uday Posted March 4, 2011 Report Share Posted March 4, 2011 Summary: A configuration error caused a bogus "survey" (for free iPads) to be shown to many users for a couple of days. This survey tricked people into providing phone numbers. The scammers then sent out SMS messages trying to get the victims to agree to a monthly charge of about $10 on a their mobile bill. If this happened to you and you accepted the charge, please contact your mobile provider (and email us - uday@ or support@bridgebase.com ). We believe all is mostly well at the moment. Some pages here and there will still unexpectedly route you to this bogus survey. Details (non tech):We host our machines at a hosting company. This company made a rare but serious error a couple of days ago, and rerouted some of our host names to this scammer. The error was corrected within a few hours, but due to the nature of how these things work, it took a day or so for the errors to be mostly rectified all over the Internet. Even now, some residual errors linger. We think that we've covered most of the relevant ground and this problem will fade away completely in a few days. Details (tech):Our ISP messed up our DNS records during some sort of internal maintenance, and routed online.bridgebase.com and webutil.bridgebase.com to someone else's website. This someone else is a scammer (our opinion) who has dozens of hostnames that closely mimic real sites ( think: www.facebok.com, that sort of thing ). it took a little while to convince our ISP that there was indeed a problem, and the DNS records were corrected about 6 hours after they were messed up. However, the records had a longish TTL ( about 24 hrs). That, coupled with other caching (your ISP, your PC, your browser ) and lazy ISPs (who don't always fetch these records as they might) meant that some people would be steered to the scammer via these sites for days. What we did was rush thru the site, changing instances of the tainted names to new , untainted hostnames. We didn't catch them all but we think we caught most of them. We could not prevent some people from falling prey to the survey. Sorry about all that. I don't see how we could have guarded against the initial screwup but we could arguably have reacted more quickly. Uday -- Uday Ivaturyuday@bridgebase.com Quote Link to comment Share on other sites More sharing options...
capncrunch Posted March 4, 2011 Report Share Posted March 4, 2011 A similar problem happened to me just over 2 years ago, and it had nothing to do with BBO's ISP or DNS server. A virus was sending my browser to a bogus DNS server, which directed my computer to fetch the spammer's ads instead of legitimate BBO advertising. Here's a sample screenshot with a bogus ad in the lower right hand corner: http://masterunlocked.com/bbo_adv.jpg In this case, the ad did not fit the character of BBO advertising, so I knew something had to be amiss. The other bridge players at the table were not seeing the ad, and I didn't see it when I logged on to BBO from a different computer. The virus had made its way onto my computer before my virus scanner had been updated to recognize its signature. I was later able to rid my computer of the virus and manually enter the valid DNS server address. 1 Quote Link to comment Share on other sites More sharing options...
slothy Posted March 4, 2011 Report Share Posted March 4, 2011 Was she surprised? :P :P 3 Quote Link to comment Share on other sites More sharing options...
Rain Posted March 5, 2011 Report Share Posted March 5, 2011 Wow Capn, I did not know of this incident. Thanks for sharing the problem/fix, good to know this could happen. Quote Link to comment Share on other sites More sharing options...
moonlitnit Posted March 6, 2011 Report Share Posted March 6, 2011 Thanks for the update, Uday. You mentioned you are allowing your Domain Names to be managed by your ISP, who apparently is not well versed to protect against a social engineering hoax (someone who pretends to have BBO credentials). I recommend you immediately convert your DNS Name Server translations to one of the world-class DNS Registrar companies - folks who do this for a living rather than an ISP like yours who resells DNS as a third party (and then goes to a real DNS Registrar). For instance, over the last 5+ years, I have had good luck with Melbourne IT. Of course there are hunreds of ICCAN Accredited Registrars - here's a list: http://www.icann.org/en/registrars/accredited-list.html It only takes a few hours to handle the adminstrative side of the conversion and a day or two for the network to propogate the translations (in a few hours for most ISPs the last time I moved my server's IP address via Melbourne IT). Good luck, Michael Quote Link to comment Share on other sites More sharing options...
tabbycat Posted October 12, 2011 Report Share Posted October 12, 2011 I have just bought a Mac Air,I can't download BB0, have installed adobi flash.I need help pleasetabbycat Quote Link to comment Share on other sites More sharing options...
barmar Posted October 12, 2011 Report Share Posted October 12, 2011 I have just bought a Mac Air,I can't download BB0, have installed adobi flash.I need help pleasetabbycatThe download version of BBO is only for Windows, not Macs. Flash is used for the web version. Not sure what this has to do with the survey mentioned above, though. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.