Hallo Zusammen,

Bricklink hat wohl gerade leichte Probleme wegen eines Hacker-Angriffs:

http://www.bricklink.com/message.asp?ID=640572

For those of you following the Twitter feed, there are a lot more details as
I worked through the issues. Here's a summary:

1) Bricklink got attacked several times on Friday. Once was overnight, causing
massive transaction logs and database issues. The second time was more malicious
and caused random issues across the board.

2) Anything that happened after 8:00 PM EDT (New York City time) has been rolled
back, as this is when the chaos started. This covers about 125 orders. We have
a list of what was affected, but the short answer is that if you don't see it
in your order list, it was affected.

3) Since we are still actively patching security holes, the database security
has been tightened as much as I can right now. As a result, you will be seeing
ASP database errors on various pages. Please send these directly to admin@bricklink.com
and I will work through them as I can. I don't know how many there will be, a
lot of the code uses stored procs, but not all.

We are working with a third-party security firm to help identify as many security
holes as possible, covering SQL injection, cross-site scripting, etc. These patches
are being done regardless of the fact that we are already making plans for a
new ASP.NET based site with security baked in from the beginning. We simply can't
wait. It means that roughly 400 ASP pages will have to be checked, by hand, for
security holes to ensure safety of the site.

We appreciate your patience and understanding. While "everyone gets hacked" may
be a common theme, it's a nuisance and these hackers, whoever they are, obviously
don't feel the need to preserve what has been built here over the past decade.
If you are one of the hackers and have a legitimate grievance, come to me and
talk about it. Don't take it out on everyone else.

If you have any questions, feel free to post here or send direct to admin@bricklink.com.
I will continue updating the Twitter feed as I make fixes, click the Follow button
at the top to subscribe.

Eric Smith
Bricklink Administrator

Leider funktioniert es Stand heute morgen immer noch nicht richtig.

gruß Mathias

Hallo Mathias!

Vielen Dank für die Informationen.
Nun haben sich also die Hacker auch die ersten Legoseiten vorgenommen.
Echt ätzend! Als ob da was zu holen wäre (außer natürlich, daß man den Webspace zur Versendung von SPAM, Malware, etc. nutzt.). Kranke Hirne im Internet!>
Hoofentlich bleibt dieses Forum noch ein wenig verschont.

Bis neulich,
Stefan

Hallo Zusammen,

wer den Twitter Tweed auf Bricklink folgt merkt: Eric ist immer noch am Wiederherstellen.

Leider dauert es noch...

gruß Mathias