fforum%253D44

If you logging in via that screen, you're not doing so securely. Check the Note: "By signing in, you'll get a temporary "cookie" which will remember your User ID while your browser is open. If you close your browser, then the cookie will expire." That alone gives it away...cookies are text-based files saved on your hard drive and not encrypted.

When I clicked on the SSL sign in, it appears to be a secure sign in then quickly changes back to an unsecure connection.

Jeff

This is normal Jeff. The SSL is used only for the secure transfer of your ID and password to eBay. Once that data has been received and processed securely, your browser is then re-directed to a regular http page on an unsecured server, just like this one. Which is why I said earlier that I am not comfortable posting any sensitive personal info here...although logging into these boards is secured, the content of the actual board pages is not*.

BTW, this appears to be true for My eBay as well. Even after logging in securely, you still end up on an unsecured webpage.

* From a routine practical standpoint, no big deal, although theoretically anyone logged into eBay given the URL for this page could read it whether or not they are actually a PowerSeller. I have never tested this, so there may be some other stop mechanism in place that I am unaware of, but given the ease with which we post links to other areas of this site, including boards across *.com, *.ca, and *.uk etc., I rather doubt it.