Land Auction Abuse

If LL intended to give these people a special preferential deal on sims, why would it have banned them now?

That's again another excuse which will get you a few laughs in court. You can see people win legal auctions in that range daily. You seem to forget they sell more than just full sims in the auctions.

I do think LL should seek the best and most friendly solution in all of this but I also hope those involved realise they have no real legal grounds. It is in your best intrest to sit back and look at how you can get out of this in the best way possible. If you think court is an option go to a lawyer. I'm not a lawyer but I've experience in IT security and legal matters related to IT security and I would seriously advise against going to court. Your chances at getting money out of this are near to none, you'll just end up paying your lawyer gaining nothing in return.

In most computer security terms that is considered a form of hacking.

There are several shareware programs you can download the registered version of by guessing a complex hidden URL. Yes, that's insecure. Fortunately, the law doesn't put the responsibility on you to protect yourself; that's just a bonus for extra security.

Just go to court, you will understand what i mean.
It is a total robbery. This is an internet crime, a product(sims) which is not ready to be auctioned( "Where are the auctions located?
The auctions are located at the Second Life Auction House. " is stolen using an illegal parameter to a script (using auction id as a parameter to the web site)<- HACKING . This is an internet crime, ask them:
http://www.ic3.gov/ ,
http://www.usdoj.gov/criminal/cybercrime
They will tell you.

I love how you keep saying you contacted a Linden before bidding, which only proves you KNEW this wasn't normal or likely and you knew something was wrong, therefore you took advantage and exploited a bug..

Hi Willow! Greets to all the ALTs!

So let's see... (/me takes notes)

Steal land from other people.. OK!
Steal money from other people... OK!
Rape the newbies for all you can... OK!
Buy land that someone NAMED LINDEN marked wrong... NO! BAD! GOTO JAIL!

I think I understand now... (/me stops taking notes)


It's obvious that this would happen. When you steal a newbies land, The Lindens already made their money off it. So no harm, no foul. When you buy (I saw exploit so you talked to Lee didn't you?) land on the cheap from the Lindens, THEY HAVE MADE THEIR MONEY YET. You can not possibly expect to get away with this. They will burn you in their Hell for this! Did you at least get your $1 back?

Actually if he contacted a Linden and was told it was allowed I'd say he was in the right. While I agree by all appearances sims for $1 is obviously not LL's intent, if he ASKED a Linden and was TOLD he was ok to proceed I would say he was ok to proceed. If a Linden said he was fine without knowledge that's the fault of the Linden not him.

Do you really think he told the Lindens he was purchasing entire regions for $1, and they said it was ok? PLLLLLLLLLLLEASE!

I have to disagree with you here. There are many valid uses for creating URLs manually, and so just the use of manual URLs cannot be de-facto proof of a hack.

This may have been an exploit, but using manual URLs doesn't prove that it is.

Just my $0.02.

I never said if I believed it or not nor is it relevant.

Didn't a bunch of Harvard applicants got dropped after they followed an unsecured html link someone else found to access their application result early? Was that last year?

This sounds very much like the situation we have here.

Someone being stupid, doesn't make robbing them right.

If the URLs are of a format like:

http://example.com/somePublicApplication?id=323456

and the IDs are published in another source, you will be hard pressed to say that you took measures to keep people from accessing IDs that you didn't want them to.

In fact, as someone who has been using the web since ... well, since shortly after there was a web, I would consider that a very useful *feature*, not an exploit.

In this case, I think there is other evidence to show that they were gaming the system, and taking advantage of the fact that if you DID visit an auction page that wasn't active you could bid anyway, which IS a bug, and using it for personal gain IS an exploit, hence, bannination.

I just want to make sure to stand up for manual URLs and how they really are a good thing, and can be part of a useful system.

For example:

http://example.sl.com/profile?resident=TheodorePolonsky

You don't need a form, or a big list of residents...the URL *is* the search box. And that can be very powerful.

What, am I up to $0.07 now?

Here's some facts for you then:

If you type an auction ID into the URL that does not appear on the auction page. YOU CAN NOT BID. That's a fact, and was before they fixed this hole too. The only thing I wasn't sure of is exactly how they got around that, but I suspect it was by hooking a live auction as I said. So either way, they had to directly exploit something to actually make the bid, it's not just a matter of entering a different auction ID.

