Main Menu

Do not adjust your set: The Fogbow is down

Persistent malicious attacks have plagued The Fogbow forum over the past couple of weeks, with an extended outage caused by someone calling themself AnoaGhost, presumably from Indonesia.

Now instead of merely defacing The Fogbow, attackers have added links (somewhere) to another web site that attempts to  install malware on the visitors’ computers, according to Google Safe Sites. The malware reports started sometime yesterday evening. Bill (Foggy) Bryan said by Facebook just over an hour ago:

OK, an update. I give up on my hosting company. I’m paying $200 a month, and they used to be great at tech support, but now they’re just not helping. So I found a new hosting company, super fast servers, same amount of memory and bandwidth. Less money, too.

But I have to set it up, which means I have to transfer all the files and the DNS, which means we’ll be offline for another day or so while the DNS entry propagates around the globe. There’s a learning curve for me, too. So it’s a hassle and a waste of my time that I should be doing other things, but if I stay with my current hosting company we’ll have malware for the rest of my life, and that’s taking too much time too.

Also, Fogbow is my only site that gets massive amounts of traffic. Maybe part of the problem was that I have many other websites on this hosting account, and it seemed that those were possibly used to access my whole server. I will keep this account Fogbow ONLY.

Bottom line, we’ll go offline tomorrow morning and I am not sure when we’ll come back up, but this is the best solution I can devise at the current time.

So The Fogbow will be moving to a new hosting company, which will require software installation, database migration and waiting out the DNS changes. As I said back at the start of 2012:

Changing hosting companies can be like switching checkout lines at the market. Sometimes switching from something that looks bad to something that looks good turns out to be the wrong decision in the end.

I ended up moving obamaconspiracy.org and it was definitely out of the frying pan and into the fire for a while with my move to VPS.NET. I hope Foggy has better success in his switch.

, , , , ,

42 Responses to Do not adjust your set: The Fogbow is down

  1. avatar
    Arthur B. October 15, 2016 at 5:39 pm #

    Firefox is giving me a “Reported Attack Page!” warning when I try to access thefogbow.com.

  2. avatar
    Dr. Conspiracy October 15, 2016 at 7:11 pm #

    Foggy says (via Facebook):

    “I am down again. This time the whole site is blacklisted and offline. I’m working as fast as I can to get my site back.”

    “My voice is sore from yelling at the hosting company. I am very proud that I didn’t use any potty mouth words. But they have no doubt that I’m angry and frustrated. The problem is, they are short-staffed (of course) until Monday. But Monday I’m going to be just as angry, even angrier. They started a scan this morning at 7:30 and said they’d tell me the results. No contact from them since, more malware added, and Fogbow blacklisted. I’m going up to their office in Virginia and make loud noises if I have to.”

    “And again, people are sending me private messages on Facebook, on Yahoo, sending me emails, calling me on the phone, texting me. None of that is helpful. All of that interrupts me when I’m trying to work on the problem. I’m getting really, really. extra grumpy. This is why I gave out my Facebook address and told people I’d update them here.”

    https://www.facebook.com/william.l.bryan.jr?fref=ufi

    Arthur B.: Firefox is giving me a “Reported Attack Page!” warning when I try to access thefogbow.com.

  3. avatar
    Dr. Conspiracy October 15, 2016 at 7:25 pm #

    I don’t know exactly what The Fogbow does for security. Some use cloud-based services like CloudFare and Securi. They have an inherent problem because of the way they work. These services intercept web requests for a site by changing the DNS address so that requests to go them instead of the site. If they decide the message is ok, they relay it to the real site. That requires that the IP address of your real site is kept secret (something extremely difficult to do) because all the attacker has to do to get around the cloud security solutions is to use the actual IP address of the site and ignore the DNS server results.

  4. avatar
    Keith October 15, 2016 at 7:35 pm #

    He had a message up the other say that said he was in the process of going tho CloudFare but that it wasnt just a case of throwing the switch and he might be unstable for a while. Now this appears to be somewhat different. Somebody is going out of their way to make his life difficult.

  5. avatar
    PaulG October 15, 2016 at 8:27 pm #

    Has fogbow been hacked again? I’m getting weird warnings when I try to go there.

