|
|
|
FYI someone on the official forums just confirmed that the account doesn't even have to pay for the ad the first time. She created a L$9,999,999 classified using an account with only L$50. Screenshot:
INTRESTING PIC wildfire! can you post or IM me the Link to the Forum that this pic was taken from?
Thanx CG Added parenthetical in summary to clarify the issue and get Linden attention; I highly recommend you rephrase the summary to more accurately reflect the problem. While it will adversely impact Linden Lab's profits if classifieds aren't paid for, the position listing of classifieds are based on the amount paid, and those who actually pay for their classified are being CHEATED by those who are (or will) use this exploit.
I think I'm making all cheap classifieds now. What's the point. This will get fixed maybe in two years...
cheergirl, do you want this to be found by people in search or dont you? You need to write it better if you want it to be seen.
Classifieds still appear in search despite insufficient lindens to cover fee - should remain the title, if you want to get votes. changes it again, and will continue to
 Maybe we need to open another JIRA on the real issue of classifieds been added and renewed with insufficient Lindens, since the OP seems more concerned about the economical impact (though there is no proof this has any).
I just cancelled all but a 50 linden ad in protest of this bug.
The economic impact is important, but it is more that the system can be cheated. Classified ads do have impact on an individual business. Businesses with higher cost ads filter to the top of the search results which one can expect receive more tps which likely leads to more business. It also instills a sense of confidence in the buyer about the business. If someone runs a 500,000L ad, then one presumes this company has either major financial backing or is exceedingly successful. Whether you like it or not, many people place quality judgements on cost. That is, if something costs more, it must be good. The same goes for the ads. If someone can pay a lot for an ad, their products must be good and popular, otherwise how could one pay for such an ad?
This is unfair to the business community. It could also lead to a lack of confidence in the system overall if this issue is not resolved, and word of it spreads. Lack of confidence in the system means lack of confidence in the economy, and as a result, people will spend less, and the economy suffers. If the economy of SL suffers, then SL as a community will suffer. This issue needs to be resolved, and I would urge all of you to encourage your friends to vote for this topic. I'm attempting to reproduce the problem and while I'll have to wait on the auto-renew, I was UNABLE to initially place the classified ad unless the account had sufficient funds. Has anybody else been able to auto-renew classifieds without sufficient funds?
markbyron falta yes,
if you look on the Forum post related to this jira it explains how you can do that as well... http://forums.secondlife.com/showthread.php?t=270710&page=1&pp=15&highlight=classifieds they even include a screenshot I just added a screenshot that clearly shows I couldn't place a classified without sufficient funds. Now we'll have to wait to see if it auto-renews with no funds in the account but one of the other posters had expanded the problem to note that you could place the ad without sufficient funds. I couldn't reproduce that as shown in the screenshot; perhaps there's a special way to do it or Linden has already plugged the hole?
<strike>@MarkByron - Yumi Murakami explains there was a method behind how this was accomplished and has submitted it as a seperate security exploit on JIRA. Unless you were privy to that information, I doubt you would come out with the same results.
http://forums.secondlife.com/showpost.php?p=2070954&postcount=23 I have just confirmed that there IS an exploit. Using it you can place an L$99999999 ad for L$50. Yes, I did it and I saw it right there: an ad placed at the very top of Browse for L$50. See here: [url]http://www.bijodesign.com/classifiedexploit.png[/url] (ignore Devil's Moon - that just happens to be where my alt was). Of course I've deleted it now. I have submitted this to the security section of JIRA."</strike> ----------------------------- nevertheless, it does seem like quite a few people have either seen or been able to repro this if one is to believe the messages in the above linked forum thread. I made a few spelling corrections... I've voted for this, and may come in to make it a little more clear and concise to read (so the Lindens will take notice of it) later today.
I think it's critically important that it's clear that this exploit is distinct from the one Yumi uncovered (described in Aki's comment above). While both render all high-priced Classifieds suspect, and arguably have a macroeconomic impact on SL and the L$, fixing one does not fix the other. I think there is plenty of evidence that the exploit described here does occur, although I don't think there's a "smoking gun" to show that it would continue to work with auto-renew for very high-priced ads. The other exploit would clearly apply to such very high-priced ads, but I don't know that there's incontrovertible evidence that it's actually been used (yet) to scam the Classified system. (At least not known to the public.)
I'd also like to emphasize "Q5" in the description: If LL does not currently do fraud detection on L$ sinks, it's past due now. Both of these exploits would have been readily detected by such a program. Clarified the summary to specify the problem with free auto-renew. Since the exploit to initially post classified without sufficient funds has been addressed as a SEC, than this JIRA should focus solely on the issue of being able to auto-renew without sufficient funds. That said, Linden needs to soon address the issue as it relates to both potential problems; the integrity of the classifieds has been called into question. Where's the Linden "resident communications manager' when you need them?
OP, I salute you for posting the problem to begin with but the issue has been clouded; in order to get Linden attention, you must be crystal clear as to the nature of the problem. The addition of the security exploit with respect to posting ads only contributed to the lack of clarity. The problem you're stating is simple; you can auto-renew classified ads without sufficient funds. The problem is not classified ads draining the SL economy; that's a potential impact if the problem is not fixed. Let's hope Linden is not similarly confused, or only addresses one problem and not the other. NO need to clarify for Lindens to see. they know. I originally brought this issue up at Linden office meetings. I was Told and I quote "...post to the jira..." it was this very same Linden (who I will not use 1st name) that showed me How to use the jira and how to post. Also as I write this comment that Linden is in IM with me about this issue.
[10:26] :-P Linden: People are always looking for a champion.....they think you're leading them to victory! I am changing the subject line to what was suggested - "Classifieds still appear in search despite insufficient lindens to cover fee" so that it can be better tracked by other residents and it will better reflect the nature of the bug.
Thank you all for the information, examples and pictures. I have imported the issue.
Just to confirm for readers here that the exploit I found was submitted as SEC-118 (not publically viewable) and is now LL issue DEV-17891.
Funny, this did not happen to an alt of mine last week. The ad ran out, and when I logged in, no red minus, but also no ad placed, even though this has been a long running ad and autorenewed.
Maybe it's a viewer thing? I would think it unlikely, but apart from running Nicholaz patch of 1.18.5.3 on a Mac, can't see why I get a different result. @Montana Corleone
Cheers babe I can confirm that Places continues to list even when it's not paid. The Forum Cartel has a hangout in Allana that is deeded to Group, and even when group funds are negative, the Search/Places listing continues to run. We just keep deeding objects for sale to the Group and buying them for whatever we owe. The funds are NOT taken out of the group owner accounts, as is setup in the Roles and Abilities in the Group Dialog box.
so this was like Created: 13/Jul/08 ... little more then 2 weeks ago
so far 1 Linden has comment as well WorkingOnIt Linden was assigned to this less then 24 hours after the Jira was created yet no answers to our questions, how come? oryx tempel confirmed that Places continues to list even when it's not paid. few things I have noticed since this Jira and the related forum post
We've been unable to repro this. Is this still an issue?
Please let us know if this is still an issue. We are unable to duplicate the problem.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
Bug
Resolved
Critical
Classifieds still appear in search despite insufficient lindens to cover fee
Simple, the alt pays for the first time.
Then it auto renews once, and bam the account is suspended instantly and automatically for being that far in the negative. All this without any harm to the economy, seeing as they did actualy pay for the first term.