Bricklink down?

[karl1]

I can't get past the op about his 2500 order, can i come to your house and play

Edited June 2, 2012 by karl1

[Big Cam]

Is it just me, or is bricklink down again?

And yes, I know, the old thread was closed. And I'm sorry if this is a little cluttery, but seriously, I need to know what's up. I'm in the middle of finalizing a $2,500 order (half the total) and I've spent the last 9 hours straight with 3 computer screens and 8 windows comparing piece by piece prices. I'm super super scared

The twitter feed says they have been attacked. I seriously want to grind whoever attacked the site in very sharp lego pieces. grrr

Sorry. Anyway, anyone know what's up?

Do we look like the Bricklink help line? As much as we all love the site, unfortunately we at EB don't know anything more than you do.

[Hinckley]

In the future we will merge all topics about Bricklink site availability with this one. Sorry about the thread closing. We get a lot of topics about when Brickshelf goes down, that are so frequent we usually refer people to our massive "Brickshelf up, down, who know?" mega-thread. Sometimes we get them confused.

Hope that Brickworld order got through!

[alienwar9]

Ooo, yay! I kind of felt bad for making the topic in the first place, because the first one was closed so quick after. But I just thought it might be an interesting thing to talk about each other's experiences and get a feeling for how this is affecting everyone. See if anyone had to do workarounds, maybe get tips on handling bricklink withdrawal

I sincerely feel bad for Eric having to fix the problems by himself and fix all of bricklink. Has bricklink ever been down or attacked like this before? Or do I have the worst timing in the world, using bricklink for the first time?

Oh, and I think I lost some hair. Only half my order has gone through. I'm stuck waiting for the Wanted-lists to be editable so I can remove what I have purchased so far and search for the stores with the most pieces that I have left. Looks like I'm going to spend a lot more on quick shipping

By the way, does anyone know how to do a search for a large group of pieces in stores? The query stores check-mark in the wanted list does not hold through multiple pages.

[Darkdragon]

[Legoman of War]

I am able to process orders now but still unable to add any new inventory.

LMW

[Darkdragon]

[Legoman of War]

Not confused in the least bit. How about this, if you want to make a nasty comment, why don't you send me a message directly instead of showing your ignorance and trying to call someone out publicly. If you don't want to see what I typed, then don't open the thread.

LMW

[Ricecracker]

Not confused in the least bit. How about this, if you want to make a nasty comment, why don't you send me a message directly instead of showing your ignorance and trying to call someone out publicly. If you don't want to see what I typed, then don't open the thread.

LMW

Relax. Darkdragon was just pointing out that you're better off asking Bricklink Admin directly rather than asking here.

[Legoman of War]

It was more of an FYI versus making a complaint. I am aware of the process and was stating a current status. If you look closely there is no question in my post. Once again, asking first would have avoided being flamed. Maybe if Darkdragon had stated the way you did, he wouldn't have gotten the reaction he did.

LMW

Edited June 4, 2012 by Legoman of War

[Ricecracker]

It was more of an FYI versus making a complaint. I am aware of the process and was stating a current status. If you look closely there is no question in my post. Once again, asking first would have avoided being flamed. Maybe if Darkdragon had stated the way you did, he wouldn't have gotten the reaction he did.

LMW

Two wrongs don't make a right, regardless of how Darkdragon may have phrased what she wrote.

[ParnelliBrick]

Hi there , I hoping that someone can help me with this error message I am recently getting when I am trying to part out a set.

Microsoft OLE DB Provider for SQL Server error '80040e09'

The INSERT permission was denied on the object 'xmlUpload', database 'bricklink', schema 'dbo'.

/invSetVerify.asp, line 1268

I did see that someone else also had this problem but there were no replies; any help at all would be great.

thanks

[Ricecracker]

I've merged your question into this existing thread, though you're likely to find more answers on Bricklink's forums and Twitter page.

[Lego Otaku]

Hi there , I hoping that someone can help me with this error message I am recently getting when I am trying to part out a set.

Microsoft OLE DB Provider for SQL Server error '80040e09'

The INSERT permission was denied on the object 'xmlUpload', database 'bricklink', schema 'dbo'.

/invSetVerify.asp, line 1268

I did see that someone else also had this problem but there were no replies; any help at all would be great.

thanks

Bricklink had to rush in newly revamped code to stop hacker from deleting data and messing up the site, and they had not been able to test everything with the rushed codes. So they are fixing the broken code one by one. It is a tedious job that takes a lot of time.

Nothing wrong on your end, just wait a few days for them to patch up the rushed conversion from old and poorly protected SQL code to more secure ASP code. If you need to blame someone, feel free to make a voodoo doll called hacker and torture it slowly.

[LEGO Family]

Nothing wrong on your end, just wait a few days for them to patch up the rushed conversion from old and poorly protected SQL code to more secure ASP code. If you need to blame someone, feel free to make a voodoo doll called hacker and torture it slowly.

Haha .. I would urge anyone who got some megablock figs to do this ASAP !! ... I looked at my LEGO minifigs and wondered which one i could torture and decided none.

But this is a tip i will remember for the future in case i need it .... Mmmmm, a vignette perhaps ? .. :P

Sorry for "spamming" .... Thanks for the laugh ! :D

[Lego Otaku]

Round 3 just happened. I noticed something was off when I got the message my account was terminated. Then I saw the name of a few well known members on their forum becoming legoman77 as some of the top 10 or so in feedback total got ninja-merged.

Then BL was shut down (disconnected or powered off) and twitter reported that someone had hacked into admin's account and causing more trouble.

*sigh* Another roll back incoming from 12:45 PM BL time to 12:15 PM.

https://twitter.com/#!/BricklinkAdm for the latest info.

