Our hosting company has received a complaint that freethoughtblogs.com has been engaging in fraudulent activities by scamming individuals out of their money and personal information
. They provide no specifics.
Also, they name of the complainant is Deathlord Al-Zawahiri
. I tremble in fear.
I do not see how Bluehost could possibly take this bullshit seriously, but now I get to try and resolve the potential problem. If we suddenly go offline, blame Deathlord Al-Zawahiri
.
If you can’t trust Deathlord Al-Zawahiri, who can you trust?
Yeah, right, ‘cuz no one ever uses their real name when making valid complaints about real TOS violations or abuses.
Well, this is fun. I’m trying to respond to this complaint before we get shut down, and am apparently chatting with someone from India very very slowly. While they sent the complaint to me at my address, they are now trying to confirm it’s me by pinging Ed Brayton’s email account.
I hope it works, it’d be nice to say hi to Ed again, even if he is going to be pissed about being resurrected by a South Asian call center.
I miss Ed.
@ ^ Mikey : Me too.Dispatches from the Cultural Wars generally.
So, any rando can shut a site down by making unsubstantiated accusations?
Looks like a DNS issue at the moment.
If you know how you can check the “whois” for the domain. I did just to see if it expired and got bought by scammy people. But it also has DNS servers listed for the domain. Those are cloudflare systems that give the right IP address. But even cloudflare’s 1.1.1.1 public DNS server doesn’t relay these IP addresses. So yeah, someone doesn’t like you and DNS is just how they’re yanking your chain.
You can reach the site like I did by linking the hostname to the correct IP in a hosts file but I’d be surprised if very many people did that. It’s a bit convoluted.
Yeah, that’s how I got here. Using the IP address as a URL doesn’t work, though — cloudflare doesn’t like it.
It sure is quiet around here.
According to the freethoughtblogs whois record, the name servers are:
Name Server: DINA.NS.CLOUDFLARE.COM
Name Server: MATT.NS.CLOUDFLARE.COM
And those name servers resolve just fine:
$ nslookup DINA.NS.CLOUDFLARE.COM
Non-authoritative answer:
Name: DINA.NS.CLOUDFLARE.COM
Address: 173.245.58.107
Name: DINA.NS.CLOUDFLARE.COM
Address: 172.64.32.107
Name: DINA.NS.CLOUDFLARE.COM
Address: 108.162.192.107
Name: DINA.NS.CLOUDFLARE.COM
Address: 2803:f800:50::6ca2:c06b
Name: DINA.NS.CLOUDFLARE.COM
Address: 2606:4700:50::adf5:3a6b
Name: DINA.NS.CLOUDFLARE.COM
Address: 2a06:98c1:50::ac40:206b
$ nslookup MATT.NS.CLOUDFLARE.COM
Non-authoritative answer:
Name: MATT.NS.CLOUDFLARE.COM
Address: 172.64.33.131
Name: MATT.NS.CLOUDFLARE.COM
Address: 173.245.59.131
Name: MATT.NS.CLOUDFLARE.COM
Address: 108.162.193.131
Name: MATT.NS.CLOUDFLARE.COM
Address: 2a06:98c1:50::ac40:2183
Name: MATT.NS.CLOUDFLARE.COM
Address: 2606:4700:58::adf5:3b83
Name: MATT.NS.CLOUDFLARE.COM
Address: 2803:f800:50::6ca2:c183
And DINA (172.64.32.107, among other addresses) knows how to resolve freethoughtblogs.com:
$ nslookup freethoughtblogs.com 172.64.32.107
Server: 172.64.32.107
Address: 172.64.32.107#53
Name: freethoughtblogs.com
Address: 104.21.234.50
Name: freethoughtblogs.com
Address: 104.21.234.51
I put the above address for DINA in my router DNS settings, and that’s how I got here.
… Are you sure the problem is with Bluehost, and not with Cloudflare? Maybe the false claim to Bluehost was itself a red herring, or only one prong of the attack.
Holy shit.
I just went back and checked the WHOIS record.
