E-Scribe News : a programmer’s blog

About Me

PBX I'm Paul Bissex, and e-scribe.com is my consulting business. I build web applications using open source software, especially Django. I teach photographers web design and professional skills. In the '90s I did graphic design for newspapers and magazines. Then I wrote technology commentary and reviews for Wired, Salon.com, Chicago Tribune, and lots of little places you've never heard of. Feel free to email me.

Book

Python Web Development with Django I'm co-author of "Python Web Development with Django", an excellent guide to my favorite web framework. Its strong points include an introduction to Python, and better coverage of Django 1.0 than nearly anybody else. Published by Addison-Wesley, it is available from Amazon and your favorite technical bookstore as well.

Colophon

Built using Django, served by Apache and mod_wsgi. The database is SQLite. The operating system is FreeBSD, on a VPS hosted at Johncompanies.com. Comment-spam protection by Akismet. Vintage topo imagery from the Maptech archive. The markup engine is Markdown.

Pile o'Tags

ajax apple blogs browsers business design django ebay fp fun google hardware haskell intellectual property iphone javascript linux media mercurial mobile open source os x oscon oscon2007 palm php programming python rails rants reading risks ruby site spam textmate the well tips tools unix vcs web development web frameworks webservers wmassdevs

Stuff I Use

Akismet, del.icio.us, Django, dpaste.com, Emacs, FreeBSD, Freenode, jQuery, LaunchBar, MacPorts, Markdown, Mercurial, OS X, Postfix, Python, SQLite, Subversion, TextMate, Trac, Ubuntu Linux, wmii

Spam Report

At least 67556 pieces of comment spam killed since January 2008, mostly via Akismet.

Is eBay doing all it can to fight phishing?

A lot of eBay phishing scams take you to websites that not only mimic the look of the site they're impersonating, but actually contain live links to that site and even use images hosted there.

I just got one today: an email with the ironic subject line of "eBay Fraud Mediation Request." I always take a look at these to see if the scammers have any new tricks. I even click on the links (being a Mac user emboldens me there). This one took me to a site called www.signin-e-bay.com (I'm omitting the full link that takes you to the scam pages). The page was full of links to real eBay pages and used images hosted on eBay servers.

(Sub-rant: why does a company like eBay use a domain like ebaystatic.com? That's an actual eBay domain used for image hosting. This scam page included images hosted there. You've got to imagine that this makes eBay's anti-fraud education efforts harder. Does signin-e-bay.com look more suspcious than ebaystatic.com? Not to me. Why not static.ebay.com? When I see this kind of thing all I can think is that a company has grown so large and balkanized that it's easier for departments to register entirely new domain names than it is for them to get authorization from above to add a third-level name to the main domain. End sub-rant.)

Here are two things that eBay could be doing right now to foil this scam operation (I'm assuming they know about it; I reported it and I assume many other people have as well.) They are not rocket science. I'm not pretending to have invented anything here -- this is webservers 101. I might be missing some reason why they can't do this, but it's certainly stuff that I would do if my server were being impersonated like this. But eBay gets a little more traffic than I do.

Anyway:

  1. Why not check referrers on all incoming page requests and redirect people who are coming from signin-e-bay.com to a page with a giant notice saying WELCOME TO EBAY! YOU HAVE ARRIVED FROM A KNOWN SCAM SITE. Admittedly the next step is more difficult, since at this point the visitor will probably be pretty suspicious of everybody and might just quit their browser and go have a beer. At least they'll be keeping out of trouble.

  2. Why not check referrers on all image requests and return giant red "SCAM" badges when the referrer is on the (ever-evolving) scam site list? People have been doing this successfully for a long time. Again, the user may just be confused and close their browser, but at least they haven't given their login info to a malicious third party.

Maybe this is all moot, and they actually do this stuff now, and I'm just not seeing it because the whole mailing is only thirty minutes old. I'd love to be wrong here. But somehow I doubt that I am. Can anybody enlighten me as to why eBay doesn't use measures like these? What am I missing?

Friday, September 23rd, 2005
+ +
3 comments

Some related posts: I hate those SitePal adsTrying to send eBay a message?eBay, fraud, filtering, and Web 2.0
Comment from richard bushey , 10 weeks later

i would like to complain about a phone call i received today from a caller who wanted my e-bay acct # i have his phone # in my phone,he was very aggressive.but i need to know who to report this to.i don't want it to happen again

Comment from Paul , 10 weeks later

Richard, I'd go to eBay's [Security Center][1] to report your problem.

[1]: http://pages.ebay.com/securitycenter/

Comment from Nigel Turner , 11 months later

Hi, I have recently had a lot of buying activity on a downloadable product that hasn't really being selling. All of the buyers have an email address ending in 126.com and so far none of them have paid for the item
All of the items were sold within an hour of each other on the 21st of september. I'm not quite sure how this would be a scam but it certainly smacks of one. Has anybody come accross this before or do you know what they are trying to acheive ??

Post a comment

Thanks for reading! Please note: Your comment will not appear until approved, which may take a few hours or more. Spammers will be torpedoed.


(Will not be shared)

(Optional)