Gixen under attack today

[mario]

Gixen has been under attack today for several hours. The issue seems to be resolving now after I blocked all requests coming through proxies.

Apparently the attack originates from Hong Kong (the IP from which it originates is known now), and the attacker has used some 4,500 web proxies to issue login requests to Gixen. This has in several instances compromised Gixen's IPs with eBay, which resulted in many Gixen users triggering ebay's verification.

Things are normalizing now after I managed to block proxies.

[fred100]

i have an german ebay account and my password was just reset by ebay.
so this has then obviously something to do with this incident?

was there any user data stolen from gixen?

[mario]

No, no data was stolen. My own ebay account was also reset by eBay, probably as a precaution.

This is something I have never seen before, both in sophistication and magnitude. Over 8,000 web proxies have been used, and more than 200,000 login attempts made. I disabled attack after 20,000 or so login attempts that were made just in a few hours, but kept logging information to see what's going on. Now I also blocked all 8,000 proxies in the firewall so cannot longer see further attacks. No need for it anyway.

Since not all the proxies used were anonymizing proxies, I was able to find out the original IP addresses from which attacks are made, and they originate in Hong Kong and two more different locations in China.

[Fire_Bad_Tree_Ppretty]

[Gixen]

[rketmps]

...can the snipes be recovered that I listed for the next few days?

[mario]

Please email me and include your ebay username and description of some of the snipes scheduled.

[Guest]

once password is changed, log back in to gixen, all good once watchlist imported

eBay in Major spin lol

[namewitheld]

My internet security knowledge is pretty basic. Can you explain how the attack was able to cause ebay to reset my password but the attacker didn't get any login info? At the minimum they were able to get my ebay username, or how else would ebay identify my account as "Unauthorized use of your account"?.

[mario]

Hackers didn't get anything.

What happened is - they did a brute force attack with login attempts that resulted in Gixen's IPs getting flagged by eBay, as Gixen relayed those attempts to eBay servers. When Gixen subsequently tried to submit your bids using the same IPs, eBay decided to reset many users' passwords.

So it's a correlation thing - hackers submit a bad login request to Gixen, Gixen relays those to eBay, and after several of those eBay's flags Gixen's IPs. And then even a legitimate login from Gixen servers gets refused and passwords reset.

Things are clearing now after I blocked some 10,000 proxy IPs already through which this brute force attack came.

[genri200]

I also received "Unauthorized use of your account" message from ebay.

[namewitheld]

Thank you for the clarification. Will ebay blacklist Gixen IP's if this happens again?

[lazy*daysleeper]

eBay has reset my password earlier today and asks me to change my old password. But how am I supposed to change it, when I'm unable to log in?

[lazy*daysleeper]

Done. They provided link with instructions that I overlooked..

[ianoid]

[Guest]

Same with me, got password reset email from eBay. Went to eBay and did password change process. Can log into eBay now, but Gixen Desktop Manager is missing my scheduled bids and so is gixen.com/home_2.php after I log into gixen.com.

[TIO200]

I reset my password as requested by ebay. but I still see that over 40 of my upcoming bids read as having been cancelled. I used the edit feature to add a few pennies to each bid and am hoping that they go through; as they now read scheduled ! Without trying to be wicked, perhaps the newer higher bids that I see on my want list won't go through as perhaps not every diligent gixen user bothered to make any changes. if you don't make any edits. your old bids will remain cancelled.

[kevin]

Don't forget to change you Gixen / ebay login as well or gixen will use the old password and not get in.... if you have changed it on ebay - also give it a few minutes for the password change to take effect - i had a couple of snipes right in the middle of all of this - got into my ebay after a password change then quickly changed the log in here - all ok

[tio200]

I thought I was ahead of the game by editing my cancelled snipes and they read scheduled.. but still GIXEN couldn't get ebay to verify the sign in authentication. the last time this happened i had to remove all of my sign on saved passwords from google and Chrome before things cleared up. I got up at 6 am to make sure that things were alright.. they seemed fine when Gixen listed everything as scheduled,, but there were a few snipes scheduled for 27 minutes later that didn't go through because of this issue. I will try to delete all of my saved passwords and enter GIXEn manually. I was told by GIXEn that it didn't matter what settings that were on an individual's browsers; as once they were accepted by GIXEN, they would go directly to ebay, apparently this is not true.

[Cupid]

I'd like to highlight Kevins advice here.

If you change your credentials on Ebay you MUST then use the new credentials here before any of your snipes are going to work.

Gixen will accept your OLD credentials before you submit new ones... this allows you to see your old snipes that have those old credentials associated with them but NONE of them will work... I advise you to make a note of them and then delete them.