I'm sorry if you think that my having some facts while you're taking the word of the exploiter constitutes 'some nerve.'

You can't be sure about that. By their own admission they have already said it did not work for all the auctions they tried so unless you tried enough before it was fixed you are not sure whether they just needed to alter the URL or not. Given the way they try to defend themselfs I suspect it was using changes to the URL. If they did indeed use crafted forms or the likes that would worsen their case a lot.

Correct.

Over the last few years I've seen court cases such as these come and go on Slashdot and other online news forums. I've never made made specific note of the cases, but from what I do remember the common thread was that if you manually alter a URL to access a part of a website that was not meant to be readily accessable to you, then it can be considered a crime.

Readily accessible was usually defined as something along the lines of "being able to access the page by clicking through the site's navigation structure or by entering data provided by the site's owner into forms provided by the the site." Thus your not innocent if a 3rd party provides a deep link into a website.

I am quite certain, if someone found out a way to modify the "Buy Now" link on say Amazon.com to purchase one or more $1000 USD items fof $1 USD, that person shared that information with others and then Amazon.com found out -- they would decend upon that individual with a furry that would some could compare with "the wraith of god."


On the flipside, I do not agree with Linden Lab's handling of this particular situation. I would have preferred if when they found the problem, that they shutdown the auction system -- and where possible back tracked all the auctions won this way and reversed the sails. Refunded the original purchaser the auction amount, and if the land had changed hands, reverse those transactions as well. The only problem of course being, if Account A bought it for $1 USD, resold it for $300 USD, and had already cashed that out through the Lindex. Not knowing the extent of the breach (number of auctions sold like this) it's hard to evaluate or recommend a best course of action that would treat everyone involved fairly.

Don't hate the furries.

Also, what if the person tiered up just to be able to hold the land? Would they refund that? What if they still had some extra land above their tier because they though they would be able to keep the land they got from Mez/Thunder?

AFAIK, this exploit has been around for quite some time. Reading this thread makes everything suddenly make sense.

Here's my little story:

Around January of 2005, there was a large mall next to the Shelter. I was on good terms with the mall owner, and let him know that if he ever wanted to sell his property, to let me know.

For reasons unknown, around February of 2005 the owner of the property disappeared from SL, and all of his land reverted to Governor Linden ownership.

I waited patiently for 2 months for it to be marked for auction - after several calls to LL, and a few hotline/land management posts - the land finally turned purple in April of '05. But it didn't show up on the auction page.... I was told the land would appear "soon", and just to keep an eye on it.

For a week I watched that auction page like a hawk, waiting for it to show up. A week later, I logged into SL, and found that this property had been sold at auction already! WTF!

I went to the auction history page, and sure enough - there it was. Sold for US $0.03. Three Cents! There was only one bidder. Additionally, I saw two other large parcels on the auction history for $0.02 and $0.01 that sold to the same individual. These parcels never appeared in the public auctions for the week I was watching.

I contacted LL on the issue at the time, and they pretty much washed their hands of it. Since it was now owned by a resident (regardless of how it was claimed), they were unwilling to interviene.

My goal here was to get this parcel - not neccesarily punishing the person who somehow figured out how to get around the auction system. So instead of continuing to futiley pressure LL, I calmly went to the individual who bought it, who agreed to sell it to me below what was market value at the time, but higher than what I should have fairly paid at auction. I got the land I wanted - case closed - and hadn't thought anything more about it until I saw this thread today.

Possibly this individual found a completely different 'hack' into the auction system. But it sure seems very similar to me.

By reselling it, they have shown they were aware that they weren't paying market price for it in the first place. Thus, they should be charged the standard purchase price.

Let's be reasonable, please. I can perfectly understand the reactions of some of my fellow residents in the land business, who somehow profited from this exploit. It is only human to try and defend your actions - even to yourself and especially if you profit from them.

But these "auctions" did not follow the rules the Lindens set up for land auctions, so LL is perfectly within their rights to "cancel and roll back". And please stop the nitpicking about the interpretation of some sentences on the auctions pages.

Land auctions have allways been (and are clearly intended to be) public auctions.

Everything that is relevant to the preceedings is described clearly on the web page. Every resident with a clean record can take part in them. There are no hidden clues or puzzles to solve. That is what the Lindens intend to do with the auctions - because it guarantees the highest prices.