  6. avatar
    Arthur B. October 15, 2016 at 8:34 pm #

    Foggy: “This is why I gave out my Facebook address and told people I’d update them here.”

    But his FB updates seem to be available only to friends.

    May I ask the crowd that an occasional status report be posted here?

    Many thanks.

  7. avatar
    Steve October 16, 2016 at 2:56 am #

    Arthur B.: But his FB updates seem to be available only to friends.

    May I ask the crowd that an occasional status report be posted here?

    Many thanks.

    I just tried going there and I got a warning about malware.
    I guess no matter wnat antivirus or spyware protection you have somebody is going to find a way around it.

  8. avatar
    Arthur B. October 16, 2016 at 5:01 pm #

    Does anyone have any news about the Fogbow situation? I’m still getting the “Reported Attack Page!” warning, and I don’t have access to Bill’s Facebook postings.

  9. avatar
    Northland10 October 16, 2016 at 7:58 pm #

    Arthur B.:
    Does anyone have any news about the Fogbow situation? I’m still getting the “Reported Attack Page!” warning, and I don’t have access to Bill’s Facebook postings.

    He has been trying to get support from his hosting company to keep cleaning out the problems, but they are not being helpful at all. Apparently he did clean out malware but it it takes a while to get off of blacklists.

    Given the lack of the support, he is looking at changing hosts so there will be more down time as that gets taken care of.

  10. avatar
    Dr. Conspiracy October 16, 2016 at 7:59 pm #

    From Bill, an hour ago:

    “OK, an update. I give up on my hosting company. I’m paying $200 a month, and they used to be great at tech support, but now they’re just not helping. So I found a new hosting company, super fast servers, same amount of memory and bandwidth. Less money, too.
    But I have to set it up, which means I have to transfer all the files and the DNS, which means we’ll be offline for another day or so while the DNS entry propagates around the globe. There’s a learning curve for me, too. So it’s a hassle and a waste of my time that I should be doing other things, but if I stay with my current hosting company we’ll have malware for the rest of my life, and that’s taking too much time too.
    Also, Fogbow is my only site that gets massive amounts of traffic. Maybe part of the problem was that I have many other websites on this hosting account, and it seemed that those were possibly used to access my whole server. I will keep this account Fogbow ONLY.

    Bottom line, we’ll go offline tomorrow morning and I am not sure when we’ll come back up, but this is the best solution I can devise at the current time.”

    Arthur B.: Does anyone have any news about the Fogbow situation? I’m still getting the “Reported Attack Page!” warning, and I don’t have access to Bill’s Facebook postings.

  11. avatar
    Arthur B. October 16, 2016 at 8:10 pm #

    OK, Doc, thanks for the update.

  12. avatar
    bob October 16, 2016 at 11:34 pm #

    Forum is back up, BTW.

  13. avatar
    Dr. Conspiracy October 17, 2016 at 5:58 am #

    I’m still getting Google malware alerts. The specific risks reported by Google are:

    Some pages on this website redirect visitors to dangerous websites that install malware on visitors’ computers, including: qes.nazwa.pl.

    Dangerous websites have been sending visitors to this website, including: suedbastards.info, forum2.aimoo.com, and bit.ly.

    bob: Forum is back up, BTW.

  14. avatar
    Dr. Conspiracy October 17, 2016 at 10:25 am #

    I should add that suedbastards.info link is on the Fogbow because that site belongs to a registered member at the Fogbow (and a former frequent commenter here); however, that site itself is now giving a Google alert about its link to qes.nazwa.pl, and I presume it has been infected with malware.

  15. avatar
    scott e October 17, 2016 at 11:16 am #

    sounds as if foggy finally found godaddy. it’s great he’s being hacked though…

  16. avatar
    Dr. Kenneth Noisewater October 17, 2016 at 4:07 pm #

    scott e:
    sounds as if foggy finally found godaddy. it’s great he’s being hacked though…

    Obviously Foggy is right over the target with birthers.