I’m not pasting the whole thing, but:
Domain Name: FREETHOUGHTBLOGS.COM
Registry Domain ID:
Registrar WHOIS Server: whois.fastdomain.com
Registrar URL: http://www.fastdomain.com
Updated Date: 2024-02-25T16:18:31Z
Creation Date: 2011-02-17T16:31:40Z
Registrar Registration Expiration Date: 2026-02-17T16:31:40Z
Registrar: FastDomain Inc.
Registrar IANA ID: 1154
Reseller:
Domain Status: clientHold https://icann.org/epp#clientHold
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
… You might want to check that “clientHold” link
Legal disputes?
https://linksoftwarellc.com/blog/how-to-get-your-domain-name-out-of-clienthold-status/
I’m not sure how one does this, but the contact details for the domain record need to be updated from Ed Brayton to someone who is still alive. Hope things get back to normal soon.
The whois record has PZ’s contact details for both Registrant and Admin. The Registrant name does say
-PLEASE SELECT-,but the other details match.
Ed Brayton left Freethoughtblogs for Patheos many years ago (2015, I think), and I would have thought that the freethoughtblogs domain handover to PZ was done at that time.
@7:
Well, the hardest bit (after it was indicated that this is only a DNS issue) was finding the right IP to put in there. I figured that finding what anyone else using cloudlare gets would be a good start, but then you have to find someone else that uses cloudflare, and while cloudflare errors are relatively frequent I don’t remember exactly where I’ve seen them before… I tried goodling “blogs that use cloudflare” not really expecting to get very far, but the #2 hit on that was “The Cloudflare Blog” (doh!) and they dogfood.
@14 https://dnshistory.org/dns-records/freethoughtblogs.com
Dang, that last link is quite handy. Thanks for sharing! In case anyone hasn’t figured out the /etc/hosts entries by now, they’re:
104.21.234.50 freethoughtblogs.com
104.21.234.51 freethoughtblogs.com
Not much to report from this side of the fence. Bluehost is not budging, and PZ continues to work the case. Grabbing another domain and pointing it to the hardware is only a partial solution, as parts of the site could break, but that’s still an option.
“not budging” in the sense of upholding the complaint, or in the sense of quibbling about who has authority to even make the argument?
Also, it can work for Windows users too: the file is C:\Windows\System32/drivers/etc/hosts (assuming you’re installing on C: and under a directory called Windows, both of which are negotiable but you would probably know that if you chose differently…)
It looks like PZ is setup as the admin contact for the domain as far as I can tell. I don’t see anything about Ed Brayton in the whois data. I’ve never had to do this myself but it looks like PZ could just reach out to the registrar at http://www.fastdomain.com and get them to fix it. They have can reach out using the admin contact info in the whois record.
Of course if bluehost are being jerks they could always stop the site at the webserver. But regaining control of the domain to use elsewhere would not be an issue. Just have to make sure to either manually remove bluehost as the tech contact on the domain or ask fastdomain to do it ASAP.
In short if problems persist it looks like the domain could be salvaged even if working with the hosting provider proves to be a dead end.
@19:
Bluehost appear to be the registrar who have placed the block on the domain – hosting is elsewhere and I doubt they have any influence over that at all. Bluehost and FastDomain are both subsidiaries of EIG, but for certain functions (like I suspect domain registration) they are going to be effectively the same thing.
Unfortunately that means bluehost are absolutely the ones you need to play ball on this and if they don’t, taking it to ICANN might be the only avenue.
More unfortunately, the complaint letter shows both a lack of English and a lack of thinking which makes achieving anything at the very least within their customer support function unlikely.
Only problem with that is if you actually go to the fastdomain website, you will see, in the corner: “Powered by Bluehost.
Still, it might be worth trying to contact them anyway. Maybe the problem really is with a different department, and a different technical support line will be able to connect to someone who can actually fix things.
https://www.fastdomain.com/contact_us
Technical Support
Help Center: Click here
Telephone: 888-210-3278
Outside the U.S.: +1801-765-9400
Telephone support is available
24 hours a day 7 days a Week
Sudden horrible paranoid thought:
It couldn’t be possible that “Deathlord Al-Zawahiri” is in fact an employee of Bluehost, and he is deliberately keeping the issue open and the domain in “Client Hold” state, could it?
