Horrible!! somebody able to add a malicious item to any boxes in my store!!!
|
|
Doning Yalin
Registered User
Join date: 30 Apr 2007
Posts: 22
|
07-20-2007 12:00
Maybe Linden Lab would find who added such items in the boxes anybody can drop item into such boxes with drop true script, the items dropped in would show the boxes' owner as its owner, From: Bodhisatva Paperclip This is good to know. I've got some objects I need to check  Sorry to hear this happened to you, Doning. I hope it's not too much of a hassle for you to clear up. At least some people (including me!) have learned about it and how to fix it. |
|
Raudf Fox
(ra-ow-th)
Join date: 25 Feb 2005
Posts: 5,119
|
07-20-2007 12:03
From: Lord Berchot Thx again! Persistant properties grrrr. Man I miss the days of punching holes in a shoebox full of cards to program a room sized computer to play tic-tac-toe! lol Me, it was plugging the cassette player up to the computer to get it to run programs! And it sure sounded funny when I accidentally played it in my walkman at one time!
_____________________
DiamonX Studios, the place of the Victorian Times series of gowns and dresses - Located at http://slurl.com/secondlife/Fushida/224/176
Want more attachment points for your avatar's wearing pleasure? Then please vote for
https://jira.secondlife.com/browse/VWR-1065?
|
|
Brash Zenovka
Still Learning
Join date: 25 Jun 2007
Posts: 392
|
07-20-2007 12:12
It seems a little odd that your troubles seemed to start after this one couple had a business related dispute with you.
But in any case, if you can get those scripts fixed, it may turn out in the long run to have been A Good Thing.
I suspect there are even worse things that could be added to those boxes of yours, and best to find out now and fix it now, then find out how much worse it can get at a later time.
|
|
Nika Talaj
now you see her ...
Join date: 2 Jan 2007
Posts: 5,449
|
07-20-2007 12:13
Wow, thanks all for this thread, i was merrily scripting along more-or-less ignoring persistence. But this caused me to run off to the wiki, where i found this great page listing "Annoyances": http://lslwiki.net/lslwiki/wakka.php?wakka=annoyancesMany other odd behaviors explained! Persistence is actually mentioned in the LSL101 self-tutor page, and if I had ever read it instead of just diving in, I would have already been aware, lol! http://www.lslwiki.net/lslwiki/wakka.php?wakka=LSL101Chapter1&show_comments=1Not a bad idea to look thru this short course, even if you're a programmer RL. |
|
Angelique LaFollette
Registered User
Join date: 17 Jun 2004
Posts: 1,595
|
07-20-2007 15:27
From: RobbyRacoon Olmstead That's pretty damned lame... I can see no good reason to include inventorydrop with hovertext. Sort of like a back door in plain sight, eh?
. The Best place to Conceal something is in Plain Sight. People don't notice it because they are too busy looking for Hidden things. Sort of like looking for an Elephant with a Microscope. Angel. |
|
DoteDote Edison
Thinks Too Much
Join date: 6 Jun 2004
Posts: 790
|
07-20-2007 16:13
You can also make a drag-copy of your object to clear persistent prim settings that may or may not have been set to "FALSE" during the scripting process. Any prim settings not set by the current script will be removed on the new copy. Making a drag-copy is a good final step before taking a copy to inventory, rather than just taking a copy directly.
|
|
Doning Yalin
Registered User
Join date: 30 Apr 2007
Posts: 22
|
07-20-2007 21:27
THANKS BRASH, it seems very odd, My store is freebie store, provide sorted freebies to residents. THey are 3 year old in SL, and have a island and large mall, sell skin at L$1500. I checked all my freebie boxes today, nearly all 100 boxes are added such malicious item, mainly added in July 18 and 20, In July 18, the girl told me such item, In July 20, the boy inform me about this. SOmeone must hate freebie store, although most residents love freebies. it is more strang that when the boy send such item to me, I declined, but it appeared in the trash of my inventory!!!! They are the old resident and sellers in SL, should be very familiar with the script ' drop true'. But they have never reminded me about such script, insisted that I added such items in my store, and they got the items from my store. From: Brash Zenovka It seems a little odd that your troubles seemed to start after this one couple had a business related dispute with you.
But in any case, if you can get those scripts fixed, it may turn out in the long run to have been A Good Thing.
