Is an exploit driving up classifieds prices?

If all you did is place the ad without sufficient funds to pay for it, it's hardly an exploit - it's gross stupidity on the part of LL.

That is not what I did. For obvious reasons I don't want to disclose details, but the method is not one that could be mistaken for a non-exploit.

It's interesting if that is true. But I don't think most of the large classifieds are doing this. When you consider how long some have been running (6 months or more) I can't believe for a moment LL wouldn't have noticed they weren't getting paid for their classifieds.

Still, it will be interesting to see what happens with big ads once this possible exploit is fixed.

It's also interesting you found it so quickly.

Because my classified was so high up on the list before you mean?

I've done or helped with several research projects on database/transaction security. I knew where to look.

On a side note, though: The issue of successful "for fun" businesses beating out "real" businesses because they can spend 100% of their income on marketing seems to me to be a fairly nasty concern and a flaw with the design of the classifieds.

How long ago was that, Tegg?

coco

I have known about this issue for 6 weeks, my JIRA post was made 2 weeks after my experiment finnished, because; before the post I went to 3 Diffrent Linden Office hours, and sent a Copy of my Notecard question to 3 Lindens(who I will not name). Of thoes 3, only 1 Replied with "I honestly do not have an answer for you.... Please post that an the JIRA.... Could not hurt to post on the forums either...."

here is an Exact Copy of that Notecard

MY Question has to do with Classified ads and thier Impact on the SL economy.

For the past 4 weeks I ran a small experiment with paid classified adverts on SL. It is a follows, 4 weeks ago I set up an ALT on a friends computer I gave that alt 50$L . this alt had no Business to run & no source of $L dollar income. I then placed a 50$L classified on SL with this alt. the classified was for a sandbox for the cost of 50$L. Before I paid for the classified I checked off the "AUTO RENEW EACH WEEK" button with the understanding that this alt would not LOG ON again for the next 4 weeks. so I clicked OK and paid 50$L to run a classified for a Public sandbox. Each new week I would SEARCH classifieds to check the status of the classified. Low and Behold each week with out fault the classified was still Running. 4 weeks passed and still the classified was active for a cost of 50$L dollars when the 4th week was up, I returned to my friends house LOGED IN to the ALT account to find that it's L$ dollars was in the Red! The ALT had -$L150 thats right it had Negative one hundred and fifty linden dollars! This was Caused Because Linden Lab Deducted 50$L each week from that account for the cost of "AUTO RENEWING" the classified. This is ALSO TRUE for 30$L a week LAND CLASSIFIEDS that are AUTO RENEWED. With the Results of this Experiment I was Shocked but not Suprized. What happend to the Alt you may ask? easy, I sent it 150$L to bring it's $L dollar ammount back to 0 (zero) then Cancled the account. so my Questions are as follows

Q.1 - does this work for people who take out 100000$L and up classifieds?
A????

Q.2 - how does this effect the Economic stats seen on the SL website for Classifieds?
A????

Q.3 - How does is effect the Exchange rate for $L dollars to US or Canadian Dollars?
A????

Q.4- are People who Run as I refer to it "Classified Alts\bots" liable for the Negative balance of thier accout?
A????

Q.5- how does Linden Lab plan to Prevent this from happening in the future?
A????

Q.6- Does Linden Lab really expect people to Believe that some one is paying 500000$L a week for a classified? that is over 500 US$

A????

Hahaha, I just figured out the "pay 50L for any price add" exploit! IT'S SO SIMPLE!

Be a White Hat.

Just to clarify, the exploit I found does _not_ involve auto-renew. I had the ad placed and then taken down within 10 minutes. In fact, I suspect that auto-renew would break it.

I know my snapshot I showed you mentioned auto-renew, but that was not part of it.

People have mentioned accounts getting suspended for being in the red. If I remember correctly, that takes a month. I've talked to the billing Lindens about it at various times when there have been problems with their credit card billing system. If it takes LL a long enough time to fix the problem, maybe someone can run an experiment to see if the ads would continue while an account was suspended. If the system is all automated, the ads may continue until the account gets completely deleted.