A software error has lead to a situation, where one could use the system to start a kind of bidding in a closed circle of people; probably only one at first and then some others, who heard about the exploit. That's not a public auction anymore.

Not getting on sides because I don't know the game that well, and because 90% of you think I am just a alt (but in truth im much worse...a newb who doesn't really know what hes talking about)

However your point that " "Where are the auctions located?
The auctions are located at the Second Life Auction House. " came from a FAQ. That is different then legal text....A FAQ isn't definite and binding in legal terms....I will give you a example in SWG the FAQ (old one) said you can make money "doing missions, selling items, or killing creatures and looting them" That is just a broad definition thats just meant to answer a frequently asked question...However you could also make money in this game by Dancing at parties, fixing someones appearance,ect, ect. The faq isn't ment to be the "the final answer" its just a guide for frequently asked questions...So it saying "you find them in the auction house" can just be one of the solutions to the issue.

However if you find in user agreement where it says "all land purchases from linden must come through the auction house" then I will bow and submit.

Now, do I think what the person did is right? I have no clue, I don't know all the details. I just know that because a FAQ doesn't include a option makes that option wrong.

Mez told my friend that he needed to get rid of it quicky so he sold it for $3/m for mature.

Why to get rid of it quickly? Oh, maybe it was a STOLEN item?
LL, please go to a court and share the decissions of the court with us, so in the future noone can try to take advantage of bugs to steal.

Very well said, Dana

I really don't see any room for argument here. Above the bid box on every auction page it states what the bid is



I saw one of the auctions up on the auction page with a bid of $O, I didn't keep track of it because I didn't have the money to pay for it and figured it was some sort of glitch, but since this is clearly stated above the bid box on all public auctions, it clearly means the bid must be at least US$1000.00. Since there were several bids on some of these auctions and each knew to bid under US$1000.00, they knew something wasn't right and was attempting to exploit the system.
As has been quoted, they entered a binding contract and are now responsible to pay.....as it shows, the current bid US$1000.00 or back out of the deal and pay the amount for backing out of an auction, plus reimbursing anyone that bought land from them.

Of course since the auctions should have never taken place, LL has every right to back out of the deal and take any actions necissary to recover funds

Ok gonna take a shot in the dark i could be way off cause i never even looked at auctioned land and there just to many post to read each word for word but from what i have read it seems like this.

That all land that is either up on the auction block or will be on the auction block within the days to come are purple on the map. This being cause once the land is consider for auction it is asigned an ID #. which im taking is the only thing that seperates each URL from each other is there asigned ID#. which im also assuming is an automatic prosses.

No im not sure how it is determan the order they are set to be placed apon the Auction block for bidden.whether its there is so many that can be on the block at one time and once one is sold the system ques up another, or if there assigned days to when they will spefically start. And when that ID# is ready to begin auction on the system automaticly displays it and automaticly tags it with 1000$ USD min bid once it goes through the system and all things are set i persume it now becomes public and the public can begin bidden.

Now from reading what happen it seems these people went to the lands probably did explore got the ID# and realized it wasnt for auction yet. so instead of waiting for it to become a public auction they manually typed in the ID# in the spot found the land they wanted forced started the bid. Now since im gatherin the system style is mostly just an automatic prosses. The system wasnt told what its next action should be so the lands in question never seen the light of public nor was the min bid of 1000$ USD placed on it. The only thing the system did manage to do is get triggered to start the count down to how many days left for the land to be placed on auction and i also assume that the system is programed to automaticly close one the alotted time expires and thats what it did.

What these people did was instead of going through the proper and what LL clearly states is the proccedure that is needed to be followed. They instead went around all the steps and manually decided to override them.

Basicly they cut out the middle man and used that to there advange to get these land at the prices of $1

No since LL doesnt state that you can infact do such a thing it was not LL who was in the wrong or LL mistake it was your own fault for tryin to go around the system

For the one who said they gonna sue sl you would lose and here why. The land auction is consider a PUBLIC auction and it is designed to allow anyone within the public veiw it and bid on it using the proccedures and method of doing so in place. You took those those methods manipulated them and gave yourself and unfair advange over the public to gain win on them. And yes using the system to give yourself an unfair advange is enough for the case to be dismissed or ruled in favor of LL