[uday]

Summary:
A configuration error caused a bogus "survey" (for free iPads) to be shown to many users for a couple of days. This survey tricked people into providing phone numbers. The scammers then sent out SMS messages trying to get the victims to agree to a monthly charge of about $10 on a their mobile bill. If this happened to you and you accepted the charge, please contact your mobile provider (and email us - uday@ or support@bridgebase.com ).

We believe all is mostly well at the moment. Some pages here and there will still unexpectedly route you to this bogus survey.

Details (non tech):
We host our machines at a hosting company. This company made a rare but serious error a couple of days ago, and rerouted some of our host names to this scammer. The error was corrected within a few hours, but due to the nature of how these things work, it took a day or so for the errors to be mostly rectified all over the Internet. Even now, some residual errors linger. We think that we've covered most of the relevant ground and this problem will fade away completely in a few days.


Details (tech):
Our ISP messed up our DNS records during some sort of internal maintenance, and routed online.bridgebase.com and webutil.bridgebase.com to someone else's website. This someone else is a scammer (our opinion) who has dozens of hostnames that closely mimic real sites ( think: www.facebok.com, that sort of thing ). it took a little while to convince our ISP that there was indeed a problem, and the DNS records were corrected about 6 hours after they were messed up. However, the records had a longish TTL ( about 24 hrs). That, coupled with other caching (your ISP, your PC, your browser ) and lazy ISPs (who don't always fetch these records as they might) meant that some people would be steered to the scammer via these sites for days. What we did was rush thru the site, changing instances of the tainted names to new , untainted hostnames. We didn't catch them all but we think we caught most of them. We could not prevent some people from falling prey to the survey.

Sorry about all that. I don't see how we could have guarded against the initial screwup but we could arguably have reacted more quickly.

Uday

--

Uday Ivatury
uday@bridgebase.com

[capncrunch]

A similar problem happened to me just over 2 years ago, and it had nothing to do with BBO's ISP or DNS server. A virus was sending my browser to a bogus DNS server, which directed my computer to fetch the spammer's ads instead of legitimate BBO advertising. Here's a sample screenshot with a bogus ad in the lower right hand corner:



In this case, the ad did not fit the character of BBO advertising, so I knew something had to be amiss. The other bridge players at the table were not seeing the ad, and I didn't see it when I logged on to BBO from a different computer.

The virus had made its way onto my computer before my virus scanner had been updated to recognize its signature. I was later able to rid my computer of the virus and manually enter the valid DNS server address.

[slothy]

Was she surprised?

[Rain]

Wow Capn, I did not know of this incident. Thanks for sharing the problem/fix, good to know this could happen.

[moonlitnit]

Thanks for the update, Uday. You mentioned you are allowing your Domain Names to be managed by your ISP, who apparently is not well versed to protect against a social engineering hoax (someone who pretends to have BBO credentials).

I recommend you immediately convert your DNS Name Server translations to one of the world-class DNS Registrar companies - folks who do this for a living rather than an ISP like yours who resells DNS as a third party (and then goes to a real DNS Registrar).

For instance, over the last 5+ years, I have had good luck with Melbourne IT. Of course there are hunreds of ICCAN Accredited Registrars - here's a list:

http://www.icann.org...dited-list.html

It only takes a few hours to handle the adminstrative side of the conversion and a day or two for the network to propogate the translations (in a few hours for most ISPs the last time I moved my server's IP address via Melbourne IT).

Good luck,

Michael

[tabbycat]

I have just bought a Mac Air,I can't download BB0, have installed adobi flash.
I need help please
tabbycat

[barmar]

 tabbycat, on 2011-October-11, 19:35, said:

I have just bought a Mac Air,I can't download BB0, have installed adobi flash.
I need help please
tabbycat

The download version of BBO is only for Windows, not Macs. Flash is used for the web version.

Not sure what this has to do with the survey mentioned above, though.