Caravan and Motorhome Club's website down! (2 Viewers)

[Pausim]

Just phoned Commons Wood site and was told they could not take bookings until the system was back up. I was hoping to use my voucher but have had to book elsewhere.

Calor had a system update last year, the web site was supposed to be down for one weekend but didn’t reappear for months. If the C&MC site is down that long they are going to lose an awful lot of business but it will make cutting the grass easier. They might even have to authorise the purchase of paper diaries and planners for all the sites though I imagine they would have to call a board meeting first.

 

[Gellyneck]

Don’t know why you can’t use a site this weekend, just phone the site direct, they are all taking bookings. I booked Melrose yesterday, now sitting on site having a cup of coffee!

Just phoned Commons Wood site and was told they could not take bookings until the system was back up. I was hoping to use my voucher but have had to book elsewhere.

Maybe Commons Wood should phone Melrose as they're doing it!

 

[FrankNicklin]

Just phoned Commons Wood site and was told they could not take bookings until the system was back up. I was hoping to use my voucher but have had to book elsewhere.

Calor had a system update last year, the web site was supposed to be down for one weekend but didn’t reappear for months. If the C&MC site is down that long they are going to lose an awful lot of business but it will make cutting the grass easier. They might even have to authorise the purchase of paper diaries and planners for all the sites though I imagine they would have to call a board meeting first.

I guess any site owned or linked to CAMC will be in the same boat, they will have to confirm bookings and arrivals through the CAMC backend systems. As you say this could be a costly problem for not only CAMC but the associated Caravan sites as I believe all links go back to CAMC and cannot be booked independently.

 

[Phill D]

How do they manage then if someone turns up and says ;
I’m booked for x nights!

 

[Phill D]

Fortunately for CMC wardens most sites are closed for a few more weeks.

^{_{Subscribers  do not see these advertisements}}

 

[FrankNicklin]

How do they manage then if someone turns up and says ;
I’m booked for x nights!

Keep your fingers crossed that the site remains down for the duration of your visit and they cannot confirm your stay.

That said they could easily ask to see confirmation emails.

 

[Shrosie]

I had booked and paid for a site in Spain with them last Friday , they took the money then phoned later to say site had no availability.
I phoned today to get refund but was told system down not sure how long and they can’t access any information to be able to pay back refund.
They also said they will not be booking any ferries and to speak to ferry companies directly.

 

[FrankNicklin]

I had booked and paid for a site in Spain with them last Friday , they took the money then phoned later to say site had no availability.
I phoned today to get refund but was told system down not sure how long and they can’t access any information to be able to pay back refund.
They also said they will not be booking any ferries and to speak to ferry companies directly.

Thats bad, taking your money before actually confirming availability their end. Surely any sensible operator would take your booking and defer payment until the availability is confirmed. They could sit on an awful lot of money working that way.

 

[BillandHelen]

At Melrose, when I phoned they took a note of my name and membership number, obviously couldn’t book it on the system or take a deposit. When we arrived, we paid in full by card, warden kept a note on a list she had with all the info needed to update the system when it comes back up. Manual, pain for the warden but all straightforward. No credit card details written down/retained etc, payment was as normal.

 

[Pausim]

Maybe Commons Wood should phone Melrose as they're doing it!

Perhaps Melrose had downloaded their existing bookings for this week before the web site went down and knew how many spaces they had, or perhaps they have a more flexible regional manager. No idea why the difference but the longer it goes on the harder it will be for wardens to know who might be turning up and whether they have spaces.

^{_{Subscribers  do not see these advertisements}}

 

[Gellyneck]

How do they manage then if someone turns up and says ;
I’m booked for x nights!

You show them your membership card as proof of identity and they "trust" you when you tell them how many nights, what deposit paid, if you've got a voucher, etc...... and they manually calculate what you owe them. You only get the card payment slip as a receipt.

