TulipTools Internet Business Owners and Online Sellers Community

TulipTools Internet Business Owners and Online Sellers Community > Online Auction Industry, B2B Trading Sites, Classified Ad Sites, Fixed Price Venues, and Malls > Online Auction Industry Discussion > Auction Sites > Other Auction Sites > BluJay Breaks! plus Blujay's Forums Have Been A Hacker's Best Friend Since 2005
Full Version: BluJay Breaks! plus Blujay's Forums Have Been A Hacker's Best Friend Since 2005
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

sneakymagenta

01-12-2007, 12:43 AM
BluJay is BROKEN!.  It went down late Wednesday night.  The site redirects to their forums.

BluJay didn't give any explanation for the outage beyond:

Quote:blujay.com is currently down - the service will be back on Friday

:Smile

mandy

01-12-2007, 08:54 AM
Update:

Quote:The blujay.com service will be restored once the DNS information propagates across the internet.

bargainbloodhound

01-12-2007, 08:15 PM
Quote:As it would happen, one of the servers was unplugged accidently.

This was resolved immediately upon arriving at the datacenter.  However the servers were still unavailable for much of Thursday because we pointed the DNS info to the forum to keep everyone informed and it took a while to switch back.

:Smile :Smile :Smile :Smile :Smile

1.  why didn't they post an actual announcement on their boards yesterday
2.  why did it take 24 hours for their DNS to "switch back"?

amy

01-13-2007, 02:07 AM
Quote:As it would happen, one of the servers was unplugged accidently.

That's the first time I've heard 'server was unplugged' used as an excuse for an outage.  ;D

thentavius

01-14-2007, 06:51 AM
[quote author=amy link=topic=6616.msg40254#msg40254 date=1168654020]
Quote:As it would happen, one of the servers was unplugged accidently.

That's the first time I've heard 'server was unplugged' used as an excuse for an outage.  ;D
[/quote]

It looks like it's back up now.

mandy

06-13-2008, 11:12 AM
It broke again...down about 12 hours and counting

every page on BJ Wrote:Error 404 - Not found

The document you requested is not found.

From their board:
Quote:We are currently experiencing DNS issues. blujay.com will be back online as soon as this is resolved.

blujay 6-12-2008
http://blujaybb.com/

DNS issues usually don't result in every page on a site throwing 404s.  A crashed database  does however.  Perhaps he meant to say we'll be back as soon as the database is restored -unless someone unplugs the server from the wall again (last year's excuse for an all day outage).

Also from their board, an open invitation to hackers:
Quote:Powered by SMF 1.0.5.
:blinkie:

the ancient version 1.05 has several security vulnerabilities, some of which have been known since 2005  :blinkie:

9/1/05, Exposure of system information, http://secunia.com/advisories/16646/
2/24/06, Cross Site Scripting, http://secunia.com/advisories/19004/
9/4/06, Cross Site Scripting, sql injection,Manipulation of data, http://secunia.com/product/5285/?task=advisories_2006
12/4/2006, cross site scripting, http://secunia.com/advisories/23175/
5/7/2007, hijacking, http://secunia.com/advisories/25139/
10/22/2007, sql injection, manipulation of data, http://secunia.com/advisories/27346/

The security issues caused by Blujay's failure to update its board from version 1.05 were first commented on here in early 2006 and the site's boinktard owner has yet to update his board. :Smile

-----------------------------------------------------------
EDIT: while I'm in BJ bashing mode Laughing7 , I thought I'd remind people of one of the primary reasons Blujay has never been recommended here and never will be: the site has always hidden its ownership information on its domain WHOIS records.

  FYI, Auctionbytes shares the same sentiments about sites that hide their ownership information:
auctionbytes in an article about the launch of Wagglepop 2 Wrote:It's impossible to vet every company we write about, but our policy has been to always verify the WhoIs registration information and search for the registrant's name to look for any signs of trouble. If a business won't reveal their identity, we won't write about it
http://blog.auctionbytes.com/cgi-bin/blo...49200.html]

Dixie_Amazon

06-13-2008, 01:46 PM
While the forum home page comes up fine, this is what you see when you click login
http://www.blujay.com/?page=loginp

[img width=600 height=363]http://img.photobucket.com/albums/v660/Dixie_Amazon/Screen%20Shots/BJforum061308.gif[/img]

bargainbloodhound

06-13-2008, 02:29 PM
Quote:DNS issues usually don't result in every page on a site throwing 404s.  A crashed database  does however.

Correct, DNS issues don't result in 404s like the site was showing last night.  Its not a crashed database though. More likely they're having problems importing the database to their new server (or it's taking longer then they thought to import it)

BluJay did an unannounced server move yesterday and it looks like they switched the DNS to point to the new server before the site/software was setup/tested on the new server...they must have attended the same Bungled Server Moves 101 class as Plunderhere's Marktard.  You should always test that the site is working on the new server before you switch the DNS to point to the new server.

Old host: Corporate Colo in Southern California
New Host: 1 &1 (why the hell they chose 1&1 is a mystery...1&1 primarily serves small businesses/mom & pops)

old server
7 day old cached copy of their DNS records Wrote:base record name ip reverse route as
blujay.com a 205.134.227.202 mail.blujay.com 205.134.224.0/19 Corporate Colocation, Inc. AS17139 CORPCOLO Corporate Colocation, Inc http://www corporatecolo com/
ns ns1.blujay.com 205.134.227.204
ns2.blujay.com 205.134.227.205
mx mail.blujay.com 205.134.227.202 mail.blujay.com

new server:

current DNS records Wrote:blujay.com. MX IN 86400 mx00.1and1.com. [Preference = 10]
blujay.com. MX IN 86400 mx01.1and1.com. [Preference = 10]
blujay.com. SOA IN 86400 Primary DNS server: ns57.1and1.com.
Responsible Name: hostmaster@1and1.com.
Serial: 2008061203
Refresh: 28800 (8h)
Retry: 7200 (2h)
Expire: 604800 (1w)
Minimum/NegTTL: 86400 (1d)
blujay.com. NS IN 86400 ns58.1and1.com.
blujay.com. NS IN 86400 ns57.1and1.com.
blujay.com. A IN 10800 74.208.27.123

bargainbloodhound

06-13-2008, 02:33 PM
edit:
Quote:The security issues caused by Blujay's failure to update its board from version 1.05 were first commented on here in early 2006

Security problems with their forum were first mentioned on FAS in early 2005 by me.  At the time they  were using an outdated SMF 1.01.  Apparently the upgrade they did to 1.05 after the subject was brought up 3 years ago was the last time they bothered to upgrade the forum.

regic

06-13-2008, 03:10 PM
Quote:blujay.com.   NS   IN   86400   ns58.1and1.com.
blujay.com.   NS   IN   86400   ns57.1and1.com.

A helpful server move tip for all the boinktards out there  Smile

When you're doing a server move that also involves a change of nameservers you should change the TTL (the 86400 above, which is 24 hours) to 900 or less (15 minutes) 1-2 days before doing the move.  This will force every ISP to query your domain records every 15 minutes (instead of doing it every 24 hours) and will virtually eliminate the problem of users whose ISPs are slow to update their records having to wait 1-2 days for the new DNS info to propogate to their slowpoke ISP.
Pages: 1 2
TulipTools Internet Business Owners and Online Sellers Community > Online Auction Industry, B2B Trading Sites, Classified Ad Sites, Fixed Price Venues, and Malls > Online Auction Industry Discussion > Auction Sites > Other Auction Sites > BluJay Breaks! plus Blujay's Forums Have Been A Hacker's Best Friend Since 2005