Dearest Members & Visitors to the little Fountain Pen Nut house on the digital prairie,
As you may have noticed, we had some weird behaviour on FPN with unfortunate redirects for some, to sites we don't particularly want to mention. This appeared to affect mostly members from the US, the UK and Australia, and in most cases people logging in from an iPhone, iPad or Mac, although people accessing FPN from search engine results sometimes also seemed to be affected.
We decided to turn the board offline, and carry out a very thorough investigation as to the possible causes. The appearance this behaviour had was that of a root kit infestation, i.e., a virus or trojan on the server itself. This was rather strange, as we do scans every day for this, and our security is rather tight and high.
Extremely thorough and deep scans learned that there was no infection on our server, and neither were any of the files stored on FPN infected in any way. To make doubly sure, we also investigated all 6700+ files of the board software manually, to see if no unexpected additions were made to the code. While we are at it, we also rather agressively deleted any stuff still remaining from previous software versions, and checked if any security measure to prevent anybody from accessing the server, software and files in an unauthorized way were still in place as they were supposed to - they were.
Amnyway, all of these actions proved that we were absolutely and squeaky clean.
Next step was to check the database for problems. This also proved to be clean.
Considering the type of problem encountered, we have put the board software upgrade forward now, even if this means losing some functionality of the board temporarily. The new software is capable of dealing with this type of attack very effectively, while our current software can't.
What we will temporarily lose, is our beautiful skins. We will do our utmost, however, to get those back as quickly as possible.
Yesterday we found out, thanks to some very thorough and clever tricks carried out by the server hosting team, that there appeared to be two DNS servers for our domain, one hosted here on our own server, which is the way it has been set up from the beginning, and recorded as such with our domain registrar, and a second server, active from April 23, which was pointing to the malevolent site. With the aid of our registrar we could resolve this, but unfortunately it meant that we were offline again for a while.
The domain registrar security team is investigating how this could have happened, and what can be done about it. Essentially this was a compromised DNS server, so it is something that should not have happened, but unfortunately did. We'll leave it at that for now, as it can't happen again with the actions taken by the registrar team.
Anyway, enjoy the new FPN, FPN in a diffferent outfit as it were .
The FPN Admin Team