Persistent malicious attacks have plagued The Fogbow forum over the past couple of weeks, with an extended outage caused by someone calling themself AnoaGhost, presumably from Indonesia.
Now instead of merely defacing The Fogbow, attackers have added links (somewhere) to another web site that attempts to install malware on the visitors’ computers, according to Google Safe Sites. The malware reports started sometime yesterday evening. Bill (Foggy) Bryan said by Facebook just over an hour ago:
OK, an update. I give up on my hosting company. I’m paying $200 a month, and they used to be great at tech support, but now they’re just not helping. So I found a new hosting company, super fast servers, same amount of memory and bandwidth. Less money, too.
But I have to set it up, which means I have to transfer all the files and the DNS, which means we’ll be offline for another day or so while the DNS entry propagates around the globe. There’s a learning curve for me, too. So it’s a hassle and a waste of my time that I should be doing other things, but if I stay with my current hosting company we’ll have malware for the rest of my life, and that’s taking too much time too.
Also, Fogbow is my only site that gets massive amounts of traffic. Maybe part of the problem was that I have many other websites on this hosting account, and it seemed that those were possibly used to access my whole server. I will keep this account Fogbow ONLY.
Bottom line, we’ll go offline tomorrow morning and I am not sure when we’ll come back up, but this is the best solution I can devise at the current time.
So The Fogbow will be moving to a new hosting company, which will require software installation, database migration and waiting out the DNS changes. As I said back at the start of 2012:
Changing hosting companies can be like switching checkout lines at the market. Sometimes switching from something that looks bad to something that looks good turns out to be the wrong decision in the end.
I ended up moving obamaconspiracy.org and it was definitely out of the frying pan and into the fire for a while with my move to VPS.NET. I hope Foggy has better success in his switch.
Firefox is giving me a “Reported Attack Page!” warning when I try to access thefogbow.com.
Foggy says (via Facebook):
“I am down again. This time the whole site is blacklisted and offline. I’m working as fast as I can to get my site back.”
“My voice is sore from yelling at the hosting company. I am very proud that I didn’t use any potty mouth words. But they have no doubt that I’m angry and frustrated. The problem is, they are short-staffed (of course) until Monday. But Monday I’m going to be just as angry, even angrier. They started a scan this morning at 7:30 and said they’d tell me the results. No contact from them since, more malware added, and Fogbow blacklisted. I’m going up to their office in Virginia and make loud noises if I have to.”
“And again, people are sending me private messages on Facebook, on Yahoo, sending me emails, calling me on the phone, texting me. None of that is helpful. All of that interrupts me when I’m trying to work on the problem. I’m getting really, really. extra grumpy. This is why I gave out my Facebook address and told people I’d update them here.”
https://www.facebook.com/william.l.bryan.jr?fref=ufi
I don’t know exactly what The Fogbow does for security. Some use cloud-based services like CloudFare and Securi. They have an inherent problem because of the way they work. These services intercept web requests for a site by changing the DNS address so that requests to go them instead of the site. If they decide the message is ok, they relay it to the real site. That requires that the IP address of your real site is kept secret (something extremely difficult to do) because all the attacker has to do to get around the cloud security solutions is to use the actual IP address of the site and ignore the DNS server results.
He had a message up the other say that said he was in the process of going tho CloudFare but that it wasnt just a case of throwing the switch and he might be unstable for a while. Now this appears to be somewhat different. Somebody is going out of their way to make his life difficult.
Has fogbow been hacked again? I’m getting weird warnings when I try to go there.
But his FB updates seem to be available only to friends.
May I ask the crowd that an occasional status report be posted here?
Many thanks.
I just tried going there and I got a warning about malware.
I guess no matter wnat antivirus or spyware protection you have somebody is going to find a way around it.
Does anyone have any news about the Fogbow situation? I’m still getting the “Reported Attack Page!” warning, and I don’t have access to Bill’s Facebook postings.
