Trouble with Comiclink Website? 10 10

[SilverMAge]

On 8/5/2023 at 6:24 PM, MAR1979 said:

Funny

Among some folks I knew way back when eBay introduced Buy-It-Now it was popular for them to say never sell anything that way as all it took was 2 ID10T's

HA! I'm living proof of that on CL. In November 2018, two "id1ots" auctioned my MSH #13 CGC 9.6 up to $31K!

Edited August 7, 2023 by SilverMAge

[davidking623]

On 8/6/2023 at 6:36 AM, wiparker824 said:

I don’t know I don’t sell there, but I can tell you they seem to get a quantity of books I don’t see on other sites. They may not get as many massive books as Heritage but they get enough of everything else that leads me to believe sellers like selling there, a lot. 

Yeah they don't let buyers snipe so there is that going for selling there .

[Microchip]

Tweaky.

[Buzzetta]

On 8/6/2023 at 7:01 PM, MAR1979 said:

I have it on good authority it's Windows 2000 with no Service Packs running on a no-name PC built by the lowest bidder.
 

Josh works for the government? 

[Telegan]

On 8/6/2023 at 8:36 AM, wiparker824 said:

I don’t know I don’t sell there, but I can tell you they seem to get a quantity of books I don’t see on other sites. They may not get as many massive books as Heritage but they get enough of everything else that leads me to believe sellers like selling there, a lot. 

Yeah, I guess.  I may have misinterpreted what you meant by "had a grip on sellers".  I was thinking "wth, is this a comic book mafia?"  lol.  To me, if they're getting a ton of books to sell there, sellers must want to sell there for whatever reason.  I don't know what the various requirements or restrictions are at the various houses since I don't sell books, but whatever they are, I'm guessing ComicLink must be doing something right in that regard.  As a buyer they get my money and return business because their buyer's premium is reasonable and, well, I'm one of those evil snipers.

[F For Fake]

This is new. I'm getting this error when I attempt to access CLink from my work computer. However, I can still access it from my phone just fine. 

[toro]

Wish there were more problems on Clink.  I'm setting GPA lows on most of my books. 

[PKJ]

I just got winning Bidder notifications for auctions that ended on the 31st. I guess they want to make sure you still owe them money. They were certainly impacted, I have not logged in since the issue.

 

Pay for auction wins with a cash advance
by consigning to upcoming auctions!
CLICK HERE TO CONTACT OUR SALES TEAM

 

Congratulations! You are the winning bidder on the following ComicLink auction(s):
Item Detail:
ARCHIE COMICS #53, CGC 6.5 FN+     $481
Once all items that you may win within this auction have closed, please proceed to auction checkout in order to select your payment and

[alecholland]

On 8/10/2023 at 9:06 AM, PKJ said:

I just got winning Bidder notifications for auctions that ended on the 31st. I guess they want to make sure you still owe them money. They were certainly impacted, I have not logged in since the issue.

 

Pay for auction wins with a cash advance
by consigning to upcoming auctions!
CLICK HERE TO CONTACT OUR SALES TEAM

 

Congratulations! You are the winning bidder on the following ComicLink auction(s):
Item Detail:
ARCHIE COMICS #53, CGC 6.5 FN+     $481
Once all items that you may win within this auction have closed, please proceed to auction checkout in order to select your payment and

Yep, me too. Just got the winning bidder notification on a book I won and already paid for 5 days ago. As soon as I receive the book I am going to contact them to close my account. There are a lot of other venues for buying and selling funny books including here on the boards.

They have lost my confidence and trust.

Edited August 10, 2023 by alecholland

[VintageComics]

Comiclink has posted an update on Social Media. Sorry, I don't know how to embed Facebook links.

https://www.facebook.com/comiclinkauctions/posts/pfbid03abkrpiK8uQ89T25dGAxsrAh4YGizagWpT6mmCKLSjBcdKogXnhSztmp22yqP2Sul

This is the body of text from the link. 

Spoiler

Now that the issues that happened last week on the web site are resolved, I want to provide an update on what transpired and to communicate that the protocols that we now have in place have made us stronger and more resistant to attacks than the vast majority of firms. The fact of the matter is that no web site is immune to this. Many Fortune 500 companies, banks, credit reporting agencies, hospitals, and governmental agencies have experienced attacks. The only thing any of us can do is learn, adjust, and prepare.

 

Here’s the deal. Though we had previously been lucky enough to have avoided it when other auction companies within the collectibles field were hit with attacks, most notably in 2019 and 2020, last week, ComicLink was a target of a url XSS redirection attack which forced browsers accessing certain parts of the web site to be redirected to untrusted external sites. This was often, and fortunately, accompanied by warnings in the user’s browser or anti-malware software which cautioned against proceeding further. If you do not have up to date malware detection on your computer or mobile device, I strongly suggest it. Due to precautions that we had taken previously, sensitive customer data such as credit cards (maintained by a third party provider) or passwords (encrypted) were never compromised by this and there is no data loss.