Guess if you're unscrupulous you could say you paid in full but they'll no doubt catch up with you when the system comes back up.

 

[FrankNicklin]

On another note, I use the services of another German based site, not Motorhome related, but they are also suffering a major outage since the 22nd January. Interesting that CAMC is also hosted in Germany.

 

[Gellyneck]

On another note, I use the services of another German based site, not Motorhome related, but they are also suffering a major outage since the 22nd January. Interesting that CAMC is also hosted in Germany.

The plot thickens just like Bisto!

 

[Outdoors Dad]

Bloody hell sounds like a hostile take over or a coup

 

[Pausim]

You show them your membership card as proof of identity and they "trust" you when you tell them how many nights, what deposit paid, if you've got a voucher, etc...... and they manually calculate what you owe them. You only get the card payment slip as a receipt.

Guess if you're unscrupulous you could say you paid in full but they'll no doubt catch up with you when the system comes back up.

Not all of us have membership cards now, they are using digital ones which we access through the app. That app no is no longer working because the system is down.

^{_{Subscribers  do not see these advertisements}}

 

[Gellyneck]

Not all of us have membership cards now, they are using digital ones which we access through the app. That app no is no longer working because the system is down.

Guess they'll just have to add that to the "trust" list then.

 

[FrankNicklin]

Not all of us have membership cards now, they are using digital ones which we access through the app. That app no is no longer working because the system is down.

Think we all need to get used to this. There has been a huge increase in cyber attacks from various sources.

 

[Janine]

A previous warden told me it was ferry booking software but neither here nor there!

I was staying at a site when the changeover took place and was told that too. Apparently your day of arrival showed as the day of departure which was a bit confusing

 

[FrankNicklin]

I was staying at a site when the changeover took place and was told that too. Apparently your day of arrival showed as the day of departure which was a bit confusing

Were you reversing in to the site. Might have confused them.

 

[Gromett]

But then my clients talk of full recovery times in 30 min to 4 hour regions for databases in the Petabyte, so I work on an entirely different scale to this.

If you have database on that scale, then you run multiple replication nodes live. You run on a SAN and have multiple hot nodes ready to go.
CAMC are not at that scale nor have that kind of budget,

^{_{Subscribers  do not see these advertisements}}

 

[Zoshee]

I do a number of post hack jobs each year. My point was NOT that this wasn't a breach. It was that the length of time is not always indicative of a breach.


There is no excuse these days for SQL injection attacks. Most software these days is built on frameworks (like Laravel) and these have SQL and XSS prevention built in. And it is rare for a serious bit of software to be affected by one. The most common breach method these days is social engineering, Phishing or poor password hygiene. The software used by CAMC is allegedly a piece of Hotel booking software that has been lightly modified. I would expect this was built using one of these frameworks. If this is true and CAMC was exploited, then a lot of hotels would have gone down at the same time and perhaps something would have hit the IT news by now?

I did a bit of investigating of their network just out of curiosity. Whilst it is not conclusive it appears that they have a single front end server with no load balancing. So it is entirely possible they have all their site on a single server and it is possible their database server is on the same server. What surprised me most was this server appears to be hosted in Germany although using UK nameservers. I am NOT ruling out a hack/exploit. I am saying even 3 weekdays in it is not the only likely explanation.

If tt is like it seems and is only hosted on a single server and has had a database crash. Rebuilding said database may not be possible or may take a long time.

So what I am saying is this. Jumping to an exploit/hack at this point is not the only possible cause. I am not saying it hasn't happened. I am saying it is too early to jump to that conclusion.
There is a saying. Why assign malicious intent when incompetence explains it just as well. The single IP/lack of resilience/incompetence, That combined with the 72 hour rule for reporting to the ICO may indicate it isn't a hack.
On the other hand not reporting it may be further incompetence.

Just too early to say one way or another by guesswork. I never jump to conclusions and blame a hack though having seen a number of clients who have been down for 2 weeks due to poor infrastructure up front.

