Page 1 of 1
An intrustion attempt by www.bridgebase.com was blocked
#1
Posted 2012-November-26, 07:00
My anti-virus package is blocking a lot of these at the moment, all of which relate to the bridgebase website. Just wondering if there's any likely reason for this? I'm using the old version if it helps.
Attacker URL: Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-11-26 12:52:00,High,An intrusion attempt by www.bridgebase.com was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 4,No Action Required,No Action Required,"www.bridgebase.com (65.254.56.174, 80)","adserver.bridgebase.com/openx/www/delivery/ajs.php?zoneid=2&cb=65874195775&charset=utf-8&loc=http://ads.bridgebase.com/common/ads/location2_inner.html&referer=http://ads.bridgebase.com/common/ads/location2.html?ra=1736950616&rb=977799023&c=GB","MRREEVE-PC (192.168.2.5, 49262)",65.254.56.174 (65.254.56.174),"TCP, www-http"
Network traffic from <b>adserver.bridgebase.com/openx/www/delivery/ajs.php?zoneid=2&cb=65874195775&charset=utf-8&loc=http://ads.bridgebase.com/common/ads/location2_inner.html&referer=http://ads.bridgebase.com/common/ads/location2.html?ra=1736950616&rb=977799023&c=GB</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\BRIDGE BASE ONLINE\NETBRIDGEVU.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
Attacker URL: Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-11-26 12:52:00,High,An intrusion attempt by www.bridgebase.com was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 4,No Action Required,No Action Required,"www.bridgebase.com (65.254.56.174, 80)","adserver.bridgebase.com/openx/www/delivery/ajs.php?zoneid=2&cb=65874195775&charset=utf-8&loc=http://ads.bridgebase.com/common/ads/location2_inner.html&referer=http://ads.bridgebase.com/common/ads/location2.html?ra=1736950616&rb=977799023&c=GB","MRREEVE-PC (192.168.2.5, 49262)",65.254.56.174 (65.254.56.174),"TCP, www-http"
Network traffic from <b>adserver.bridgebase.com/openx/www/delivery/ajs.php?zoneid=2&cb=65874195775&charset=utf-8&loc=http://ads.bridgebase.com/common/ads/location2_inner.html&referer=http://ads.bridgebase.com/common/ads/location2.html?ra=1736950616&rb=977799023&c=GB</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\BRIDGE BASE ONLINE\NETBRIDGEVU.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
#3
Posted 2012-November-26, 09:08
There was an intrusion on our adserver about 11 days ago, and the hacker added malware to our ads. We disabled ads as soon as we discovered it, and believe we cleaned things up before we re-enabled them. It sounds like they got added to the antivirus signatures while this was going on. We'll check on this.
#4
Posted 2012-November-26, 13:35
Hi
I just posted a post about this and will be sending pop ups to BBOers soon.
About 2 weeks ago we found our first intrusion. It was puzzling, but looked like someone hacked into our ad server. We took ads down, cleaned it, moved our adserver to a more secure location and added another layer of protection, and then resumed ads a few days ago.
But looks like the vulnerability is in openx somewhere, and yesterday/today we received a few more reports of the same ad issues. So now ad is down again while we look for new adservers.
Hope you are okay, please scan your computer. In a rush atm but email any questions to me, any of the admins on BBF, or support@bridgebase.com
I just posted a post about this and will be sending pop ups to BBOers soon.
About 2 weeks ago we found our first intrusion. It was puzzling, but looked like someone hacked into our ad server. We took ads down, cleaned it, moved our adserver to a more secure location and added another layer of protection, and then resumed ads a few days ago.
But looks like the vulnerability is in openx somewhere, and yesterday/today we received a few more reports of the same ad issues. So now ad is down again while we look for new adservers.
Hope you are okay, please scan your computer. In a rush atm but email any questions to me, any of the admins on BBF, or support@bridgebase.com
"More and more these days I find myself pondering how to reconcile my net income with my gross habits."
John Nelson.
John Nelson.
#5
Posted 2012-November-26, 19:48
I guess you must be referring to Bredolab.
http://www.symantec....-052907-2436-99
If you are running BBO Web on a Mac, you should be safe. If you are running on windows.. and clicked on an ad, maybe you want to refer to the link.
Personally, I would have liked a more proactive and immediately informative response from BBO. By the time you discover this problem, it is likely somebody else has already encountered it.
Confessing up front and quickly would be a good idea. If I were an advertiser, I would want that as well. Who wants to advertise where your target audience, to be safe, avoids clicking?
http://www.symantec....-052907-2436-99
If you are running BBO Web on a Mac, you should be safe. If you are running on windows.. and clicked on an ad, maybe you want to refer to the link.
Personally, I would have liked a more proactive and immediately informative response from BBO. By the time you discover this problem, it is likely somebody else has already encountered it.
Confessing up front and quickly would be a good idea. If I were an advertiser, I would want that as well. Who wants to advertise where your target audience, to be safe, avoids clicking?
#6
Posted 2020-May-03, 09:48
When playing on the BBO Programme. we are receiving popup messages saying they are from BT asking us how satisfied we are and offering us a prize.The message ruins the hand we are playing and we have to turn off and log in again.
This is clearly a hoax and hopefully Bridge Base are aware because they need to do something about it. Their website has presumably been hacked and must be unsafe.Friends have also reported instances of this happening.
Another message keeps coming up when we are playing asking if we are wanting to leave the site. We delete the message which is often repeated again and again.
This is clearly a hoax and hopefully Bridge Base are aware because they need to do something about it. Their website has presumably been hacked and must be unsafe.Friends have also reported instances of this happening.
Another message keeps coming up when we are playing asking if we are wanting to leave the site. We delete the message which is often repeated again and again.
#7
Posted 2020-May-03, 12:35
My partner, using microsoft browser and software, yesterday suffered the same two things as Crujack.
#8
Posted 2020-May-03, 14:11
pescetom, on 2020-May-03, 14:02, said:
Thanks to you Rain for this clear and useful post.
But to BBO marcoms and management, why is this not urgently and transparently warned in the Messages page of Bridge Base Online Home, instead of stuff like 'Stars Temporarily Disabled' and 'Desagree in bidding'?
But to BBO marcoms and management, why is this not urgently and transparently warned in the Messages page of Bridge Base Online Home, instead of stuff like 'Stars Temporarily Disabled' and 'Desagree in bidding'?
Are you referring to a post which is 8 years old?
#10
Posted 2020-May-04, 11:03
Crujack, on 2020-May-03, 09:48, said:
Another message keeps coming up when we are playing asking if we are wanting to leave the site. We delete the message which is often repeated again and again.
This a known issue when playing in a Daylong tourney.
See https://www.bridgeba...-are-you-there/
Page 1 of 1