I suspect there are even worse things that could be added to those boxes of yours, and best to find out now and fix it now, then find out how much worse it can get at a later time. |
|
Qie Niangao
Coin-operated
Join date: 24 May 2006
Posts: 7,138
|
07-20-2007 21:56
From: Doning Yalin They are the old resident and sellers in SL, should be very familiar with the script ' drop true'. But they have never reminded me about such script, insisted that I added such items in my store, and they got the items from my store. May never know the whole story, but I wouldn't necessarily expect the typical long-time merchant to necessarily know about llAllowInventoryDrop(). A merchant should really never have to encounter such a thing (especially if using vendors, whether commercial or open source). It's more worrisome to me that the hovertext script in those boxes had that function in it. I imagine that the script was written for some other application where that was appropriate... but it's scary to contemplate how much risk might be exposed by "found" scripts, used for purposes other than that for which they were intended. And I have no idea how that problem can be avoided. |
|
Wildefire Walcott
Heartbreaking
Join date: 8 Nov 2005
Posts: 2,156
|
07-21-2007 01:25
From: Doning Yalin THANKS BRASH, it seems very odd, My store is freebie store, provide sorted freebies to residents. THey are 3 year old in SL, and have a island and large mall, sell skin at L$1500. I checked all my freebie boxes today, nearly all 100 boxes are added such malicious item, mainly added in July 18 and 20, In July 18, the girl told me such item, In July 20, the boy inform me about this.
SOmeone must hate freebie store, although most residents love freebies.
it is more strang that when the boy send such item to me, I declined, but it appeared in the trash of my inventory!!!!
They are the old resident and sellers in SL, should be very familiar with the script ' drop true'. But they have never reminded me about such script, insisted that I added such items in my store, and they got the items from my store. What would old, rich, island-owning residents be doing in a freebie store anyway? Seriously? (Nothing at all against freebie stores- I recommend them to new residents all the time. I just... already have all the good freebies!) |
|
Doning Yalin
Registered User
Join date: 30 Apr 2007
Posts: 22
|
07-21-2007 02:11
They go to freebie store to looking for some freebies which are against their copyright. From: Wildefire Walcott What would old, rich, island-owning residents be doing in a freebie store anyway? Seriously? (Nothing at all against freebie stores- I recommend them to new residents all the time. I just... already have all the good freebies!) |
|
Bodhisatva Paperclip
Tip: Savor pie, bald chap
Join date: 12 Jan 2007
Posts: 970
|
07-21-2007 05:59
From: Qie Niangao It's more worrisome to me that the hovertext script in those boxes had that function in it. I imagine that the script was written for some other application where that was appropriate... but it's scary to contemplate how much risk might be exposed by "found" scripts, used for purposes other than that for which they were intended. And I have no idea how that problem can be avoided. I found several of my items had the dropinventory script in them so I "falsed" it, saved, reset and deleted it. Deleted the hover text scripts too since they're persistent. I got my hover text script from some item I picked up somewhere in the past but don't remember and the dropinventory came along with it. I just thought it was something created when I was putting my items in the box. I'll be more careful and diligent in the future. |
|
Raudf Fox
(ra-ow-th)
Join date: 25 Feb 2005
Posts: 5,119
|
07-21-2007 06:00
From: Qie Niangao May never know the whole story, but I wouldn't necessarily expect the typical long-time merchant to necessarily know about llAllowInventoryDrop(). A merchant should really never have to encounter such a thing (especially if using vendors, whether commercial or open source).
It's more worrisome to me that the hovertext script in those boxes had that function in it. I imagine that the script was written for some other application where that was appropriate... but it's scary to contemplate how much risk might be exposed by "found" scripts, used for purposes other than that for which they were intended. And I have no idea how that problem can be avoided. I'll be an example of the first paragraph, since I kinda knew about it.. but completely forgot about it. Yes, freebie scripts are a bit scary in that you never know what's been added where if you aren't a scripter, and I am not. I know of at least two scripts that started life harmlessly enough that are now major scams waiting to happen and the most you can do is warn people about it.
_____________________
DiamonX Studios, the place of the Victorian Times series of gowns and dresses - Located at http://slurl.com/secondlife/Fushida/224/176
Want more attachment points for your avatar's wearing pleasure? Then please vote for
https://jira.secondlife.com/browse/VWR-1065?
|
|
Strife Onizuka
Moonchild
Join date: 3 Mar 2004
Posts: 5,887
|
07-21-2007 11:26
I remember when I was a noob there were freebie boxes even then that did bad things; but they were by accident. There was one with an automatic land leveling script...
You just have to be careful is all.
Just a friendly reminder, please play nice.