 

Attacks were staggered and defended against last week and during this time I worked with my IT team day and night to determine how to best defend against recurring attacks, intentionally bringing the entire web site down while we made purposeful changes. We implemented a major security upgrade in partnership with Cloudflare, whose clients include or have included the likes of IBM, LendingTree, Shopify, Garmin and many others. Early Friday morning we brought the site back up safely behind Cloudflare’s firewall.

The web site appeared back up to some users before others. This had to do with one of two things, either name server migration propagating to some Internet Service Providers before others, or caching issues related to the disparate ways that browsers cache web sites. By late Friday morning, the web site was back up for most Internet Service Providers, and by early afternoon, we could see that name server propagation was complete in 99.9% of the world. The likelihood is that any viewing issues subsequently were related to caching or false positives related to security protocols.

 

In the unlikely event that you are still having trouble viewing the site, the recommendation is that you clear your cache and reload your browser and/or restart your computer or mobile device. E-mail or phone us if you cannot resolve it or if you believe you are being unintentionally blocked from accessing the web site.

 

Subsequent to bringing the site back up and implementing prevention procedures, some non-critical error messages were found on the web site. We have spent the last few days addressing those and they have all been corrected. That said, please let us know if you experience any errors or believe that you were blocked in error from a safe connection point.

Thank you for trusting us to be your partner in buying and selling collectibles. We will remain diligent about security going forward.

 

Edited August 10, 2023 by VintageComics

[buttock]

On 8/10/2023 at 2:21 PM, VintageComics said:

Comiclink has posted an update on Social Media. Sorry, I don't know how to embed Facebook links.

https://www.facebook.com/comiclinkauctions/posts/pfbid03abkrpiK8uQ89T25dGAxsrAh4YGizagWpT6mmCKLSjBcdKogXnhSztmp22yqP2Sul

This is the body of text from the link. 

  Hide contents

Now that the issues that happened last week on the web site are resolved, I want to provide an update on what transpired and to communicate that the protocols that we now have in place have made us stronger and more resistant to attacks than the vast majority of firms. The fact of the matter is that no web site is immune to this. Many Fortune 500 companies, banks, credit reporting agencies, hospitals, and governmental agencies have experienced attacks. The only thing any of us can do is learn, adjust, and prepare.

 

Here’s the deal. Though we had previously been lucky enough to have avoided it when other auction companies within the collectibles field were hit with attacks, most notably in 2019 and 2020, last week, ComicLink was a target of a url XSS redirection attack which forced browsers accessing certain parts of the web site to be redirected to untrusted external sites. This was often, and fortunately, accompanied by warnings in the user’s browser or anti-malware software which cautioned against proceeding further. If you do not have up to date malware detection on your computer or mobile device, I strongly suggest it. Due to precautions that we had taken previously, sensitive customer data such as credit cards (maintained by a third party provider) or passwords (encrypted) were never compromised by this and there is no data loss.

 

Attacks were staggered and defended against last week and during this time I worked with my IT team day and night to determine how to best defend against recurring attacks, intentionally bringing the entire web site down while we made purposeful changes. We implemented a major security upgrade in partnership with Cloudflare, whose clients include or have included the likes of IBM, LendingTree, Shopify, Garmin and many others. Early Friday morning we brought the site back up safely behind Cloudflare’s firewall.

The web site appeared back up to some users before others. This had to do with one of two things, either name server migration propagating to some Internet Service Providers before others, or caching issues related to the disparate ways that browsers cache web sites. By late Friday morning, the web site was back up for most Internet Service Providers, and by early afternoon, we could see that name server propagation was complete in 99.9% of the world. The likelihood is that any viewing issues subsequently were related to caching or false positives related to security protocols.

 

In the unlikely event that you are still having trouble viewing the site, the recommendation is that you clear your cache and reload your browser and/or restart your computer or mobile device. E-mail or phone us if you cannot resolve it or if you believe you are being unintentionally blocked from accessing the web site.

 

Subsequent to bringing the site back up and implementing prevention procedures, some non-critical error messages were found on the web site. We have spent the last few days addressing those and they have all been corrected. That said, please let us know if you experience any errors or believe that you were blocked in error from a safe connection point.

Thank you for trusting us to be your partner in buying and selling collectibles. We will remain diligent about security going forward.

 

Mods notified. 

[alecholland]

On 8/7/2023 at 4:40 AM, Buzzetta said:

Josh works for the government? 

I work for the government. We're using Vista! 

[Gaard]

Other than the above FB post by them, telling us how they are now more resistant to attacks now, did they ever let us know that they were under attack? Most (all) of us were wondering what the heck was going on.

[bc]

On 8/10/2023 at 5:40 PM, Gaard said:

Other than the above FB post by them, telling us how they are now more resistant to attacks now, did they ever let us know that they were under attack? Most (all) of us were wondering what the heck was going on.

I didn't see anything communicated during the actual event, but many people on this board diagnosed the problem back on 8/2.

We also pointed out the DNS change to Cloudfare which is part of the official statement.

