karl1 Posted June 2, 2012 (edited) I can't get past the op about his 2500 order, can i come to your house and play Edited June 2, 2012 by karl1 Share this post Link to post Share on other sites
Big Cam Posted June 2, 2012 Is it just me, or is bricklink down again? And yes, I know, the old thread was closed. And I'm sorry if this is a little cluttery, but seriously, I need to know what's up. I'm in the middle of finalizing a $2,500 order (half the total) and I've spent the last 9 hours straight with 3 computer screens and 8 windows comparing piece by piece prices. I'm super super scared The twitter feed says they have been attacked. I seriously want to grind whoever attacked the site in very sharp lego pieces. grrr Sorry. Anyway, anyone know what's up? Do we look like the Bricklink help line? As much as we all love the site, unfortunately we at EB don't know anything more than you do. Share this post Link to post Share on other sites
Hinckley Posted June 2, 2012 In the future we will merge all topics about Bricklink site availability with this one. Sorry about the thread closing. We get a lot of topics about when Brickshelf goes down, that are so frequent we usually refer people to our massive "Brickshelf up, down, who know?" mega-thread. Sometimes we get them confused. Hope that Brickworld order got through! Share this post Link to post Share on other sites
alienwar9 Posted June 3, 2012 Ooo, yay! I kind of felt bad for making the topic in the first place, because the first one was closed so quick after. But I just thought it might be an interesting thing to talk about each other's experiences and get a feeling for how this is affecting everyone. See if anyone had to do workarounds, maybe get tips on handling bricklink withdrawal I sincerely feel bad for Eric having to fix the problems by himself and fix all of bricklink. Has bricklink ever been down or attacked like this before? Or do I have the worst timing in the world, using bricklink for the first time? Oh, and I think I lost some hair. Only half my order has gone through. I'm stuck waiting for the Wanted-lists to be editable so I can remove what I have purchased so far and search for the stores with the most pieces that I have left. Looks like I'm going to spend a lot more on quick shipping By the way, does anyone know how to do a search for a large group of pieces in stores? The query stores check-mark in the wanted list does not hold through multiple pages. Share this post Link to post Share on other sites
Legoman of War Posted June 3, 2012 I am able to process orders now but still unable to add any new inventory. LMW Share this post Link to post Share on other sites
Legoman of War Posted June 4, 2012 Not confused in the least bit. How about this, if you want to make a nasty comment, why don't you send me a message directly instead of showing your ignorance and trying to call someone out publicly. If you don't want to see what I typed, then don't open the thread. LMW Share this post Link to post Share on other sites
Ricecracker Posted June 4, 2012 Not confused in the least bit. How about this, if you want to make a nasty comment, why don't you send me a message directly instead of showing your ignorance and trying to call someone out publicly. If you don't want to see what I typed, then don't open the thread. LMW Relax. Darkdragon was just pointing out that you're better off asking Bricklink Admin directly rather than asking here. Share this post Link to post Share on other sites
Legoman of War Posted June 4, 2012 (edited) It was more of an FYI versus making a complaint. I am aware of the process and was stating a current status. If you look closely there is no question in my post. Once again, asking first would have avoided being flamed. Maybe if Darkdragon had stated the way you did, he wouldn't have gotten the reaction he did. LMW Edited June 4, 2012 by Legoman of War Share this post Link to post Share on other sites
Ricecracker Posted June 4, 2012 It was more of an FYI versus making a complaint. I am aware of the process and was stating a current status. If you look closely there is no question in my post. Once again, asking first would have avoided being flamed. Maybe if Darkdragon had stated the way you did, he wouldn't have gotten the reaction he did. LMW Two wrongs don't make a right, regardless of how Darkdragon may have phrased what she wrote. Share this post Link to post Share on other sites
ParnelliBrick Posted June 5, 2012 Hi there , I hoping that someone can help me with this error message I am recently getting when I am trying to part out a set. Microsoft OLE DB Provider for SQL Server error '80040e09' The INSERT permission was denied on the object 'xmlUpload', database 'bricklink', schema 'dbo'. /invSetVerify.asp, line 1268 I did see that someone else also had this problem but there were no replies; any help at all would be great. thanks Share this post Link to post Share on other sites
Ricecracker Posted June 5, 2012 I've merged your question into this existing thread, though you're likely to find more answers on Bricklink's forums and Twitter page. Share this post Link to post Share on other sites
