Doesn’t that just spoil an otherwise nice day? Earlier today Bill Bryan, aka Fogbow Foggy, tweeted that the popular The Fogbow forum had been hacked.
My server was hacked. I’m working on it as fast as possible. Thanks for your patience.
— ☼ bill bryan ☼ (@wlbryan) September 30, 2016
The individual taking responsibility calls themself “AnoaGhost.” It looks like AnoaGhost is/was a member of the AnonGhost hacking team, a group pro-Palestinian cyber terrorists. AnoaGhost has defaced thousands of web sites such as The Fogbow.
As of 1:33 PM today the Fogbow home page consists of the message “I’m working on it, folks.”
As for me, I just made a backup 😉
The Fogbow is back up as of 8 am, October 3, and back down again. Bryan says that his WordPress sites on the same virtual private server were infected by malware, leading to the compromise of the entire server. While he was able to restore The Fogbow, that malware still needed cleaning.
Update 2
The Fogbow is down again as of the evening of October 15. This time Google is reporting that Fogbow is hosting malware that may affect a visitor’s computer and throws up the big red screen that blocks access through certain browsers.
Apparently the Fogbow forum has been hacked. It comes up with a page claiming that which says “Hacked by Anoaghost – Indonesian Intelligent Security”.
I bet it was Soros and his army of evil Obots.
They hack so many Birther websites that every once in a while they get the wrong one. 😆
The provocative hacker message has been replaced by a message from Foggy: “I’m working on it, folks.”
I am still getting the hacker page but I would guess I need to flush the DNS cache to get rid of it. I emailed Foggy but I am sure he is busy doing a restore.
OK, I think Foggy’s message is on the home page. I am opening a direct link to the Active Topics page, which still shows the hacker page.
I’m almost impressed. The hacker somehow knew to also take over rhodagalaxy as well. Almost surprised they didn’t follow breadcrumbs over here and do the same. And his message was hardly “provocative” – just sad, really.
Not only that, his code won’t allow you to view the source code, at least not by right-clicking on the page. I hope the poor little fellow enjoys his hot shack and lack of a life while he acts like a 4 year old on the web.
I’m going to assume this was a pretty bad/harmful hack. If foggy doesn’t have it restored by now from a saved version, I’d say this may have gone deeper than just replacing the page. Ugh. Really hope he had a solid, recent backup. :/
I believe Foggy does daily backups. I know he hosts other websites on his server. His Tweet indicates that it was his server that was hacked.
I have pretty tight security over here, and run a different platform than The Fogbow.
Somebody on twitter tweeted some code they saw. It’s too small for me to read, and I wouldn’t understand it anyway.
” Shady Mitts @Shady_Mitt
#Oregonstandoff FOGBOW HACKED and TRACING IP ADDRESSES. DO NOT GO TO FOGBOW.COM attached is the web code for the hacked page”
https://twitter.com/Shady_Mitt/status/781873436993781760
What is fogbow.com?
Fogbow.com is one of the domains owned by Richard Skalsky. It redirects to his web site Fogstar.com. Rick Skalsky was the person identified by the clowns Zullo and Montgomery as RC, the owner of the Fogbow and contractor for DARPA.
Eesh. Must be really, really bad if it isn’t up by now. :/
I think he just tweeted fogbow dot com because he typed it instead of copy/paste. Unless Fogbow dot com is also hacked (and I don’t think it is).
That twitter account also posted a jpg of the hacked message that you show in your post.
I was being facetious.
OK, I should have picked up on that.
***embarrassed face***
Maybe he’s figuring what went wrong and fixing things so that it doesn’t happen again.
Okay I’m done checking for now, I think it may be toast for the day. I wish Foggy would send another tweet out. 🙁 I’ll check back here tonight to see if there’s been any forward motion.
Good thing the trial is done until Monday.
Foggy, posted on Facebook that the hosting company is restoring his server that includes all his websites to a point before he got hacked. I would imagine that could take a few hours.
Isn’t this usually when birthers claim Mike Zullo is hot on Bill Bryan’s trail and now Foggy is purging the evidence.
https://www.youtube.com/watch?v=OvyTY_oYR_c
False Flag! Foggy did it himself to try and make Genius Zullo look bad!