Has anyone pointed out to PZ, and the Pharyngula bloggers, that they can get back in to the server here using the hosts file or adding the cloudflare name server to their own router DNS config? I thought he knew, but it occurs to me that perhaps he doesn’t.
I doubt it, the dates in the WHOIS records point to some automated process causing the issue. Still, stranger things have happened.
Yep, I did it four days ago, and he picked up what I was putting down.
A miracle has occurred.
Pharyngula has been resurrected from the dead.
And, this time there are a lot of witnesses and documentation.
I have no idea how PZ Myers did it but congratulations.
Bad news, it seems the domain is out of our control for some time. In the meantime, I’ve set up a temporary workaround: proxy.freethought.online takes advantage of nginx’s ability to act like a proxy, and essentially does a Mallory-in-the-middle attack on FtB’s webserver. All links are re-written on-the-fly, and I’m even able to log into my account and post comments.
I’ll pitch PZ on something less duct-tape and bailing wire, reconfiguring FtB’s servers to work with another domain name, but this’ll do temporarily.
I’m sure this is a good idea.
Well, almost sure.
Is there any way to translate this to English for people like myself who aren’t internet experts.
What are hosts files, where do I find the “cloudflare name server”, and where do I find my router DNS config?
As most have picked up, the troll Deathlord Al-Zawahiri is claiming to be an al-Qaeda Islamic terrorist.
He is named after al-Zawahiri, the previous leader of al-Qaeda, killed by US forces in 2022.
If you can’t trust an Islamic terrorist, who can you trust?
@ ^ raven : Trust to do what?
Our nemesis defeated..
At least for now..
Here’s hoping he stays defeated. Anything we can do to help it stay that way?
So what was that all about? Anyone care to give a TLDR?
I know it’s not PZ’s fault but it’s kind of annoying when FtB goes down for days at a time.
I take it issues are ongoing but Hornbeck’s done some magic as a temporary fix. (Thanks Hornbeck.) See # 26.
Maybe he’ll do a post on his own blog to explain what’s going on. (Reprobate Spreadsheet)
A little clarification would be appreciated. I tried just entering the numerical address in the browser, and got a message from Cloudflare that it could not be accepted. If I enter the number and domain name in the browser, it sends me to an information site, but not to freethoughtblogs itself. I added the number and the domain name to the Hosts file, but since now everything is working again I’m not sure whether this would work by itself or whether something else would be required.
It’s been a long time since I played with hosts. Long ago I had DNS server issues, and added a few sites to the file for when the servers got messed up, and had a few dead-ends for off-site advertisers that hung up the browser, but haven’t needed to do it recently.
@33:
Nope, that is enough to bypass the failing DNS.
I think that the reason that the numerical address doesn’t work is because a browser sends a “Host” string as part of the request. Websites are virtualized, and I suspect that the numerical address might serve more than one virtualized website running on their internal network. Without the correct Host string, the server can’t know which server you actually want.
Another possibility is that a DDOS might be based on just the IP address. So a cheap DDOS safeguard is to reject bare IP address requests. It’s obviously not perfect, since the DDOSers can add the Host header as well, but it’s something.
@Hj Hornbeck: It looks like the ClientHold status is no longer on the domain, so why are any workarounds needed?
Thanks for the clarification. With luck the host file will not be needed anyway, but it’s good to know.
@28: Dude sounds like he’s a 12 year old edgelord, quite frankly. 🙄
1) Hosts files are simple text files that contain the numerical addresses that the internet routing system uses, and a text string that corresponds to the server that you want.
1a) On Unix(-like) systems, this file is located at
/etc/hosts1b) On Windows(-like) systems, this file is located at
C:\Windows\System32\drivers\etc\hostsIt even has brief header explaining what the file is and how entries should look.
As noted, adding these entries will allow connections to freethoughtblogs to be made:
104.21.234.50 freethoughtblogs.com
104.21.234.51 freethoughtblogs.com
1c) Doing this on an Android or IOS tablet or phone is possible but very painful, involving rooting/jailbreaking the device.
3) “router DNS config”
3a) Note that the details I give below can vary! Don’t assume that everything I write applies to your network. You should have manuals or other materials that describe how your internal network is configured.