I really hope the hacker lives in USA, it'd be very hard for this hacker to escape the long reach of FBI

[Meatman]

Why would someone hack bricklink of all places to cause Havoc?

[Lego Otaku]

Why would someone hack bricklink of all places to cause Havoc?

I do have one guess. Someone who is not of legal age to have BL account and was upset that he was ratted out, vilified, kicked out, and humiliated. I've seen a few underaged account owners get banned and one had something like 20 merged accounts because he kept coming back under new account.

[Zeya]

Why would someone hack bricklink of all places to cause Havoc?

Because some men just want to watch the world burn?

[Minifig 39/365] Some People Just Want To Watch The World Burn by nhussein, on Flickr

[Faefrost]

I do have one guess. Someone who is not of legal age to have BL account and was upset that he was ratted out, vilified, kicked out, and humiliated. I've seen a few underaged account owners get banned and one had something like 20 merged accounts because he kept coming back under new account.

The timing of the attacks makes me wonder. They popped up soon after that techno wiz executive from SAP got busted for stealing thousands of Lego sets from Target. While probably not him, it is likely that Bricklink started taking a closer look at their sellers, and being more aggressive in working with the authorities. So someone may be going all Annonymous on them to "Fight the Man!"

Today may also simply be that it became known as a vulnerable site in the process of patching, so a crude script kiddie is taking a run at it.

But still it's a website for selling used Lego between crazy adult hobbiests. LEGO! And we end up with fencing stolen goods, drop ship scams, hacker assaults, all kinds of horrid behavior. It's a wonder the operators keep doing it. I mean who ever would expect this over children's toys?

[gedren_y]

Today may also simply be that it became known as a vulnerable site in the process of patching, so a crude script kiddie is taking a run at it.

But still it's a website for selling used Lego between crazy adult hobbiests. LEGO! And we end up with fencing stolen goods, drop ship scams, hacker assaults, all kinds of horrid behavior. It's a wonder the operators keep doing it. I mean who ever would expect this over children's toys?

Simply being known as vulnerable could give a beginner hacker the confidence to attack the site in an attempt to hone their skill.

As to why attack Bricklink at all. It is most likely about money. Bricklink makes money from their sellers. If someone can find a way siphon off miniscule percentages from sellers payments to Bricklink, they can make a lot of money very quickly. Think the worm program idea from the movie Hackers, except more complicated and harder to trace.

There is also a certain degree of information about Bricklink members in the site's database, ie. addresses, asset volume and Paypal accout ids. They could use this information themselves, or sell it to others that have access to other institutions that pair up with the information for identity theft or other types of crime.

Even physical theft of a Bricklink user's property could happen. Most valuable items can be claimed with insurance, but since the majority of Lego items are low value assets, and determining the origin of individual parts online is next to impossible, someone could easily resell the stolen Lego in another venue. I would suggest that Bricklink sellers that have a large volume of Lego try to find a way to insure their inventory against theft. It may up your costs, but it could keep you from major loss of business and the money paid in acquisition of your inventory.

I do not enjoy considering these possibilities, but as the old saying goes, "An ounce of prevention is worth a pound of cure."

[JopieK]

https://twitter.com/#!/BricklinkAdm

It seems that we need to change our passwords ASAP!!!! Maybe post this at the front page?!!

[Lance]

https://twitter.com/#!/BricklinkAdm

It seems that we need to change our passwords ASAP!!!! Maybe post this at the front page?!!

I think this would be for the best

Could a mod put this on the frontpage?

Edited June 7, 2012 by Lance

[natelite]

Simply being known as vulnerable could give a beginner hacker the confidence to attack the site in an attempt to hone their skill.

As to why attack Bricklink at all. It is most likely about money. Bricklink makes money from their sellers. If someone can find a way siphon off miniscule percentages from sellers payments to Bricklink, they can make a lot of money very quickly. Think the worm program idea from the movie Hackers, except more complicated and harder to trace.

There is also a certain degree of information about Bricklink members in the site's database, ie. addresses, asset volume and Paypal accout ids. They could use this information themselves, or sell it to others that have access to other institutions that pair up with the information for identity theft or other types of crime.

Even physical theft of a Bricklink user's property could happen. Most valuable items can be claimed with insurance, but since the majority of Lego items are low value assets, and determining the origin of individual parts online is next to impossible, someone could easily resell the stolen Lego in another venue. I would suggest that Bricklink sellers that have a large volume of Lego try to find a way to insure their inventory against theft. It may up your costs, but it could keep you from major loss of business and the money paid in acquisition of your inventory.

I do not enjoy considering these possibilities, but as the old saying goes, "An ounce of prevention is worth a pound of cure."

your doomsday scenario is overblown.

hackers can't steal your physical inventory because only the server is hacked. it's not like they can reach out into the screen and steal your golden c3po. no need to go overboard but if you like, i can sell you insurance to protect you from internet theft of your physical assets. i only ask for 1% of the insurance value.

there's no identity theft unless you kept your BL and PP emails the same. even then you'll need to trick them out of their SSN. they do have your IP number, address, email, name and password. again - unless you kept other secrets like your cat's name or the model of your first car or other secret questions/answers on your BL profile there's no risk. the biggest risk is if you use the same BL and PP emails and passwords. so best to change your PP profile to something else quickly.

[Lego Otaku]

A good practice is different password for everything and nothing obvious like '12345' or your name. All of my password (BL, email account, paypal, ebay, etc) are different so if hacker got one of them, they only get one thing and not all of my stuff.

If you need help making a random sonding password: you could start with this site http://www.pctools.com/guides/password

I do keep all of my password on paper (index card) in a well concealed index box. Hackers can't reach through the computer to steal my password card box, and even if someone knew my home address, I live on a 40 acres farm and that's a lot of places to hide password files.