It's not easy to put out an exact statement of the cause while trying to determine and mitigate the issues - that's why these forensic reviews are part of the standard FBI playbook.  

-bc

EDIT: Actually sort of impressed that they went into the technical detail of the issue and resolution. Notice they didn't mention that they were using some "vulnerable" code libraries

Edited August 10, 2023 by bc

[VintageComics]

On 8/10/2023 at 5:25 PM, buttock said:

On 8/10/2023 at 4:21 PM, VintageComics said:

Comiclink has posted an update on Social Media. Sorry, I don't know how to embed Facebook links.

https://www.facebook.com/comiclinkauctions/posts/pfbid03abkrpiK8uQ89T25dGAxsrAh4YGizagWpT6mmCKLSjBcdKogXnhSztmp22yqP2Sul

This is the body of text from the link. 

  Reveal hidden contents

Now that the issues that happened last week on the web site are resolved, I want to provide an update on what transpired and to communicate that the protocols that we now have in place have made us stronger and more resistant to attacks than the vast majority of firms. The fact of the matter is that no web site is immune to this. Many Fortune 500 companies, banks, credit reporting agencies, hospitals, and governmental agencies have experienced attacks. The only thing any of us can do is learn, adjust, and prepare.

 

Here’s the deal. Though we had previously been lucky enough to have avoided it when other auction companies within the collectibles field were hit with attacks, most notably in 2019 and 2020, last week, ComicLink was a target of a url XSS redirection attack which forced browsers accessing certain parts of the web site to be redirected to untrusted external sites. This was often, and fortunately, accompanied by warnings in the user’s browser or anti-malware software which cautioned against proceeding further. If you do not have up to date malware detection on your computer or mobile device, I strongly suggest it. Due to precautions that we had taken previously, sensitive customer data such as credit cards (maintained by a third party provider) or passwords (encrypted) were never compromised by this and there is no data loss.

 

Attacks were staggered and defended against last week and during this time I worked with my IT team day and night to determine how to best defend against recurring attacks, intentionally bringing the entire web site down while we made purposeful changes. We implemented a major security upgrade in partnership with Cloudflare, whose clients include or have included the likes of IBM, LendingTree, Shopify, Garmin and many others. Early Friday morning we brought the site back up safely behind Cloudflare’s firewall.

The web site appeared back up to some users before others. This had to do with one of two things, either name server migration propagating to some Internet Service Providers before others, or caching issues related to the disparate ways that browsers cache web sites. By late Friday morning, the web site was back up for most Internet Service Providers, and by early afternoon, we could see that name server propagation was complete in 99.9% of the world. The likelihood is that any viewing issues subsequently were related to caching or false positives related to security protocols.

 

In the unlikely event that you are still having trouble viewing the site, the recommendation is that you clear your cache and reload your browser and/or restart your computer or mobile device. E-mail or phone us if you cannot resolve it or if you believe you are being unintentionally blocked from accessing the web site.

 

Subsequent to bringing the site back up and implementing prevention procedures, some non-critical error messages were found on the web site. We have spent the last few days addressing those and they have all been corrected. That said, please let us know if you experience any errors or believe that you were blocked in error from a safe connection point.

Thank you for trusting us to be your partner in buying and selling collectibles. We will remain diligent about security going forward.

 

Expand  

Mods notified. 

Zods codified. 

[D84]

On 8/10/2023 at 9:42 AM, alecholland said:

Yep, me too. Just got the winning bidder notification on a book I won and already paid for 5 days ago. As soon as I receive the book I am going to contact them to close my account. There are a lot of other venues for buying and selling funny books including here on the boards.

They have lost my confidence and trust.

Got something similar. I replied that I paid on the 2nd and asked when they plan on shipping my book.

[Chaz G.]

I ended up winning my CLink auction book well below GPA and my top bid price.  

[Gaard]

On 8/10/2023 at 10:01 PM, Chaz G. said:

I ended up winning my CLink auction book well below GPA and my top bid price.  

1 for 1

[wiparker824]

On 8/10/2023 at 2:51 PM, bc said:

EDIT: Actually sort of impressed that they went into the technical detail of the issue and resolution. Notice they didn't mention that they were using some "vulnerable" code libraries

And still are from what I can see. They more than likely just did the quick and dirty fixes. Which isn’t necessarily a bad short-term plan but they then should be overhauling the entire site long term, modernizing all of the security, but they probably won’t, and will be shocked the next breach. 

[justafan]

On 8/11/2023 at 1:56 AM, wiparker824 said:

And still are from what I can see. They more than likely just did the quick and dirty fixes. Which isn’t necessarily a bad short-term plan but they then should be overhauling the entire site long term, modernizing all of the security, but they probably won’t, and will be shocked the next breach. 

I hope it's just them waiting until this final session of auctions to end before bringing down their servers and overhauling the entire site. They shouldn't let their guard down just because they're now operating behind Cloudflare.

Edited August 11, 2023 by justafan
Spelling