He has been trying to get support from his hosting company to keep cleaning out the problems, but they are not being helpful at all. Apparently he did clean out malware but it it takes a while to get off of blacklists.
Given the lack of the support, he is looking at changing hosts so there will be more down time as that gets taken care of.
From Bill, an hour ago:
“OK, an update. I give up on my hosting company. I’m paying $200 a month, and they used to be great at tech support, but now they’re just not helping. So I found a new hosting company, super fast servers, same amount of memory and bandwidth. Less money, too.
But I have to set it up, which means I have to transfer all the files and the DNS, which means we’ll be offline for another day or so while the DNS entry propagates around the globe. There’s a learning curve for me, too. So it’s a hassle and a waste of my time that I should be doing other things, but if I stay with my current hosting company we’ll have malware for the rest of my life, and that’s taking too much time too.
Also, Fogbow is my only site that gets massive amounts of traffic. Maybe part of the problem was that I have many other websites on this hosting account, and it seemed that those were possibly used to access my whole server. I will keep this account Fogbow ONLY.
Bottom line, we’ll go offline tomorrow morning and I am not sure when we’ll come back up, but this is the best solution I can devise at the current time.”
OK, Doc, thanks for the update.
Forum is back up, BTW.
I’m still getting Google malware alerts. The specific risks reported by Google are:
Some pages on this website redirect visitors to dangerous websites that install malware on visitors’ computers, including: qes.nazwa.pl.
Dangerous websites have been sending visitors to this website, including: suedbastards.info, forum2.aimoo.com, and bit.ly.
I should add that suedbastards.info link is on the Fogbow because that site belongs to a registered member at the Fogbow (and a former frequent commenter here); however, that site itself is now giving a Google alert about its link to qes.nazwa.pl, and I presume it has been infected with malware.
sounds as if foggy finally found godaddy. it’s great he’s being hacked though…
Obviously Foggy is right over the target with birthers.
So you are supportive of illegal acts as long as it suppresses the speech you dislike. My my, how you hate American values.
While it may be up now (since Bob says it is), I’m stilling getting the red screen with the scary warning. 🙁 This isn’t fun. Missing my daily dose of it all.
Status report from Foggy at around 8:30 pm:
STATUS REPORT:
I’m ready to do this thing tomorrow morning, early. Fogbow will go offline. When it comes back up is up to the DNS servers around the world. We won’t lose any posts. All backups will be retained and duplicated in case of issues. I rehearsed and practiced and made sure I know what I’m doing here. If I bring over the Home Page (the WordPress part of the site), I’ll make it read-only as suggested by my genius programmer friend, Michael Kimsal. Tonight I’m tired and I broke my brain concentrating and making sure I know how to upload a 1.7GB database into the new server. I’ll be fresher in the morning and won’t screw this up.
Big cheer for Foggy!
Bless you! If you can pull this off in a matter of days, I am totally amazed. My eComm site was hacked last year and it took three weeks to get it back up.
As always, Foggy is the best.
I set up a forum to use while the Fogbow is down. The chat room I had set up only keeps the last 6 hours of chat. The link is rcradio.freeforums.org
You have to set up a FreeForums.org user account to use it. They ask for a first name and last name but you can put in whatever you want. I set up a topic to track the status of the Fogbow. I also set up topics for the Oregon trial and the election news.
Birthers like chicken Scott E. wanted to undo the will of a clear majority of the American people who voted not once but twice for President Obama. Need I say more?
It’s not just that they wanted to undo two valid elections; they wanted to use rumors, innuendo and outright lies to do it.
sure, as long as the ends justify the means. right ?
TFB is back up, however the main page is what the “forum” page used to be. Thanks to Foggy for all his hard work and to RC for providing an interim site.
STATUS REPORT, TUES. OCT. 18, 1715 hrs.