3b) Generally speaking, if you want multiple computers/tablets/phones to all connect to the server without needing to edit the
hostsfile, it’s better to modify the DNS settings of the router that all them are using. You can’t do this for a network that you don’t own, obviously, but at home, you should have a router that connects your computer and other devices to the internet. There is usually a way to configure it from a computer that is connected to it. Most use a web server. The internal network is usually set up to use the address of192.168.1.*(where the “*” represents a number that is assigned to various computers on the network), and the router itself is usually192.168.1.1. You would connect to the router by putting the following in your browser address bar:http://192.168.1.1/It will probably prompt you for a username and password. These can vary based on the router model and manufacturer. The manual that came with your router may have the default password; other routers have the passwords on stickers that are on the routers themselves. Note that there may be a different administrative username and password as well.
Once you are connected in to your router, there should be a way to configure networking. By and large, the system will be set up to accept the default configuration provided by your ISP, and changes will not need to be made. But if you do want to connect to a server that is up, but not being resolved properly, you can change the DNS settings of your network. What you would have needed to do in this case is add the server that knows the freethoughtblogs domain as your DNS, putting in those numbers in the DNS section.
Which brings me to:
2) where do I find the “cloudflare name server”
I ran the “whois freethoughtblogs.com” command (you can also to a web search, which should bring up similar information). It’s a long block of technical text, but the important part here are these entries:
Name Server: DINA.NS.CLOUDFLARE.COM
Name Server: MATT.NS.CLOUDFLARE.COM
Those are the Cloudflare DNS servers that know how to resolve freethoughtblogs.com. Those servers did not go down or have problems — they just weren’t talking to the rest of the DNS system about freethoughtblogs.com. If you look up at comment #10, you can see that I ran the
nslookupcommand on both of those servers. Any of the IP addresses returned should work (use the addresses with periods rather than with colons) — you would just put that address as the DNS server in your router, and it should work to resolve the non-resolving domain.I think. As usual, I don’t know everything, and it’s possible that some configuration change may mess something else up.
I run my own local BIND instance, which is not entirely truthful about certain domains I don’t want bothering me; so I can just add a zone file for FTB.
Thanks to those who noticed my technically correct answer was not very high on practical usefulness what with two things with different names being subsidiaries of the same corp. My inner cynical monopolist slash capitalist pig was asleep at the wheel (if I have one).
As far as editing hosts files… My advice differs depending on how technically adept you are in this particular area.
If you could follow along pretty easily with a description simply saying to grab the whois info, use the cloudflare DNS providers in it to get the IP for freethoughtblogs.com and put it in your hosts file then do whatever you like. If you screw something up you’ll figure it out sooner or later. :)
For everyone else, I would put a number symbol (the # to be specific) at the front of the line. Doesn’t matter what OS you’re on, it works the same.
Where before they looked like this:
Now they should look like this:
If you added two lines for freethoughtblogs.com do the same for both lines.
WHAT THIS MEANS:
The # symbol tells your system to ignore the rest of that line. So in this case, all of it. You’re using DNS when navigating to freethoughtblogs.com again. However you still have that information there and if it goes down again you can do an internet search to find your hosts file again, edit it to remove the # in the line(s) with freethoughtblogs.com, save it (don’t forget this part!), and you’ll no longer require DNS to find the site. As long as it’s up and remains at the same place (a near certainty unless they move hosting providers).
Congratulations, you’re now using one of the same tricks system or network administrators use when they mess up and break DNS. :)
Silentbob:
I should, actually. It’s often very helpful to do a post-mortem after any event like this, and it would give non-technical readers an idea of what’s happening behind the scenes.
Owlmirror:
It’s not! As luck would have it, I only figured out the secret sauce to make that workaround work an hour or two before Bluehost gave in, and the last messages I got from PZ were pessimistic about the domain being released. The only cost of the workarounds was an hour or two of time as I poked away at an nginx configuration file, though, so I don’t have much incentive to tear them down.
Thanks for commenting on the technical details, as well.
If it’s really Al-Zawahiri then he truly is a deathlord.
But seriously, I doubt that a Muslim would choose “Deathlord Al-Zawahiri” as their nickname. I suspect it’s some Christian conservative extremist with an unhealthy obsession for Islam.