I’m tweakin’, man! I’m tweakin’!
Bummer, but the hacked page does play a catchy tune now.
Indonesian hacker, huh? Definitely must be connected to Obama! Yes, I got it all figured out now, Fogbow was hacked in a false flag attack in order to make the sheeple believe that Obots are victims!
Bill reports,as of 6 AM this morning, that that he is still waiting on a status report from his hosting company.
I’m going to go build a house. L8R.
Geez Doc, quiet day just building a house…
Me too. Without the Fogbow I feel like I like there are a million tiny bugs crawling under my skin towards my eyeballs to gorge on them.
isn’t there a chat page which is not hosted by foggy?
Yes, we used to use Chatzy as an alternative when the forum was down. All the old links I had were dead. I created a new Fogbow Emergency Chat Room if anyone is interested.
http://www.chatzy.com/83297543350024
I feel bad that Foggy’s insurance sites are down, probably a little more important than our forum, heh.
I would at least insist they take the freaking hacker page down for crying out loud. Free advertising for scumbag losers IMO. Pretty silly that is still up.
Tweets from Bill (as of 3 PM EDT):
bill bryan ☼ @wlbryan 9h9 hours ago
Apparently my hosting companty has accomplished nothing overnight. I asked for a status report, will call them at 7 Eastern,
☼ bill bryan ☼ @wlbryan 3h3 hours ago
Something seriously borked about my server. Doesn’t take this long to do a full restore from a backup. No answer to req. for status report.
☼ bill bryan ☼ @wlbryan 2h2 hours ago
I suspect they’re having some major problem with all their servers that must be fixed before they restore my virtual private server.
Sounds like Foggy’s hosting company doesn’t know about ZFS and automatic periodic snapshots. ZFS rollback is absolutely fantastic.
Were they (the hackers) doing this for kicks? Or were they after the fogbow? Or was this an election year attack against http://www.dwwc.net, the Democratic Women of Wake County, also showing as hacked by the same group of clowns. Looks like they trashed the entire hosting company.
From what I can tell they are vandals, pure and simple. They like wrecking other people’s stuff.
From the sounds of it, it wasn’t only Foggy’s site, sounds like the entire web host or whatever you want to call it got taken down.
I really dig the music!
Here is a partial list of 2171 sites defaced by AnoaGhost (Fogbow not listed):
http://www.zone-h.org/archive/notifier=AnoaGhost?zh=1
The AnonGhost group with which AnoaGhost is/was a member described itself in 2014 as an anti-Zionist group.
http://www.meethackers.com/2014/04/a-talk-with-mauritania-attackerthe.html
The Fogbow homepage is back up as of 8:25 AM
It looks like some of the forum software is there. Things are moving.
I get a “Forbidden” message when I try to access it. Also, too, I’m apparently “not authorized” to use the site.
john
Tomorrow the Fogbow forum will be alive and well again. On the other hand, you will still be an ignorant Birther.
In the meantime, what do I do with this empty Firefox tab on my computer???
At least there is Jen Peeples to look forward to this afternoon.
It’s not back yet. I think that is some sort of default page.
Interesting; occasionally at the TFB there are references to some birthers’ (and others’) anti-Semitism.
You could do what I’m doing, and poke the Roy Moore fan club ant hill with at stick! :3
They really HATE being reminded that their Christian champion is behaving in a decidedly unChristlike manner. I like to compound that with pointing out that what they want is a Christian version of Sharia Law. That really makes ’em mad!
The home page came up briefly this morning, and the forum link led to what looked like a shell phpBB (forum software) installation. Then it went protected, I guess while it’s being restored.
Still coming up forbidden, 9:29pm.
Drat.
Still down at 5:22 AM.
Eek!
And is still down. 🙁
It is back up. 🙂
From Foggy:
WE ARE NOT OUT OF THE WOODS YET, FOLKS.
ALL MY WORDPRESS SITES STILL CONTAIN MALWARE, WHICH IS HOW THEY TOOK OVER THE SERVER IN THE FIRST PLACE.
I THINK I HAVE A PLAN, BUT I SUBMITTED IT TO THE HOSTING COMPANY FOR APPROVAL. I MAY BE WORKING ON THAT ALL DAY TODAY.
