diff --git a/server.rb b/server.rb
index b07ee3a..d6aef01 100755
--- a/server.rb
+++ b/server.rb
@@ -460,11 +460,11 @@ get '/import/lcsc/:lcsc' do
 end
 
 get '/attach?' do
-  halt 401, "part name or id required" unless params['id'] or params['name']
-  halt 401, "attachement URL required" unless params['url']
+  halt 400, "part name or id required" unless params['id'] or params['name']
+  halt 400, "attachement URL required" unless params['url']
   statement = @db.prepare("SELECT id, name FROM part WHERE id = ? OR name = ?")
   part = statement.execute(params['id'], params['name']).to_a[0]
-  halt 401, "unknown part" unless part
+  halt 400, "unknown part" unless part
   file = CGI.unescape(params['url']).split("/")[-1]
   dir = PUBLIC + "/" + ATTACHMENTS + "/" + part["name"].gsub("/", "_")
   path = "#{dir}/#{file}"
@@ -476,6 +476,8 @@ get '/attach?' do
       File.open(path, "wb") do |f|
         f.write res.body
       end
+    else
+      halt 404, "download failed"
     end
   end
 end