There's a skilled bunch of people on a motorhome website. I couldn't agree more with this.

Bad disaster recovery is my best guess OR somebody has implemented some code that's not been tested properly and left an exploit open. If it is based on a hotel system then I suspect it's open source and not been maintained properly. Maybe even a fancy Wordpress plugin! If they have lost data they could be having real problems and rebuilding the thing from scratch.

Cards on the table I had a business which actually bid to write the apps originally 10 years or so ago. We had some great ideas even then which blew this one out of the water even back then. We didn't win the contract though (obviously) I'm not sure if it was a blessing. It was probably won by a web agency with a mac. I'm not bitter

 

[Mikey RV]

Not all of us have membership cards now, they are using digital ones which we access through the app. That app no is no longer working because the system is down.

Next time you get your membership card up take a screen shot of it and put it somewhere on your phone you can access easy.

 

[Gellyneck]

I was staying at a site when the changeover took place and was told that too. Apparently your day of arrival showed as the day of departure which was a bit confusing

Yip, because your arrival at site assumed it was arrival for your ferry sailing!

 

[FrankNicklin]

Deleted.

 

[Brize]

How do they manage then if someone turns up and says ;
I’m booked for x nights!

Keep your fingers crossed that the site remains down for the duration of your visit and they cannot confirm your stay.

That said they could easily ask to see confirmation emails.

There is a potential issue that might arise. If you are due in at a site and have paid a deposit, they usually automatically take the balance on the morning of your expected arrival. If the site is still down and the Warden takes the balance manually, you could end up paying twice if their computer wakes up and goes into hyperdrive collecting all the balances due whilst it has been sleeping! Not insurmountable, just another pain in the

Regards,

^{_{Subscribers  do not see these advertisements}}

 

[starquake]

The plot thickens just like Bisto!

If the above is true, and it's multiple companys impacted it's more likely it's more than a simple database corruption.

Not all of us have membership cards now, they are using digital ones which we access through the app. That app no is no longer working because the system is down.

Iphones at least can load digital ones to wallet, mine is still in place, so I'll ring the site we want to go to for a telephone booking tmrw.

 

[FrankNicklin]

There is a potential issue that might arise. If you are due in at a site and have paid a deposit, they usually automatically take the balance on the morning of your expected arrival. If the site is still down and the Warden takes the balance manually, you could end up paying twice if their computer wakes up and goes into hyperdrive collecting all the balances due whilst it has been sleeping! Not insurmountable, just another pain in the

Regards,

I think its wrong for the site to take payment for that reason alone. If the the payments are queued and as you suggest, then burst in to life then there is a high risk of paying twice. I would presume that bookings can be confirmed on site using the confirmation of booking email. If you have that they have to trust the backend systems will deal with payment and not ask you to pay. This could cost CAMC a lot of money in refunds and potentially compensation for sites lost business.

The there has been a complete backend failure then it is also possible queued payments have also gone. It depnds how the payment processing works i.e. push out to a 3rd party processor.

 

[Peterd82]

Taking a screenshot of the membership card was one of the first things I did as the app wouldn’t behave - saved in gallery on smartphone. Sites were happy to accept it. When I renewed I requested the plastic card, just need to remember to take it !

I ended up managing Database professionals during my last years in computer employment. The one thing I learnt is that a good DBA costs and is worth their weight in gold. There are a lot who claim to be very capable but the real experts need to be paid well, not something every business is willing to do.

 

[Pausim]

Iphones at least can load digital ones to wallet, mine is still in place, so I'll ring the site we want to go to for a telephone booking tmrw.

Useful to know, I will do that if they ever recover the data.

 

[Phill D]

Next time you get your membership card up take a screen shot of it and put it somewhere on your phone you can access easy.

Or you add it to your wallet on the phone

^{_{Subscribers  do not see these advertisements}}