Lego Otaku Posted June 6, 2012 Hi there , I hoping that someone can help me with this error message I am recently getting when I am trying to part out a set. Microsoft OLE DB Provider for SQL Server error '80040e09' The INSERT permission was denied on the object 'xmlUpload', database 'bricklink', schema 'dbo'. /invSetVerify.asp, line 1268 I did see that someone else also had this problem but there were no replies; any help at all would be great. thanks Bricklink had to rush in newly revamped code to stop hacker from deleting data and messing up the site, and they had not been able to test everything with the rushed codes. So they are fixing the broken code one by one. It is a tedious job that takes a lot of time. Nothing wrong on your end, just wait a few days for them to patch up the rushed conversion from old and poorly protected SQL code to more secure ASP code. If you need to blame someone, feel free to make a voodoo doll called hacker and torture it slowly. Share this post Link to post Share on other sites
LEGO Family Posted June 6, 2012 Nothing wrong on your end, just wait a few days for them to patch up the rushed conversion from old and poorly protected SQL code to more secure ASP code. If you need to blame someone, feel free to make a voodoo doll called hacker and torture it slowly. Haha .. I would urge anyone who got some megablock figs to do this ASAP !! ... I looked at my LEGO minifigs and wondered which one i could torture and decided none. But this is a tip i will remember for the future in case i need it .... Mmmmm, a vignette perhaps ? .. :P Sorry for "spamming" .... Thanks for the laugh ! :D Share this post Link to post Share on other sites
Lego Otaku Posted June 7, 2012 Round 3 just happened. I noticed something was off when I got the message my account was terminated. Then I saw the name of a few well known members on their forum becoming legoman77 as some of the top 10 or so in feedback total got ninja-merged. Then BL was shut down (disconnected or powered off) and twitter reported that someone had hacked into admin's account and causing more trouble. *sigh* Another roll back incoming from 12:45 PM BL time to 12:15 PM. https://twitter.com/#!/BricklinkAdm for the latest info. I really hope the hacker lives in USA, it'd be very hard for this hacker to escape the long reach of FBI Share this post Link to post Share on other sites
Meatman Posted June 7, 2012 Why would someone hack bricklink of all places to cause Havoc? Share this post Link to post Share on other sites
Lego Otaku Posted June 7, 2012 Why would someone hack bricklink of all places to cause Havoc? I do have one guess. Someone who is not of legal age to have BL account and was upset that he was ratted out, vilified, kicked out, and humiliated. I've seen a few underaged account owners get banned and one had something like 20 merged accounts because he kept coming back under new account. Share this post Link to post Share on other sites
Zeya Posted June 7, 2012 Why would someone hack bricklink of all places to cause Havoc? Because some men just want to watch the world burn? [Minifig 39/365] Some People Just Want To Watch The World Burn by nhussein, on Flickr Share this post Link to post Share on other sites
Faefrost Posted June 7, 2012 I do have one guess. Someone who is not of legal age to have BL account and was upset that he was ratted out, vilified, kicked out, and humiliated. I've seen a few underaged account owners get banned and one had something like 20 merged accounts because he kept coming back under new account. The timing of the attacks makes me wonder. They popped up soon after that techno wiz executive from SAP got busted for stealing thousands of Lego sets from Target. While probably not him, it is likely that Bricklink started taking a closer look at their sellers, and being more aggressive in working with the authorities. So someone may be going all Annonymous on them to "Fight the Man!" Today may also simply be that it became known as a vulnerable site in the process of patching, so a crude script kiddie is taking a run at it. But still it's a website for selling used Lego between crazy adult hobbiests. LEGO! And we end up with fencing stolen goods, drop ship scams, hacker assaults, all kinds of horrid behavior. It's a wonder the operators keep doing it. I mean who ever would expect this over children's toys? Share this post Link to post Share on other sites