_____________________
Truth is a river that is always splitting up into arms that reunite. Islanded between the arms, the inhabitants argue for a lifetime as to which is the main river.
- Cyril Connolly
Without the political will to find common ground, the continual friction of tactic and counter tactic, only creates suspicion and hatred and vengeance, and perpetuates the cycle of violence.
- James Nachtwey
|
|
Doning Yalin
Registered User
Join date: 30 Apr 2007
Posts: 22
|
07-21-2007 16:45
thank you for your reminder, today My store was attacked by someone using malicious scripts From: Strife Onizuka I remember when I was a noob there were freebie boxes even then that did bad things; but they were by accident. There was one with an automatic land leveling script...
You just have to be careful is all.
Just a friendly reminder, please play nice. |
|
Learjeff Innis
musician & coder
Join date: 27 Nov 2006
Posts: 817
|
07-21-2007 17:25
First, anyone who says you're selling items "stolen" from their store ... has a few bulbs burnt out. If they sell objects with copy/xfer permission, then OF COURSE people are going to distribute them, because IT'S PERMITTED. (Note well: there are some exceptions. Some items are sold to builders with copy/xfer permissions, with license agreements making it clear that these are for the customers to build with and sell the results, and not to distribute freely. Textures are a common example. If it's this case, I apologize for the "burnt out bulbs" comment!) Second: use this script to set text:
default
{
state_entry() {
llSetText("PUT YOUR TEXT HERE", <1.0,1.0,1.0>, 1.0);
llAllowInventoryDrop(FALSE);
llRemoveInventory(llGetScriptName());
}
}
This has the advantage that it deletes the script when done, so it isn't sitting there taking a few CPU cycles all the time (if the rumor is correct that even idle scripts take CPU time). The floating text is white here; you can change the <1.0,1.0,1.0> to any RGB color value. |
|
Learjeff Innis
musician & coder
Join date: 27 Nov 2006
Posts: 817
|
07-21-2007 17:38
To quickly fix your shop, drop this version in every box. It will delete all scripts, leave any floating text in place, disallow folks dropping stuff in, and then delete itself.
default
{
state_entry() {
integer ix;
list scripts;
string script;
llAllowInventoryDrop(FALSE);
for (ix = 0; ix < llGetInventoryNumber(INVENTORY_SCRIPT); ix++) {
scripts += [llGetInventoryName(INVENTORY_SCRIPT, ix)];
}
while (llGetListLength(scripts) != 0) {
script = llList2String(scripts, 0);
if (script != llGetScriptName()) {
llRemoveInventory(script);
}
scripts = llDeleteSubList(scripts, 0, 0);
}
llRemoveInventory(llGetScriptName());
}
}
Of course, don't use this in a box that sells unboxed scripts. |
|
Doning Yalin
Registered User
Join date: 30 Apr 2007
Posts: 22
|
07-21-2007 18:26
THANK YOU VERY MUCH LEARJEFF, I HAVE ALREADY CLEANED ALL THE MALICIOUS ITEMS IN MY STORE, BUT SOMEBODY STILL USE MALICIOUS SCRIPTS TO MAKE TROUBLE IN MY STORE. THANK YOU EVERYONE FOR YOUR SUGGESTION AND HELP From: Learjeff Innis To quickly fix your shop, drop this version in every box. It will delete all scripts, leave any floating text in place, disallow folks dropping stuff in, and then delete itself.
default
{
state_entry() {
integer ix;
list scripts;
string script;
llAllowInventoryDrop(FALSE);
for (ix = 0; ix < llGetInventoryNumber(INVENTORY_SCRIPT); ix++) {
scripts += [llGetInventoryName(INVENTORY_SCRIPT, ix)];
}
while (llGetListLength(scripts) != 0) {
script = llList2String(scripts, 0);
if (script != llGetScriptName()) {
llRemoveInventory(script);
}
scripts = llDeleteSubList(scripts, 0, 0);
}
llRemoveInventory(llGetScriptName());
}
}
Of course, don't use this in a box that sells unboxed scripts. |
|
Nina Stepford
was lied to by LL
Join date: 26 Mar 2007
Posts: 3,373
|
07-21-2007 22:33
wicked script, ta From: Learjeff Innis To quickly fix your shop, drop this version in every box. It will delete all scripts, leave any floating text in place, disallow folks dropping stuff in, and then delete itself.
