Jump to content

An intrustion attempt by www.bridgebase.com was blocked

mr1303

By mr1303
in BBO Support Forum

 Share

Recommended Posts

mr1303

mr1303

Posted
Posted

My anti-virus package is blocking a lot of these at the moment, all of which relate to the bridgebase website. Just wondering if there's any likely reason for this? I'm using the old version if it helps.

 

Attacker URL: Category: Intrusion Prevention

Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description

2012-11-26 12:52:00,High,An intrusion attempt by www.bridgebase.com was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 4,No Action Required,No Action Required,"www.bridgebase.com (65.254.56.174, 80)","adserver.bridgebase.com/openx/www/delivery/ajs.php?zoneid=2&cb=65874195775&charset=utf-8&loc=http://ads.bridgebase.com/common/ads/location2_inner.html&referer=http://ads.bridgebase.com/common/ads/location2.html?ra=1736950616&rb=977799023&c=GB","MRREEVE-PC (192.168.2.5, 49262)",65.254.56.174 (65.254.56.174),"TCP, www-http"

Network traffic from <b>adserver.bridgebase.com/openx/www/delivery/ajs.php?zoneid=2&cb=65874195775&charset=utf-8&loc=http://ads.bridgebase.com/common/ads/location2_inner.html&referer=http://ads.bridgebase.com/common/ads/location2.html?ra=1736950616&rb=977799023&c=GB</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\BRIDGE BASE ONLINE\NETBRIDGEVU.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

Link to comment
Share on other sites
barmar

barmar

Posted
Posted
There was an intrusion on our adserver about 11 days ago, and the hacker added malware to our ads. We disabled ads as soon as we discovered it, and believe we cleaned things up before we re-enabled them. It sounds like they got added to the antivirus signatures while this was going on. We'll check on this.
Link to comment
Share on other sites
Rain

Rain

Posted
Posted

Hi

 

I just posted a post about this and will be sending pop ups to BBOers soon.

 

About 2 weeks ago we found our first intrusion. It was puzzling, but looked like someone hacked into our ad server. We took ads down, cleaned it, moved our adserver to a more secure location and added another layer of protection, and then resumed ads a few days ago.

 

But looks like the vulnerability is in openx somewhere, and yesterday/today we received a few more reports of the same ad issues. So now ad is down again while we look for new adservers.

 

Hope you are okay, please scan your computer. In a rush atm but email any questions to me, any of the admins on BBF, or support@bridgebase.com

Link to comment
Share on other sites
FM75

FM75

Posted
Posted

I guess you must be referring to Bredolab.

 

http://www.symantec.com/security_response/writeup.jsp?docid=2009-052907-2436-99

 

If you are running BBO Web on a Mac, you should be safe. If you are running on windows.. and clicked on an ad, maybe you want to refer to the link.

 

Personally, I would have liked a more proactive and immediately informative response from BBO. By the time you discover this problem, it is likely somebody else has already encountered it.

 

Confessing up front and quickly would be a good idea. If I were an advertiser, I would want that as well. Who wants to advertise where your target audience, to be safe, avoids clicking?

Link to comment
Share on other sites
  • 7 years later...
Crujack

Crujack

Posted
Posted

When playing on the BBO Programme. we are receiving popup messages saying they are from BT asking us how satisfied we are and offering us a prize.The message ruins the hand we are playing and we have to turn off and log in again.

This is clearly a hoax and hopefully Bridge Base are aware because they need to do something about it. Their website has presumably been hacked and must be unsafe.Friends have also reported instances of this happening.

Another message keeps coming up when we are playing asking if we are wanting to leave the site. We delete the message which is often repeated again and again.

Link to comment
Share on other sites
jandrew

jandrew

Posted
Posted

Thanks to you Rain for this clear and useful post.

But to BBO marcoms and management, why is this not urgently and transparently warned in the Messages page of Bridge Base Online Home, instead of stuff like 'Stars Temporarily Disabled' and 'Desagree in bidding'?

Are you referring to a post which is 8 years old?

Link to comment
Share on other sites
pescetom

pescetom

Posted
Posted

Are you referring to a post which is 8 years old?

 

I mistakenly was because somebody revived an 8 years old thread and I happened to find the same trojan on my own PC.

I deleted my post to avoid confusion, maybe you could do the same, thanks.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...