Irish Chess Union website is down during 2015 championship

Tim Harding

The Irish Chess Union website is down since this morning. Maybe an invoice is unpaid?
Previous posts by me and at least one other user about this have been deleted as they were part of a different thread which the moderator has removed without explanation (legal action?).

But I think it is OK to mention this? Hence the new thread.

As a recent user I cannot post URLs but most of you probably know the site I mean.
There is a notice saying:

"This site is temporarily unavailable
If you manage this site and have a question about why the site is not available, please contact NetFirms directly."

If you want to find out what's happening in the Irish Championships you can look later today on chess-results - but I'd rather you didn't as I just had a "senior moment" and lost a game I had earlier been winning!

Add the ages of any four of the six youngest players in the tournament and it comes to less than my age.

mikhail

Tim Harding wrote: »

The Irish Chess Union website is down since this morning. Maybe an invoice is unpaid?

It doesn't look like the domain has expired. It could be a problem with the hosting company, or possibly a bandwidth cap exceded. Irritating, but these things happen. The main thing is that it gets resolved quickly.

Add the ages of any four of the six youngest players in the tournament and it comes to less than my age.

It's a pretty fresh-faced tail, all right!

cdeb

Tim Harding wrote: »

Previous posts by me and at least one other user about this have been deleted as they were part of a different thread which the moderator has removed without explanation (legal action?).

Just for the record, the poster who started that thread asked the moderators to delete it as the info - while interesting - wasn't as yet confirmed or in the public domain.

No problems with a new thread on this, separate, matter.

I'd just clarify that ICU.ie is up and running, whereas IrishChessUnion.net is the site that's down. So we do at least have an ICU site up.

RoundTower

Dublinchess.com - which, like irishchessunion.net is registered in the name of Colm Daly of Santry - is also down.

Hopefully Colm can finish in the money in the Irish and pay the hosting fees!

https://who.is/whois/irishchessunion.net

cdeb

Or the ICU can see sense and stop running two sites when one makes far more sense.

Ficheall

icu.ie wrote:

Unfortunately the irishchessunion.net has been subject to a hacking attempt, and in the interests of safety and best practice, an automated system having identified a malware, risk temporarily shut down the website and hosting server. This is most unfortunate as there is no possible positive purpose served by such an attempt to spitefully disrupt the resource available to the ICU and it's members during what should be a celebration of our national championships.

People can draw their own conclusions from the timing and nature of this attack on the website. But thankfully because the ICU now have two websites located on two different servers and have put in place measures and means to secure the data of our members, zero information, not already in the public domain, was either obtained or distributed.

The irishchessunion.net is the main homepage and front face for news items and other novel features, while the icu.ie resource is the back end data driven website. Because of the timing of this incident it is not certain that the irishchessunion.net homepage will be back before the end of the Irish championships. Apologies for that but there will be a report on the Irish ch within days of the tournament ending.

In the meantime, for those with a genuine interest in chess matters, why not drop in to the Alexander Plaza Hotel (Just off O Connell street and around the corner from the Gresham Hotel) in person and see all the action close up and for real as a battle of generations goes back and forth and tension builds.

The more junior players have already given a good account of themselves and will no doubt cause some more upsets before the end of the tournament.

Seems they're going to use this to try to claim having two different websites is a good thing. I wonder will every other organisation in the world soon follow suit...

I'm curious as to what the security measures put in place on the .net website were.

Tim Harding

They cannot even get the name of the venue right in their posting: it's actually called the Academy Plaza Hotel, and a poor venue it is too (not the hotel but the actual playing room), not up to the standard expected for an event of this status. Too crowded when the subsidiary weekend events were on, but air conditioning blasting old cold air yesterday when few people were there.

sinbad68

Tim Harding wrote: »

They cannot even get the name of the venue right in their posting: it's actually called the Academy Plaza Hotel, and a poor venue it is too (not the hotel but the actual playing room), not up to the standard expected for an event of this status. Too crowded when the subsidiary weekend events were on, but air conditioning blasting old cold air yesterday when few people were there.

I can't understand, in summer when so many colleges & schools are vacant , why competition is not played there, presumably cheaper , safer location with more parking available.

mikhail

sinbad68 wrote: »

I can't understand, in summer when so many colleges & schools are vacant , why competition is not played there, presumably cheaper , safer location with more parking available.

Benildus hosted the 2008(?) Irish in the school in which we're based. It was a pretty economical solution, but I heard a number of patrons complain about the venue. I think the main issue was that it's in a residential area - while there are a number of bars and restaurants nearby, they're a 5-10 minute walk and not apparent if you don't know the area. We probably should have done more to advertise those ammenities, but even so, many people seem to like a central Dublin location.

Sparks

Wow. That ICU statement is a bit ridiculous, professionally speaking.
To summarise what's wrong with it:

- All websites everywhere are the target of hacking attempts. All the time. It's a thing. The software you use to spot even basic attacks will pick up a few hundred a week if anyone beyond your immediate family is reading the site. It is just a fact of life in this sphere.

- The reason there are so many attempts is that they're essentially free and if even one's successful, the hackers have a machine they can now use as part of a botnet, or as a spam mail source, and you're picking up the bill - and they can sell that on to other people and make money doing it. It's got nothing to do with chess. These guys are usually random Russian teenagers looking to get a few quid. Occasionally there are other larger groups, but they tend to attack millions of sites at a time, not one or two.

- The sites involved here were privately-administrated wordpress blogs. You know what most people who do this for a living think about how resistant those kind of sites are to hacking? This:



- This is why, if someone is starting their own wordpress blog, they get told to just use wordpress.com instead of trying to run their own site. The wordpress.com ops team are constantly watching for this stuff and they fix it faster than anyone who doesn't have a professional ops team.

- Did nobody else think that there might be a good reason why icu.ie wasn't running wordpress originally?

brilliantboy

mikhail wrote: »

even so, many people seem to like a central Dublin location.

And why wouldn't they? If they live in a central Dublin location.
But for those players who have to travel and pay city center prices for 9 rounds I can see it not being so attractive a venue.

Lecale

Sparks wrote: »

To summarise what's wrong with it:

- All websites everywhere are the target of hacking attempts.

Also, this wasn't an attempt, this was an actual hack. The ISP don't just take the website off the internet because they decide it might be compromised, they take it down because it is compromised.

Sparks

Lecale wrote: »

Also, this wasn't an attempt, this was an actual hack. The ISP don't just take the website off the internet because they decide it might be compromised, they take it down because it is compromised.

Yeah, but it's wordpress. Saying someone successfully hacked wordpress is like saying that someone managed to break an egg - it's not exactly a world-shattering achievement. Wordpress has a lot of strengths, but security isn't one of them.

reunion

Lecale wrote: »

Also, this wasn't an attempt, this was an actual hack. The ISP don't just take the website off the internet because they decide it might be compromised, they take it down because it is compromised.

They take it down if they have a flood of bots making posts and requests.

Which is common on WordPress blogs. Basically you have a free website tool which a monkey can put online. This ease to put it online brings with it an ease of hacking. An experienced hacker can create a bot which posts referral links to a dodgy website on a bunch of WordPress blogs making their dodgy site more credible. Typically they create new accounts which overload the database of the WordPress site which the isp doesn't like. The isp then takes down the website until the database is purged of the offending material