Ten months on the attack site list for TAG

[Synchu]

Great find RG.
I thought some few months ago about coding a bot to do this scraping with some intelligence, i.e. skipping endpoints with scripts on the other side, and parsing/storing posts' authors, content and attachments. Basically, recreate the forum DB (albeit a simple backup of the existing one would make it quite a bit easier to transfer it elsewhere, but it does not seem possible for some reason).
Didn't manage to find the time, due to a lot of other stuff, but still will see what can I do in the next few weeks. It wouldnt hurt to have more than one copy
Niki

[R.G.]

Is there a way to upload these scrapbooked pages to a clean php BB? Would the malicious links land the new site on the blacklist again, or have they been deleted in the scrapbooked pages? I know little about BB apps, but it seems they are organized by threads and posts, with a lot of other attributes included. Can all of that be reproduced from the information you are compiling?

Those are the obvious questions, OK.

The downloader in concert with the shield software refuses to download anything from the malicious links, but there's still some tinkering to be done to ensure that the links are disabled. This is my first experience with scrapbook, so I don't really know how all this will turn out.

That's one reason I tried httrack first. It's good at reproducing structures. Don't know about scrapbook. But I figured securing a copy of the public pages would be a good start. These are only the pages I can see from my login, and any areas requiring additional authorization are skipped entirely.

In any case, I had to limit the download to only pages hosted on this domain; I had set up first level links, and some of those went for hours without downloading. Anyway, it's up to about 8000 pages downloaded. It'll still need computer patience.

[martin manning]

Here's someone who seems to know how to fix it: http://www.whitefirdesign.com/services/ ... eanup.html

[Phil_S]

Here's someone who seems to know how to fix it: http://www.whitefirdesign.com/services/ ... eanup.html

While I can't speak for anyone else, I certainly think we can raise the amount needed to pay the fee. I have no idea how to make any of it happen, though.

[JazzGuitarGimp]

Here's someone who seems to know how to fix it: http://www.whitefirdesign.com/services/ ... eanup.html

While I can't speak for anyone else, I certainly think we can raise the amount needed to pay the fee. I have no idea how to make any of it happen, though.

If $500 is the total fee, all we need it $5 from each of 100 members - that should be pretty easy to do. Count me in for $5...

[didit]

Good guys can help. The keys to the kingdom are required. those appear to be presently not present.

Best .. Ian

[R.G.]

That's the problem. The site administration password cannot be obtained.

What we can do from the outside is limited to saving what can be viewed from the outside.

[JazzGuitarGimp]

I imagine someone has already thought of this, but, I wonder:
- If, by chance, the password is still the one Omar set before he gave up control, and
- Does Omar still remember it?

[martin manning]

That's the problem. The site administration password cannot be obtained.

What we can do from the outside is limited to saving what can be viewed from the outside.

There's no other way in? If not, then maybe there is already some established process for cloning the site.

[Groove1]

Has the owner of the domain ampgarage.com administrator rights for the mysql databank? Or the rights for this webspace of the web server? Or for the web server generally?
I have read at a german webmaster forum you can kill the old password and install a new one if you have root privileges for the web server. But please don’t ask me how. I’m not familiar with SQL Databanks. Before you should make a backup for the mySQL databank and the forum software.

If it is a shared server, eventually it can do the supporter team of the hosting company for you. But if you lost the PW for your root server, I don’t have any idea.

I love this forum. If you collect for professional restore service, I'm game!

Best … Groove

[R.G.]

- If, by chance, the password is still the one Omar set before he gave up control, and
- Does Omar still remember it?

Here's what I can glean from the posts:

Posted: Wed Jul 22, 2015 4:43 am
Hi All, I am aware of the issue with Chrome and firefox. It seems the host was attacked over a month ago and we have a had a few site attacks that were quickly reversed. The AmpGarage was listed in Google's Spamblocker engine and that is why you are getting those messages. We haven't been hit in weeks and when scans are done on the site, it comes up clean. However, having Google release the site from their spam index is another story. It's not the site that is infected, it was our host that was attacked and Google listed all the sites hosted their with the same warning. I am working with Google and the host to remove the warning from our site.