FINALLY, I’m making some real progress. I had a devil of a time getting FTP access to my site so I can upload all the files. That’s happening now — the first three techs didn’t know what to do and tried to imply it was me messing up in some way that tech support doesn’t cover. The fourth guy finally fixed the problem. I gave him a gold star for the day.
Anyway, getting the files uploaded is only the first step in getting a working website back. If you’re lucky, right now you’re seeing a page that says “Under Construction”. If you’re super lucky, you’re already seeing a page that says “PHP error, can’t find the database” or some such nonsense. That’s because uploading the database is the second step. I’ll work on it until either:
1) I drop
2) I have to sleep
3) I have to leave at 6:40 a.m. tomorrow to take my kids to school, and I won’t be back till almost 2 p.m. because I have another shift at the State Fair booth for the NC Democratic Party.
But I’m fairly confident I can upload the database and hook it up. Where was that YouTube where the dude showed me the steps?
Hmm.
Update from Foggy yesterday:
OMG, IT’S BACK! I DID IT! YEAH BABY, THAT’S WHAT I’M TALKIN’ ABOUT!!!
Update from around 7 PM yesterday from Foggy:
IF YOU VISIT FOGBOW, you will still get the red screens for a day or so. Even when the site is clean, you have to petition Google to let you out of Internet Jail. But I’m signing up with SiteLock, which will scour the site (although I’m sure we’re clean now) and then they will petition Google for me, with some authority beyond my own.
So please be patient, because good food takes time to prepare.
5 AM this morning:
HEY WAIT!
MY BEER DIDN’T MAKE IT THROUGH THE WORMHOLE!!
I went over to The Fogbow and clicked past the red security warning, being that it’s a “new site” The forum is now back up, phpBB is installed in the main directory. The WordPress front end isn’t there (yet?) but of course the forum is the heart of Fogbow.
I poked around a little and things seem to be working well except I had to login twice.
Several people are reporting they keep getting logged out. I haven’t had that issue. I suggested they clear cookies since it is a cookie that keeps you logged into a web site. Clearing will force a new cookie to be installed.
did you guys ever hack orly?
[No. Doc]
Guess we’re not out of the woods yet. Site is down as of 11:40 AM PST.
I have had to reset my bookmarks and either reset my cellular connection or set my computer to use the Google DNS servers, but it is working fine for me so far.
It was up for a while, back down again. I’m using 2 different browsers, 2 diff machines.
Ok scratch that. It comes up on my iPad. This BS. Is there a way to surf around the stupid Google DNS server?
Up and working for me.
Scott’s un-American desires notwithstanding.
Yes. Click on “details” on the red screen, then a link to continue to the site appears.
As you probably all know, there was a huge Distributed Denial of Service attack against one of the Internet’s main DNS providers, affecting many well-known web sites, including Twitter, Amazon, Spotify, Cloudflare and PayPal.
The attack can have collateral damage to other websites that integrate content from affected domains. Maybe the only thing relevant to this site would have been the Twitter feed, but that’s gone. Here’s an article by a WordPress security company:
https://www.wordfence.com/blog/2016/10/dyndns-currently-ddosd-may-affect-site/
I knew about botnets, networks of hacked personal computers that can be used to carry out DDoS attacks. What I did not know what that in addition to personal computers, things like IP Digital Cameras, and Internet-enabled DVRs are being hacked and added to the botnets.
I’m no Luddite, but I don’t have a Smartphone and I don’t have my DVR connected to the Internet. I believe it was last spring when 60 Minutes had a segment on how easy it is to hack a Smartphone.
Good news, Doc!
Now you can do a post about how Fogbow is back, working perfectly, and super-secured by SiteLock. No more malware – and the blacklisting will be removed early next week.
I’m getting the dreaded “Reported Attack Page!” error at the Fogbow again.
Last time around, I was late for the reentry because I didn’t know it was safe to click on “Ignore this warning.” Does anyone know, is it safe to do that now?
He is what Foggy just tweeted:
OK, thanks. I bypassed the warning and so far, so good!