Major IT outage at Europe's largest caravan and RV club makes for not-so-happy campers The UK's Caravan and Motorhome Club (CAMC) is battling a suspected cyberattack with members reporting widespread IT outages for the past five days. The company, which describes itself as "Europe's biggest touring community, helping caravanners, motorhomers and campers access over 3,000 stunning locations in the UK and Europe …
Dutch legend has been running his campsite since 1986 using an Atari ST
Nobody's getting past his custom software and air-gaped security.
Bought one in 2010, 10 years of cheap carvan holidays and long weekends away, we paid off our mortgage in 9 years! Sold it and only lost about 20% value and now we're enjoying being mortgage free for the last 5 years. While I'm not longer one of Clarkson's Most Hated I have nothing but praise for caravanning as it allowed us enjoy a very financially secure life from now on.
I had a lot of exposure to the CC as a child which shaped me as the hotel-loving man I became. I'm not at all surprised their websites are a shit-show. They are bizarrely securing thecaravanclub.com and thecaravanclub.co.uk with an SSL certificate for caravanclub.co.uk, which is not going to work. What really boggles my mind is that the main site (caravanclub.co.uk) only accepts HTTP/1.0 connections and thecaravanclub.com only accepts HTTP/1.1. HTTP/1.0 was superseded in 1997. There are some website performance problems where you could theoretically get better throughput by downgrading the HTTP level but only if you take the first available fix regardless of the side-effects. They can't be running a website on IIS6.0, surely. Please tell me that's not true. Self-inflicted wounds anyone?
Couldn’t access either thecaravanclub.com or caravanclub.com, but was able to connect to caravanclub.co.uk and thecaravanclub.co.uk. The former has a valid-looking cert, while the latter is trying to (mis)use one for *.fast.net.uk.
And that valid cert is an EV one, which costs some money. They’re not a bank, they don’t need the deluxe model of certs. So why don’t they just get Let’s Encrypt certs for all their domains, for free? And set up automatic renewals on their server—no muss, no fuss.
Their email says they immediately took all systems offline on Saturday 20th... Yet I was still receiving marketry crap from them on both Sat 20th and Sun 21st
They also say "It is always best practice to regularly change your passwords..." That hasn't been best practice for 8-9 years*
ref: https://www.ncsc.gov.uk/blog-post/problems-forcing-regular-password-expiry
*I concede that changing other website passwords if you are foolish enough to re-use passwords after a compromise is very sensible.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