default
{
state_entry() {
integer ix;
list scripts;
string script;
llAllowInventoryDrop(FALSE);
for (ix = 0; ix < llGetInventoryNumber(INVENTORY_SCRIPT); ix++) {
scripts += [llGetInventoryName(INVENTORY_SCRIPT, ix)];
}
while (llGetListLength(scripts) != 0) {
script = llList2String(scripts, 0);
if (script != llGetScriptName()) {
llRemoveInventory(script);
}
scripts = llDeleteSubList(scripts, 0, 0);
}
llRemoveInventory(llGetScriptName());
}
}
Of course, don't use this in a box that sells unboxed scripts. |
|
TigroSpottystripes Katsu
Join date: 24 Jun 2006
Posts: 556
|
07-22-2007 07:26
From: Raudf Fox
I know of at least two scripts that started life harmlessly enough that are now major scams waiting to happen and the most you can do is warn people about it.
would you mind letting the res of us know about them in this thread? |
|
Raudf Fox
(ra-ow-th)
Join date: 25 Feb 2005
Posts: 5,119
|
07-22-2007 07:34
From: TigroSpottystripes Katsu would you mind letting the res of us know about them in this thread? I don't know the exact names, but one was a simple dance ball that now takes money from people. Somewhere along the line, the script in the dance ball got changed and now the creator keeps taking the heat for it. A lesson learned about creating freebies.... The other one.. was a freebie vendor script that did the same sort of thing. I don't think the latter is in use anymore, but the former has now been handled with all money transactions showing up in a different color box..
_____________________
DiamonX Studios, the place of the Victorian Times series of gowns and dresses - Located at http://slurl.com/secondlife/Fushida/224/176
Want more attachment points for your avatar's wearing pleasure? Then please vote for
https://jira.secondlife.com/browse/VWR-1065?
|
|
TigroSpottystripes Katsu
Join date: 24 Jun 2006
Posts: 556
|
07-22-2007 07:41
From: Raudf Fox
but the former has now been handled with all money transactions showing up in a different color box..
that only helps with new permission requests, right? meaning people that already had a run away prim that got their permission sometime before this change will continue to loose money :/ |
|
Raudf Fox
(ra-ow-th)
Join date: 25 Feb 2005
Posts: 5,119
|
07-22-2007 07:46
From: TigroSpottystripes Katsu that only helps with new permission requests, right? meaning people that already had a run away prim that got their permission sometime before this change will continue to loose money :/ Bingo. Best thing to do is to delete the object and never use the script again. *sigh* Sadly, you almost have to learn LSL just to be able to use the freebie scripts.
_____________________
DiamonX Studios, the place of the Victorian Times series of gowns and dresses - Located at http://slurl.com/secondlife/Fushida/224/176
Want more attachment points for your avatar's wearing pleasure? Then please vote for
https://jira.secondlife.com/browse/VWR-1065?
|
|
ArchTx Edo
Mystic/Artist/Architect
Join date: 13 Feb 2005
Posts: 1,993
|
07-22-2007 09:53
From: Doning Yalin I have not set the Drop True in my boxes, The freebies boxes has no giver scripts, only hover text scrpts in boxes I have found several hoover text scripts being used by people that included a line of code for the llAllowInventory drop function. Most people don't know enough about scripting to understand that it is in there. I bet you will find it in yours. Delete the line that looks like this llAllowInventoryDrop(TRUE); all you need for the hoover text fuction is this line llSetText("1L$ Sex Stuff", <1,1,1>, 2.0);
_____________________
 VRchitecture Model Homes at http://slurl.com/secondlife/Shona/60/220/30 http://www.slexchange.com/modules.php?name=Marketplace&MerchantID=2240 http://shop.onrez.com/Archtx_Edo
|
|
Dnali Anabuki
Still Crazy
Join date: 17 Oct 2006
Posts: 1,633
|
07-22-2007 20:55
Wow, so glad this was posted. My freebies had llDropInventory set to TRUE too. Who woulda thought this would be part of the Hover text script.
Thanks for the info~
|
|
Learjeff Innis
musician & coder
Join date: 27 Nov 2006
Posts: 817
|
08-14-2007 07:07
I suggest you never give money permissions to an object unless you know precisely who the source of ALL scripts in it was (e.g., bought them for $0L from a reputable merchant).
Also, whenever you do give money permissions to an object -- freebie or not! -- be sure to watch your $L transactions webpage carefully as long as the object is in service. Even reputable makers can have bugs that can cost you $L, and if you see something incorrect, be sure to bring it to the maker's attention.
The freebie scripts in the LSL Wikis and on this forum are all open to public scrutiny, so they're likely to be the safest of all without having to rely on an individual's integrity.
|