Posted: Sun Nov 29, 2015 5:59 am Post subject: ****Site Problems Update**** Reply with quote
As you all know, the site was attacked in June of 2015 with a spam bot.
[...]
Making things a little tougher is that Omar's original database password was forgotten by him and is making it more difficult to upgrade to the newer version. I'm working with Omar and a PHP engineer to try to get the site updated in the near future.

Bottom line...I have to be very careful with the upgrade so we don't lose what we've built over 13 years! Thank you for your patience. I'm sure it will be a very short time until Google removes the site alert.

Posted: Tue Dec 01, 2015 9:29 pm
I feel really bad about this but I dug around some old backups and may have found something. I sent Allyn PM with the info. <fingers crossed>

These posts and a few others seem to imply but not clearly state that:
- the google warning cannot be cleared without updating the website's operating software
- the website software is out of date
- it can't be fixed without a password from Omar
- Omar had some hints, sent to Allynmey
- Allynmey is/was/has worked with Omar and a PHP engineer (?) to update the site
- those haven't panned out for one reason or another
- there is some danger of losing the whole site if this is done wrong

@Martin Manning: I am not an expert at PHP websites, but I'm assuming that there is not an alternate way in, otherwise in a year it would have been taken, not simply ignored.

@Groove1: We get little explicit information on who owns what, and I haven't done the detective work. So I don't know. I'm assuming, based on Allynmey's post that him working with Omar and the PHP engineer would have included who owned what pieces and who had (or didn't!) what password. The site is on shared hosting on a server, not its own server.

I did another capture pass. This one completed, but is one level shy of what was needed and misses some attachments to files buried down in the bottoms of threads. I'll do one more to try to get them all.

There is a problem with this approach, though. I found that Scrapbook builds its own non-standard index, not an HTML index. So it may be useful for capturing the content, but not the structure. Or the apparent structure, since I think the actual structure in a PHP site is MySQL. But I am not a web site expert.

[didit]

If Omar engaged the Whitefire crew in Martin's post they should be open to give a more definitive statement on how to migrate into a current safe system.

Anticipate needing to move the website onto a secure hosting operator & then pulling databases across using automation. Inevitably there's a few layers of "ownership" involved. Hopefully recoverable without too much time or money.

I'm certain the active garagistes can fund Whitefire's fees.

[R.G.]

If Omar engaged the Whitefire crew in Martin's post they should be open to give a more definitive statement on how to migrate into a current safe system.

There is a problem there, too. Without the system/admin/whatever passwords, the website software is fully engaged in trying to protect itself. The Whitefire, or other "cleaning crew" will need the passwords to get in and start cleaning/moving or to don their black hats and first crack the web site to get the thing opened up. They may not offer black hat service.

I did a bit more messing trying to get HTTRACK to copy the public parts of the site, but it gets diverted into a captcha entry for "Safe-Site" or some such, so there's a front end layer to keep things like this out.

To put it in seagoing terms, the ship is sailing on autopilot. The keys to the control room have been lost, and the doors welded shut. There are no machine tools on board suitable for getting into the control room. The lower level admins can still deploy lifeboats and run the galley, but can't steer the boat.

[rogb]

Count me in for $5 if TAG is having a whip round to get this monkey off the back!
Good work by all concerned, thank you!

[Phil_S]

I acknowledge in advance that I am out of my depth on fixing website problems. Maybe someone will be kind enough to explain briefly whether something like HTTrack website copier or other software of that ilk can be used to clone the site and thereby bypass the problems. Let's ignore for the purpose of my question matters of ownership and other complications that involve individuals. RG, I sense you are light years ahead of me on this, but I am simply wondering of this has been overlooked or if it just isn't the appropriate solution. Remember, I'm looking for a short answer -- about 10 words worth. Thanks for indulging me.

Phil