BBO Discussion Forums: An intrustion attempt by www.bridgebase.com was blocked - BBO Discussion Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

An intrustion attempt by www.bridgebase.com was blocked

#1 User is offline   mr1303 

  • Admirer of Walter the Walrus
  • PipPipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 2,558
  • Joined: 2003-November-14
  • Gender:Male
  • Location:Ulaanbaatar, Mongolia
  • Interests:Bridge, surfing, water skiing, cricket, golf. Generally being outside really.

Posted 2012-November-26, 07:00

My anti-virus package is blocking a lot of these at the moment, all of which relate to the bridgebase website. Just wondering if there's any likely reason for this? I'm using the old version if it helps.

Attacker URL: Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-11-26 12:52:00,High,An intrusion attempt by www.bridgebase.com was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 4,No Action Required,No Action Required,"www.bridgebase.com (65.254.56.174, 80)","adserver.bridgebase.com/openx/www/delivery/ajs.php?zoneid=2&cb=65874195775&charset=utf-8&loc=http://ads.bridgebase.com/common/ads/location2_inner.html&referer=http://ads.bridgebase.com/common/ads/location2.html?ra=1736950616&rb=977799023&c=GB","MRREEVE-PC (192.168.2.5, 49262)",65.254.56.174 (65.254.56.174),"TCP, www-http"
Network traffic from <b>adserver.bridgebase.com/openx/www/delivery/ajs.php?zoneid=2&cb=65874195775&charset=utf-8&loc=http://ads.bridgebase.com/common/ads/location2_inner.html&referer=http://ads.bridgebase.com/common/ads/location2.html?ra=1736950616&rb=977799023&c=GB</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\BRIDGE BASE ONLINE\NETBRIDGEVU.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
0

#2 User is offline   jdeegan 

  • PipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 1,427
  • Joined: 2005-August-12
  • Gender:Male
  • Interests:Economics
    Finance
    Bridge bidding theory
    Cooking
    Downhill skiing

Posted 2012-November-26, 08:51

:P Yeah. I have the same issue from Norton anti-virus.
0

#3 User is offline   barmar 

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • Group: Admin
  • Posts: 21,398
  • Joined: 2004-August-21
  • Gender:Male

Posted 2012-November-26, 09:08

There was an intrusion on our adserver about 11 days ago, and the hacker added malware to our ads. We disabled ads as soon as we discovered it, and believe we cleaned things up before we re-enabled them. It sounds like they got added to the antivirus signatures while this was going on. We'll check on this.

#4 User is offline   Rain 

  • PipPipPipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 6,592
  • Joined: 2003-February-13
  • Gender:Male
  • Location:Singapore

Posted 2012-November-26, 13:35

Hi

I just posted a post about this and will be sending pop ups to BBOers soon.

About 2 weeks ago we found our first intrusion. It was puzzling, but looked like someone hacked into our ad server. We took ads down, cleaned it, moved our adserver to a more secure location and added another layer of protection, and then resumed ads a few days ago.

But looks like the vulnerability is in openx somewhere, and yesterday/today we received a few more reports of the same ad issues. So now ad is down again while we look for new adservers.

Hope you are okay, please scan your computer. In a rush atm but email any questions to me, any of the admins on BBF, or support@bridgebase.com
"More and more these days I find myself pondering how to reconcile my net income with my gross habits."

John Nelson.
0

#5 User is offline   FM75 

  • PipPipPipPip
  • Group: Full Members
  • Posts: 496
  • Joined: 2009-December-12

Posted 2012-November-26, 19:48

I guess you must be referring to Bredolab.

http://www.symantec....-052907-2436-99

If you are running BBO Web on a Mac, you should be safe. If you are running on windows.. and clicked on an ad, maybe you want to refer to the link.

Personally, I would have liked a more proactive and immediately informative response from BBO. By the time you discover this problem, it is likely somebody else has already encountered it.

Confessing up front and quickly would be a good idea. If I were an advertiser, I would want that as well. Who wants to advertise where your target audience, to be safe, avoids clicking?
0

#6 User is offline   Crujack 

  • Pip
  • Group: Members
  • Posts: 2
  • Joined: 2020-May-03

Posted 2020-May-03, 09:48

When playing on the BBO Programme. we are receiving popup messages saying they are from BT asking us how satisfied we are and offering us a prize.The message ruins the hand we are playing and we have to turn off and log in again.
This is clearly a hoax and hopefully Bridge Base are aware because they need to do something about it. Their website has presumably been hacked and must be unsafe.Friends have also reported instances of this happening.
Another message keeps coming up when we are playing asking if we are wanting to leave the site. We delete the message which is often repeated again and again.
0

#7 User is offline   fromageGB 

  • PipPipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 2,679
  • Joined: 2008-April-06

Posted 2020-May-03, 12:35

My partner, using microsoft browser and software, yesterday suffered the same two things as Crujack.
0

#8 User is offline   jandrew 

  • PipPipPipPip
  • Group: Full Members
  • Posts: 225
  • Joined: 2006-June-05
  • Gender:Male
  • Location:Queensbury, West Yorkshire, England

Posted 2020-May-03, 14:11

View Postpescetom, on 2020-May-03, 14:02, said:

Thanks to you Rain for this clear and useful post.
But to BBO marcoms and management, why is this not urgently and transparently warned in the Messages page of Bridge Base Online Home, instead of stuff like 'Stars Temporarily Disabled' and 'Desagree in bidding'?

Are you referring to a post which is 8 years old?
0

#9 User is offline   pescetom 

  • PipPipPipPipPipPipPipPip
  • Group: Advanced Members
  • Posts: 7,204
  • Joined: 2014-February-18
  • Gender:Male
  • Location:Italy

Posted 2020-May-03, 14:14

View Postjandrew, on 2020-May-03, 14:11, said:

Are you referring to a post which is 8 years old?


I mistakenly was because somebody revived an 8 years old thread and I happened to find the same trojan on my own PC.
I deleted my post to avoid confusion, maybe you could do the same, thanks.
0

#10 User is offline   barmar 

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • Group: Admin
  • Posts: 21,398
  • Joined: 2004-August-21
  • Gender:Male

Posted 2020-May-04, 11:03

View PostCrujack, on 2020-May-03, 09:48, said:

Another message keeps coming up when we are playing asking if we are wanting to leave the site. We delete the message which is often repeated again and again.

This a known issue when playing in a Daylong tourney.

See https://www.bridgeba...-are-you-there/

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users