widescreen center website issue?

[edgehduser]

As a budding Astronomer, anyone know what is happening to the Widescreen centre

Can't locate the webiste to buy from

Thanks

[DirkSteele]

The wesbsite is https://www.widescreen-centre.co.uk/

However, I experienced some issues on the site a couple of days ago and now it seems to be down completely.  Assume it is just an IT issue.

[edgehduser]

Many thanks

[Jkulin]

Working for me with FF

[RayD]

Works fine for me on W10 with Chrome.

[Mark at Beaufort]

The website was the subject of a virus attack which Simon the owner was aware of. Hopefully, from what has been stated above he has resolved the problem.

[LukeSkywatcher]

I noticed a couple of astro retailers sites were down over the weekend. 

[ebdons]

Hi, just tried on both my pc to access the Widescreen center but keep getting this fault  report"User warning: The following module is missing from the file system: imagcache_actions. For information about how to fix this, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1143 of /home/widescreen/projects/widescreen/htdocs/includes/bootstrap.inc)." is this the site or my  end?  when you click on a item it says page cannot be displayed. worked okay last week. Tony

[DRT]

I had problems getting on last week on my MacBook - the browser was just returning a blank page. I then got hit with some spam sites so perhaps their site has been compromised?

[Phil Fargaze]

It`s looking ok for me at the moment. I`m on windows 10 laptop using Google Chrome browser.

[Phil Fargaze]

No, sorry I can see the web page but embedded within it is the error message you mention although I can still navigate the web site.

[DRT]

I now see this, which is different to what I experienced last week...

[Tim]

35 minutes ago, DRT said:

I had problems getting on last week on my MacBook - the browser was just returning a blank page. I then got hit with some spam sites so perhaps their site has been compromised?

They do have a problem, they know about it, but seem to be unconcerned by it. It has been this way for a little while now.

[DRT]

Thanks, @Tim - I'll stay away until I hear it is resolved.

[ebdons]

Hi, thx for the info, seemed ok last week or so but maybe they will sort it, good deals can be found there. Tony

[admin]

The two threads discussing WSC's website are now merged into one. 

HTH

[david_taurus83]

Not worked for me for the last couple of weeks. They have lost out to another retailer for my latest purchase as a result.

[Anne S]

I had reason to email them last weekend. I asked about the site. They’re expecting it to be working by the end of this week.

Anne

[Les Ewan]

I tried to use this site a  couple of weeks ago and  it froze my laptop with security alerts asking for password details.  I stopped  trying after 3 attempts.I was in the market for some quite expensive equipment so they well have lost some custom through this.

[Marci]

Basically (generalising in a big way here for simplicity)... Drupal is an open source web application framework / content management system. Back in March, some MAJOR critical flaws were discovered, and patches issued and announced worldwide - the security holes were front-page news on majority of tech-sites. Further critical flaws were then discovered as a result of the original flaw thru-out April, May and June. More patches were issued. It’s been fairly disastrous for Drupal and it’s reputation.

Anyone running a Drupal based site would have needed to patch their site fairly rapidly, as one can essentially google for 'powered by Drupal' or similar, and just begin working down the list with automated tools to programmatically work thru all search results looking for exploitable sites.

Assuming it was via one of these holes, WSC weren’t quick enough to patch, and thus fell foul of the script-kiddies. Technically they should have notified all customers whose personal data they hold of the breach if their customer account related datatables are within the same relational database as the Drupal core tables, as it amounts to a data breach that may have exposed personal data (unless they’ve combed their logs and verified with 100% certainty that no exports of the database contents were made). They should also have notified ICO of the breach themselves.

A large portion of GDPR technical compliance is that software is now _required_ (via information security best practices, and embedding of privacy by design) to be up-to-date with critical security patches, therefore, WSC also presumably weren’t GDPR compliant. (Whether they currently are depends on whether they’ve now put in place organisational control measures to ensure software updates to _all_  business-related systems that store or process private data [therefore, versions of Windows, Office, and any / all other software installed on their PCs, as well as backend software on their web servers etc] are applied in a timely manner). This should be standard practice as of start of June for all online stores and service providers (inc SGL and other forums).

 

EDIT: They should also have php configured on the webserver not to expose warnings / errors on the page to non-administrators of the site.