EBay Complaint / Comments / Review And Your Experience Regarding eBay Online Market
0
February 05, 2012, 08:45:24 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: SMF - Just Installed!
 
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: eBay invites a self-generated DDoS  (Read 123 times)
fuel
Sr. Member
******

How Useful? +123/-66
Offline Offline

Posts: 409


Shiraz Wine


WWW
« on: May 25, 2008, 07:10:32 PM »
eBay invites a self-generated DDoS
By Anonymous Coward
Posted Wednesday 6th June 2007 17:45 GMT
By permitting active content in auction listings, eBay has made it childishly simple to post the javascript that would cause a distributed denial of service attack *on* *eBay's* *own* *servers*.

Obviously I won't post the code, but the script would install a browser helper object that silently and invisibly opened a browser window (MSIE for example) on eBay's own search engine, and then generated a search for a random string every few seconds.

Removing the auction would not stop the BHOs that had already been installed on unsuspecting eBayers' computers, and therefor would not stop the DDoS. And since eBay refuses to restrict active content, the malicious coder(s) could open lots more such "auctions" and infect many thousands more computers. Only by blocking the source IPs of the infected computers - and thus blocking their own customers from accessing eBay - could the DDoS be mitigated somewhat.

Frankly, I'm surprised it hasn't already been done.
Report to moderator   Logged
Best free stuff on net - free stuff online
Chek the lataest info - London Free Zone
Do you like red wine - Best Wine Ever
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Theme by m3talc0re. Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC MySQL | PHP | XHTML | CSS
Back To Top