  17. avatar
    Northland10 October 17, 2016 at 6:08 pm #

    scott e:
    sounds as if foggy finally found godaddy. it’s great he’s being hacked though…

    So you are supportive of illegal acts as long as it suppresses the speech you dislike. My my, how you hate American values.

  18. avatar
    ObjectiveDoubter October 17, 2016 at 8:41 pm #

    While it may be up now (since Bob says it is), I’m stilling getting the red screen with the scary warning. 🙁 This isn’t fun. Missing my daily dose of it all.

  19. avatar
    Dr. Conspiracy October 17, 2016 at 9:25 pm #

    Status report from Foggy at around 8:30 pm:

    STATUS REPORT:
    I’m ready to do this thing tomorrow morning, early. Fogbow will go offline. When it comes back up is up to the DNS servers around the world. We won’t lose any posts. All backups will be retained and duplicated in case of issues. I rehearsed and practiced and made sure I know what I’m doing here. If I bring over the Home Page (the WordPress part of the site), I’ll make it read-only as suggested by my genius programmer friend, Michael Kimsal. Tonight I’m tired and I broke my brain concentrating and making sure I know how to upload a 1.7GB database into the new server. I’ll be fresher in the morning and won’t screw this up.

  20. avatar
    Arthur B. October 17, 2016 at 9:27 pm #

    Big cheer for Foggy!

  21. avatar
    Tink October 18, 2016 at 7:55 am #

    Bless you! If you can pull this off in a matter of days, I am totally amazed. My eComm site was hacked last year and it took three weeks to get it back up.

    As always, Foggy is the best.

  22. avatar
    Reality Check October 18, 2016 at 8:16 am #

    I set up a forum to use while the Fogbow is down. The chat room I had set up only keeps the last 6 hours of chat. The link is rcradio.freeforums.org

    You have to set up a FreeForums.org user account to use it. They ask for a first name and last name but you can put in whatever you want. I set up a topic to track the status of the Fogbow. I also set up topics for the Oregon trial and the election news.

  23. avatar
    Reality Check October 18, 2016 at 8:43 am #

    Birthers like chicken Scott E. wanted to undo the will of a clear majority of the American people who voted not once but twice for President Obama. Need I say more?

    Northland10: So you are supportive of illegal acts as long as it suppresses the speech you dislike.My my, how you hate American values.

  24. avatar
    Reality Check October 18, 2016 at 9:56 am #

    It’s not just that they wanted to undo two valid elections; they wanted to use rumors, innuendo and outright lies to do it.

  25. avatar
    scott e October 18, 2016 at 7:14 pm #

    Northland10: So you are supportive of illegal acts as long as it suppresses the speech you dislike.My my, how you hate American values.

    sure, as long as the ends justify the means. right ?

  26. avatar
    Sef October 18, 2016 at 7:52 pm #

    TFB is back up, however the main page is what the “forum” page used to be. Thanks to Foggy for all his hard work and to RC for providing an interim site.

  27. avatar
    Dr. Conspiracy October 18, 2016 at 10:41 pm #

    STATUS REPORT, TUES. OCT. 18, 1715 hrs.
    FINALLY, I’m making some real progress. I had a devil of a time getting FTP access to my site so I can upload all the files. That’s happening now — the first three techs didn’t know what to do and tried to imply it was me messing up in some way that tech support doesn’t cover. The fourth guy finally fixed the problem. I gave him a gold star for the day.
    Anyway, getting the files uploaded is only the first step in getting a working website back. If you’re lucky, right now you’re seeing a page that says “Under Construction”. If you’re super lucky, you’re already seeing a page that says “PHP error, can’t find the database” or some such nonsense. That’s because uploading the database is the second step. I’ll work on it until either:
    1) I drop
    2) I have to sleep
    3) I have to leave at 6:40 a.m. tomorrow to take my kids to school, and I won’t be back till almost 2 p.m. because I have another shift at the State Fair booth for the NC Democratic Party.
    But I’m fairly confident I can upload the database and hook it up. Where was that YouTube where the dude showed me the steps?
    Hmm.

  28. avatar
    Dr. Conspiracy October 19, 2016 at 7:22 am #

    Update from Foggy yesterday:

    OMG, IT’S BACK! I DID IT! YEAH BABY, THAT’S WHAT I’M TALKIN’ ABOUT!!!