I know of 1 account that has not logged on for 10 months yet has a 100$L classified running fo a store that no longer exists. that classified is still running. for over 1 year, the accout has NO PAYMENT INFO. and I am More then positive it is in the red. this is what prompted my little 50$L experiment over a 4 week timeframe.

I think there are two very different "exploits" being discussed in this thread.

Right now I sure wish there were a way to get the *original* "ad placed" date for somebody else's Classified.

I also wish LL had a Fraud division that matched L$ income with the nominal value of services provided, specifically in the case of L$ sinks. But I suspect they don't take sinks seriously, almost believing the convenient fiction that L$ sinks don't represent revenue to LL.

Wildefire Walcott started this thread after reading my jira. since then others have used a used the exploit I discovered to do more then just have classifieds run on for ever. the 50$L for any price advert was a direct result of the Exploit I have mentioned above. My #1 thoughts on this exploit is\was how does it effect the SL economy? NOT how can I get the most for my $ rather how does FAKE CLASSIFIEDS inflate L$ classified sinks? and will that have a direct result on the Linden Dollar ($L) value?

We may have been driven to think about exploits on Classifieds by your post, but the methods for the two exploits are completely unconnected.

Yumi and I Have a completley diferent exploit then yours, they have nothing to do with each other. You just sparked a classified discusion.

Also, in the future. Please post exploits in SEC. Your public posting of what you beleave to be an exploit is not a good idea.

One of the Lindens apparently told the OP to post on the jira and in the forums. In general, its an extremely bad idea to publicly post exploits, but it sounds like the OP has plenty of cover on this one.

OK, so we have two different exploits regarding Classifieds, at least one of which has apparently been going on for at least six weeks.

And so far, no Linden contacted knows anything about it. Has a Linden answered on the JIRA entry?

coco

Yes, a Linden contacted me this afternoon.

If I was running an ad and I suspected that someone was using the exploit and ranked higher than me I would AR them.
After all if no one complains with specific problems, is it really a problem?

Well some of these exploits have ben happening for years, so maybe if it hit the media in the open LL might take steps to remove those deliberately cheating the system. Or if they do nothing after a few months we all start using the exploits.
I suspect some people especially landcutters/adfarmers aren't paying tier for all their land too by using another exploit.

Sheesh...reading this thread makes me either want to explore the exploit, or quit advertising my businesses altogether. I mean, really, why bother? If you do it honestly, you can't win.

Just picking up on the suggestion that making exploits public is not a good idea.

Personally I think when something is wrong, broken, borked, stuffed, whatever, then the more people who know about it the better. And yes some people may use the knowledge to try and rip others off. But they won't rip off the people who also know, and whom have used that knowledge to protect themselves and fixed whats broken.

Well, the thing i find troubling by this discussion is the implication that everyone running a high priced ad must by default be cheating. Do you really think Abranimations is using an exploit for their ad? Or any of the other reputable businesses? I would postulate that very few, if any of the high priced ads are being placed by any exploit. I'll be sure to bring this thread back later after the exploit is closed, and i bet we'll see there are just as many big ads then as now.

And yes, the tier exploit is another that should be dealt with.

(Too) clever uses of the features - as given by design or dictated by necessity - yes. The more people who know about them, the less power each have. Something like the copybot or the ability to run a disposable alt into the red would qualify for that.
Flat out security exploits, such as hacking the protocol, should be given a grace period to be fixed, to prevent that every script-kiddie who can cut’n’paste crashes the grid just to feel important, especially since you cannot protect yourself against those by knowing about them.

On a tangent to the original topic, I practically always ignore the amount paid for the classified. I do something like sort reverse alphabetically and click some pages in, or something semi-random like that, having found that amount paid in classified has preciously little correlation to quality of merchandise.

Having that much money is an exploit