gedren_y Posted June 7, 2012 Today may also simply be that it became known as a vulnerable site in the process of patching, so a crude script kiddie is taking a run at it. But still it's a website for selling used Lego between crazy adult hobbiests. LEGO! And we end up with fencing stolen goods, drop ship scams, hacker assaults, all kinds of horrid behavior. It's a wonder the operators keep doing it. I mean who ever would expect this over children's toys? Simply being known as vulnerable could give a beginner hacker the confidence to attack the site in an attempt to hone their skill. As to why attack Bricklink at all. It is most likely about money. Bricklink makes money from their sellers. If someone can find a way siphon off miniscule percentages from sellers payments to Bricklink, they can make a lot of money very quickly. Think the worm program idea from the movie Hackers, except more complicated and harder to trace. There is also a certain degree of information about Bricklink members in the site's database, ie. addresses, asset volume and Paypal accout ids. They could use this information themselves, or sell it to others that have access to other institutions that pair up with the information for identity theft or other types of crime. Even physical theft of a Bricklink user's property could happen. Most valuable items can be claimed with insurance, but since the majority of Lego items are low value assets, and determining the origin of individual parts online is next to impossible, someone could easily resell the stolen Lego in another venue. I would suggest that Bricklink sellers that have a large volume of Lego try to find a way to insure their inventory against theft. It may up your costs, but it could keep you from major loss of business and the money paid in acquisition of your inventory. I do not enjoy considering these possibilities, but as the old saying goes, "An ounce of prevention is worth a pound of cure." Share this post Link to post Share on other sites
JopieK Posted June 7, 2012 https://twitter.com/#!/BricklinkAdm It seems that we need to change our passwords ASAP!!!! Maybe post this at the front page?!! Share this post Link to post Share on other sites
Lance Posted June 7, 2012 (edited) https://twitter.com/#!/BricklinkAdm It seems that we need to change our passwords ASAP!!!! Maybe post this at the front page?!! I think this would be for the best Could a mod put this on the frontpage? Edited June 7, 2012 by Lance Share this post Link to post Share on other sites
natelite Posted June 7, 2012 Simply being known as vulnerable could give a beginner hacker the confidence to attack the site in an attempt to hone their skill. As to why attack Bricklink at all. It is most likely about money. Bricklink makes money from their sellers. If someone can find a way siphon off miniscule percentages from sellers payments to Bricklink, they can make a lot of money very quickly. Think the worm program idea from the movie Hackers, except more complicated and harder to trace. There is also a certain degree of information about Bricklink members in the site's database, ie. addresses, asset volume and Paypal accout ids. They could use this information themselves, or sell it to others that have access to other institutions that pair up with the information for identity theft or other types of crime. Even physical theft of a Bricklink user's property could happen. Most valuable items can be claimed with insurance, but since the majority of Lego items are low value assets, and determining the origin of individual parts online is next to impossible, someone could easily resell the stolen Lego in another venue. I would suggest that Bricklink sellers that have a large volume of Lego try to find a way to insure their inventory against theft. It may up your costs, but it could keep you from major loss of business and the money paid in acquisition of your inventory. I do not enjoy considering these possibilities, but as the old saying goes, "An ounce of prevention is worth a pound of cure." your doomsday scenario is overblown. hackers can't steal your physical inventory because only the server is hacked. it's not like they can reach out into the screen and steal your golden c3po. no need to go overboard but if you like, i can sell you insurance to protect you from internet theft of your physical assets. i only ask for 1% of the insurance value. there's no identity theft unless you kept your BL and PP emails the same. even then you'll need to trick them out of their SSN. they do have your IP number, address, email, name and password. again - unless you kept other secrets like your cat's name or the model of your first car or other secret questions/answers on your BL profile there's no risk. the biggest risk is if you use the same BL and PP emails and passwords. so best to change your PP profile to something else quickly. Share this post Link to post Share on other sites
Lego Otaku Posted June 7, 2012 A good practice is different password for everything and nothing obvious like '12345' or your name. All of my password (BL, email account, paypal, ebay, etc) are different so if hacker got one of them, they only get one thing and not all of my stuff. If you need help making a random sonding password: you could start with this site http://www.pctools.com/guides/password I do keep all of my password on paper (index card) in a well concealed index box. Hackers can't reach through the computer to steal my password card box, and even if someone knew my home address, I live on a 40 acres farm and that's a lot of places to hide password files. Share this post Link to post Share on other sites