HOWEVER, DON’T BE SHOCKED IF WE GET FULLY, COMPLETELY, HORRIBLY HACKED AGAIN. THE HACKERS STILL HAVE THE UPPER HAND, AS FAR AS I KNOW.
I WILL POST UPDATES ON FACEBOOK IF THAT HAPPENS: https://www.facebook.com/william.l.bryan.jr BETTER WRITE THAT DOWN.
UNTIL I HAVE FULLY DEFEATED THIS MENACE — WHICH I WILL — I WON’T BE POSTING ON FOGBOW. WHEN I HAVE IT ALL FIXED, I’LL BE BACK.
PLEASE NO TWEETS, OR PRIVATE MESSAGES ON TWITTER, FACEBOOK, YAHOO, OR GOOGLE+. I’M ON THIS, AND WOULD LIKE TO AVOID DISTRACTIONS WHILE I BATTLE THESE ASSHOLES.
THANK YOU FOR YOUR SUPPORT. ROUGH WEEKEND, AND MAYBE MORE ROUGH DAYS AHEAD. BUT I’LL CONTINUE THE STRUGGLE.
Interestingly, the hacker names and image I posted on this story are enough to trigger a false positive malware infection warning from one of the WordPress security plug-ins.
I found the character image on the hacking page in this YouTube video:
https://www.youtube.com/watch?v=AupyzlH7qH0
The character appears to be related (cover art?) to a song called “Black or White” by the group BlackYooh vs. siromaru. The character image is usually shown with inverted color. The hacker chose black. See:
https://osu.ppy.sh/s/200552
The Fogbow home page is back down, but the forum is up.
Bill had just attended some WordPress training, so I won’t offer suggestions on cleaning those sites, except to say that what I read says to install WordPress from scratch.
When status.obamaconspiracy.org got hacked, I just fixed a couple of files, but that was a far less sophisticated infection than Foggy’s.
Hey John, here’s another site you might like:
http://www.justitaly.org/index.html
The Fogbow is down again.
And it’s still down as of 6 am.
It looks like generic phpBB software is installed, but maybe not the database. The home page is giving a database error. I don’t know if the old CMS system The Fogbow used, Concrete5, issues that message, but it looks like a WordPress message. I know Bill wanted to convert the front end of The Fogbow to WordPress at one time, and maybe he’s taking this opportunity to get Concrete5 out of the mix.
Bill reports on Facebook that he finally has all the malware deleted (or at least the security software says so).
The Fogbow is back up. Apparently it was a problem with the database as you suspected Doc.
I hadn’t been paying attention. I guess the Fogbow homepage (which I always skip) was already in WordPress. It is, in any case, now.
Just plain HTML and CSS. Unless the embedded MP3 exploits some 0-day vulnerability, at least the web page doesn’t seem to be harmful. Not sure what they did to and with the database, though.
I’m AnoaGhost 🙂 , my last email anoaghost@gmail.com
For now im usinf shirotenshi@yahoo.com , i can inject again ur site , but for now im busy to my live cz i have problem with my job, so inbox me if u want get my solution for patch ur site 🙂
I cqn delete any bug there aite, cz i found new bug in there site, if u want i delete the bug, paid me $250 i will patch any bug on there site, cz for now i want money 😀
Inbox me on : biondaxtenshi@gmail.com or shirotenshi@yahoo.com
Is that gibberish suppose to mean something Shiro?
Nn,, shiro’tenshi is my callname on my specialist for hacking in my forum 😀 ,
So, AnoaGhost, you spend your time wrecking things, but what have you ever built? Nothing is my guess. You have never done anything constructive in your life. Why? Because wrecking things is easy and making a positive contribution is hard. You don’t have the guts or brains to do anything hard, do you?
You do something positive, the world notices and remembers. You wreck things and the world just tries to forget you and moves on.
AnoaGhost wants money, but he (or she) doesn’t want to actually work for it. Paying off a hacker only encourages more hacking.
This morning Fogbow returns “server can’t be found.”
Yikes. At least AnoaDickhead’s image isn’t there.
Whatever that was, they’re back up now.
Down again. To me anyway. DDOS?
Me too. Foggy mentioned he might change hosting. DNS servers may be still updating.
Mine isn’t even resolving the name. I get a DNS error.