    Update from around 7 PM yesterday from Foggy:

    IF YOU VISIT FOGBOW, you will still get the red screens for a day or so. Even when the site is clean, you have to petition Google to let you out of Internet Jail. But I’m signing up with SiteLock, which will scour the site (although I’m sure we’re clean now) and then they will petition Google for me, with some authority beyond my own.
    So please be patient, because good food takes time to prepare.

    5 AM this morning:

    HEY WAIT!
    MY BEER DIDN’T MAKE IT THROUGH THE WORMHOLE!!

  29. avatar
    Dr. Conspiracy October 19, 2016 at 7:36 am #

    I went over to The Fogbow and clicked past the red security warning, being that it’s a “new site” The forum is now back up, phpBB is installed in the main directory. The WordPress front end isn’t there (yet?) but of course the forum is the heart of Fogbow.

    I poked around a little and things seem to be working well except I had to login twice.

  30. avatar
    Reality Check October 19, 2016 at 8:17 am #

    Several people are reporting they keep getting logged out. I haven’t had that issue. I suggested they clear cookies since it is a cookie that keeps you logged into a web site. Clearing will force a new cookie to be installed.

    Dr. Conspiracy: I poked around a little and things seem to be working well except I had to login twice.

  31. avatar
    scott e October 19, 2016 at 10:18 am #

    did you guys ever hack orly?

    [No. Doc]

  32. avatar
    BillTheCat October 19, 2016 at 2:41 pm #

    Guess we’re not out of the woods yet. Site is down as of 11:40 AM PST.

  33. avatar
    Northland10 October 19, 2016 at 5:12 pm #

    BillTheCat:
    Guess we’re not out of the woods yet. Site is down as of 11:40 AM PST.

    I have had to reset my bookmarks and either reset my cellular connection or set my computer to use the Google DNS servers, but it is working fine for me so far.

  34. avatar
    BillTheCat October 19, 2016 at 5:32 pm #

    Northland10: I have had to reset my bookmarks and either reset my cellular connection or set my computer to use the Google DNS servers, but it is working fine for me so far.

    It was up for a while, back down again. I’m using 2 different browsers, 2 diff machines.

    Ok scratch that. It comes up on my iPad. This BS. Is there a way to surf around the stupid Google DNS server?

  35. avatar
    bob October 19, 2016 at 5:36 pm #

    Up and working for me.

    Scott’s un-American desires notwithstanding.

  36. avatar
    Dr. Conspiracy October 19, 2016 at 8:27 pm #

    Yes. Click on “details” on the red screen, then a link to continue to the site appears.

    BillTheCat: It was up for a while, back down again. I’m using 2 different browsers, 2 diff machines.

    Ok scratch that. It comes up on my iPad. This BS. Is there a way to surf around the stupid Google DNS server?

  37. avatar
    Dr. Conspiracy October 21, 2016 at 5:46 pm #

    As you probably all know, there was a huge Distributed Denial of Service attack against one of the Internet’s main DNS providers, affecting many well-known web sites, including Twitter, Amazon, Spotify, Cloudflare and PayPal.

    The attack can have collateral damage to other websites that integrate content from affected domains. Maybe the only thing relevant to this site would have been the Twitter feed, but that’s gone. Here’s an article by a WordPress security company:

    https://www.wordfence.com/blog/2016/10/dyndns-currently-ddosd-may-affect-site/

    I knew about botnets, networks of hacked personal computers that can be used to carry out DDoS attacks. What I did not know what that in addition to personal computers, things like IP Digital Cameras, and Internet-enabled DVRs are being hacked and added to the botnets.

  38. avatar
    Rickey October 21, 2016 at 8:30 pm #

    Dr. Conspiracy:

    I knew about botnets, networks of hacked personal computers that can be used to carry out DDoS attacks. What I did not know what that in addition to personal computers, things like IP Digital Cameras, and Internet-enabled DVRs are being hacked and added to the botnets.

    I’m no Luddite, but I don’t have a Smartphone and I donR