Once you log in with your new credentials you must then reschedule all your snipes before your new credentials will be associated with them, allowing them to be successful when Gixen logs in for you at the end of the auction.

Just logging in with your old credentials and editing the snipes is NOT going to work... in fact it is most likely to make things worse for you since you are then forcing Gixen to try to log into your Ebay account with the wrong credentials.
_________________
Mark

[sale1579]

item : 252427630138

still not working for me , CANCELED - VERIFICATION CODE REQUIRED BY EBAY or COULD NOT BID: PHONE OR TEXT VERIFICATION REQUESTED BY EBAY

[Cupid]

sale1579.

Please read my response to your last post on this thread:

http://www.gixen.com/forum/viewtopic.php?t=7978
_________________
Mark

[kmzs]

But gixen mirror is stilling not working for me. Error status:

COULD NOT BID: PHONE OR TEXT VERIFICATION REQUESTED BY EBAY
CANCELED - VERIFICATION CODE REQUIRED BY EBAY

[Guest]

I want to commend you on your effective response to this threat and your transparency about what happened. Thank you!

[Cupid]

kmzs,

Please email Mario at the support address given on the Contact tab above.

Include your Ebay id, and a brief explanation, that Main submits bids but Mirror fails for you with the status that you posted.
_________________
Mark

[julesjelev]

[Cupid]

julesjelev,

There isn't anything to do this in 'Settings' that isn't how Gixen works, this is a deliberate design choice for Gixen, so that your credentials are never held longer than necessary in order to submit bids on your scheduled snipes.

Yes as I think you are implying, Gixen uses the credentials that you use to log in here. They are verified with Ebay every time you log in with different ones from previously.

That is why you lose access to all your scheduled snipes when you log in with new credentials, because then none of the snipes that you had previously set up match those credentials.
_________________
Mark

[Guest]

Thanks Cupid!

So it appears Gixen will save every scheduled bid together with my username and password and then use this information to place the bid. This makes sense.

[Cupid]

Yes, that is correct.
_________________
Mark

[animegination]

Just wondering if it is possible to modify your software to allow users to import the cancelled auction sniping information when an Ebay password is changed. It looks like this functionality is going to be critical as more of these attacks occur. I am lost now as when I look at the instructions for direct proxy modifications they are overwhelming for me right now.

[sale1579]

Gixen main Chicago working for me, but gixen mirror miami still has the same error message :

COULD NOT BID: PHONE OR TEXT VERIFICATION REQUESTED BY EBAY
CANCELED - VERIFICATION CODE REQUIRED BY EBAY

item number : 262486950888

[Cupid]

animegination,

I agree that a migration facility is now something that Mario should seriously look into providing.

The need for the socks proxy is a different issue, if you need to use that then there isn't really any other option that can be provided to help resolve the situation.

sale1579,

For a more speedy resolution I would recommend that you now go the email route, please include your Ebay id in all correspondence.
_________________
Mark

[fire_bad]

[kmzs]

[deadbbaron]

I had two bids on early this morning ,when I checked my emails there was no notification from Gixen that I had won these lots.Also there was no notification from eBay either.
Both show up as won on my won lots on eBay.
Could this all be tied in with this problem?

[jet_kit]

[helloworld]

I was forced to reset the password by eBay as well. After password reset, I can log in to eBay and bid without any issue. However, my new password would not work on Gixen after 2 tries with the new password I was locked out for an hour. After one hour, I cleared eBay and Gixen cookies, and set browser proxy to Gixen's and logged into eBay to make an successful bid, and I tried making another attempt to log in to Gixen, password is rejected.
Is this common for everyone else? Are there any solutions to this problem.

[guestognized]

Hello team,

I am getting this error even after changing my password through eBay.

No items imported. If you have items on your watchlist, and they do not get imported, it is possible that eBay blocked watchlist import with captcha images. Please enter your items manually by copy/pasting item id(s).

Any one know of any ideas?

[Flo]

hi dude ,

I got this message on my snip after change password
CANCELED - VERIFICATION CODE REQUIRED BY EBAY or COULD NOT BID: PHONE OR TEXT VERIFICATION REQUESTED BY EBAY

I have send message to ebay but no answer :/


Have you got solution ? plz

Thx

[sale1579]

After changing password and change proxy it worked fine for me yesterday, but I noticed all the gixen miror Miami still have problems :

EBAY ERROR: LOGIN TIMEOUT (1)

Main gixen Chicago worked fine, only one auction had the error :

UNKNOWN ERROR (3)

The item is 391478679238

Thanks for looking into the problem for me !