NOTE: The first title to this post was “my first DOS attack” which is what it appeared to be to me…now WordPress support has weighed in, so we don’t know exactly what it is….see follow up below.
UPDATE3: Looks like it is over, whatever it was. It fell off the radar yesterday 09/22 and has not returned.
Some readers may have noticed that my hit counter has been flying lately. Shortly after posting the 4th million real traffic count, it took off like a rocket. Initially I had attributed the increase to having the NASA “press conference on the state of the sun” story posted on Glenn Reynolds “Instapundit” which is known to make huge traffic increases.
But something odd happened, the post that was getting all the traffic had nothing to do with that story. Also, there was no trackback URL that indicated that the post getting all the attention was linked or referenced at some high traffic site like CNN or Drudge. The post that was getting all the traffic was a story and analysis I did some months ago about the differences in global temperature anomalies tending to be offset different. It turned out that GISS was much higher than UAS, RSS, or HadCRUT due to GISS choice of continuing to use an outdated baseline period instead of a more current one like the other metrics.
Here is the traffic report:
Blog Stats Increase due to DOS “something”
Saturday 09/20 23,486
Sunday 09/21 20,802 25,319
Monday 09/22 1,006
That specific post about the way the four global temperature anomaly metrics are presented differently created some angry rhetoric with some other bloggers, and there was also some bad behaviour from a specific commenter that I won’t go into except to say that person is no longer welcome here.
Since most DOS attacks tend to focus on the main URL, and since this DOS attack focused on the one specific story URL that made a few folks very angry, I’ll have to conclude that there is a connection. This DOS attack may have been aimed at creating a violation of the Terms of Service, so that WP would shut me down for “stuffing my own traffic”. Fortunately that’s been recognized for what it is and won’t happen now.
You know you’ve really “arrived” when you start getting DOS attacks that are content specific, I’ll wear it as a badge of honor, much like when newspaper and TV journalists get their first death threat for doing a story somebody doesn’t like. Some newsrooms order a cake with black frosting and skull and crossbones to celebrate. As a TV meteorologist, I never had a death threat over the weather, but I’ve been present to two in newsrooms that I recall.
For now, I’ve moved the post elsewhere to a new URL, and the attack has stopped. WordPress support is tracking back through cyberspace to nab the culprit. I don’t much care for these juvenile shenanigans, but it’s just a minor annoyance at this point. It’s more amusing than damaging.
But I thought I should let everyone know why I have had the sudden jump in “popularity”. When I do my end of month report, I’ll adjust the numbers accordingly to get an accurate count. It is funny how this worked out, a story showing the biggest baseline different at GISS compared to other metrics has caused me to question and possibly adjust my own numbers.
UPDATE: My first change only briefly stopped the attack, so we’ve gone to “plan b” Sunday numbers have been added to to reflect the moment, up from 18k earlier. Also note that in a large scale DOS attack, the numbers would be much higher. The numbers you see are only what gets through wordpress security to post spam comments and attempts at spam posts.
FOLLOW UP: I got the word from WordPress support on this:
Hi,
Our stats expert has had a look and found no evidence of a DoS or anything untoward. He says “the most plausible reason is an email newsletter featuring the URL, or else some other non-browser app loading the URL such as a feed reader. I have not been able to find any evidence of of a DDOS attempt or other “foul play.”
Separately, I’ve checked our security logs and see no other signs of activity that would normally indicate a blog under attack.
In short: we’re quite sure the traffic is genuine and doesn’t correspond with an attack of any kind.
Kind regards,
Alex
WordPress Support
And also this:
What we are sure of is that there’s no danger to your blog or WordPress.com. It’s not at all unusual for popular blogs to get a sudden surge in traffic for no obvious reason (and from no single identifiable source).
I don’t think there’s anything to fix or worry about: one of your posts is getting a lot of traffic for indeterminate reasons, and your stats accurately reflect that.
Kind regards,
Alex
WordPress Support
Odd, very odd. Maybe I’m just being pigheadedly cautious, but you’d think somebody would let me know where this traffic is coming from if it was in a newsletter or feed reader as they suggest. With nearly 50,000 new hits on a specific post, I have not picked up a corresponding amount of comments, which makes me “skeptical” about this traffic being real. Or, perhaps it really is from Instapundit as I thought originally, but its from some un-trackable web mechanism. The traffic continues even as I write this follow up. But we are seeing a drop now. – Anthony
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
Hi Anthony
Perhaps the attack is as a result of a teleconnection rather than a direct attack……
Anthony: I’ll adjust the numbers accordingly to get an accurate countM
It seems we are all into the “adjustment” game 🙂
A DOS attack is a badge of honor, congrats !
Do you know anyone, or have you done anything, that would make someone want to shut your site down?
“I’ll adjust the numbers…” Horrors! Say it isn’t so! Look what they’ve driven you to!
Seriously; nice job with handling this annoyance.
Sounds like this was not a particularly well thought out attack.
As much as a nuisance as it most assuredly is, it is, as you note, a sign that the forces of darkness have singled you out as a voice they are interested in silencing.
Will you be releasing the code you use to make these “Adjustments”? 🙂
I am jealous! Congratulations.
As a NetGeekette myself, WordPress geeks can run a packet capture on the traffic to the old URL, crack open the secondary IP address and finger the perps.
I am trying to remember who whined the loudest about that article…
Hmmmmm… I wonder if they know this is a Federal Felony?
Anthony,
I don’t know about death threats for weather forcasters I used to live in Seattle and alot of us were mumbling under our breath “If I could find that guy from (TV station here) I’d kill him!”
O’course there in sunny CA you have a bit less of the leaky stuff…
(Please note no weather forcasters were hurt in the typing of this response)
Congratulations Anthony,
The AGW gasbags are just attacking the messenger. An old story when they lack evidence (except of the cumputer generated kind). They truely think bits and bytes are reality. Ho, hum.
Please keep up the valiant fight. You are handling this so professionally.
Congrats Anthony,
You are definitely in the big time, what with good numbers not to have some one try to backdoor cause your shut down. I am so glad that you are level headed and take such youthful exuberance from an opponent in stride.
Congrats again
Bill Derryberry
They can’t handle the truth. That’s why the [people] running Tamino, Rabett, RealClimate, etc., routinely delete otherwise reasonable comments that easily deconstruct their AGW baloney.
They can’t handle the truth.
Cyberspace is rather unruly and I am grateful that these blog comments are moderated. It is a lot of extra work I am sure, but I have seen many blog comments made useless by a few determined trolls, which is, in a way, another type of DOS.
Reply: To the credit of the posters on this blog, there are very few ‘interventions’. – Anne
To Tarpon
“Do you know anyone, or have you done anything, that would make someone want to shut your site down?”
Are you really unaware, or is this naive humor?
Perhaps the attacks are originating onboard the Bio-Solar One, the Gore-ah’s Ark, a 100-foot houseboat, based on Center Hill Lake, and owned by the Goreacle himself.
http://www.julescrittenden.com/2008/09/15/gore-ahs-ark/
AGW first principle: Never discuss the message; destroy the messenger.
Congratulations!
Must be getting under someone’s thin skin. Keep up the good fight.
The first DOS was when you asked God for common sense . . . .
Global warming threatens the Winter Olympics.
Sigmund, Carl and Alfred: There Might Be Something To Global Warming
September 19, 2008
Sir Anthony
Casablanca….the movie
…Round up the usual suspects…
Smokey, nearly every thread at DotEarth has someone angry at the moderator, Andy Revkin, for not deleting skeptical comments, or banning skeptics. He’s a believer in CO2=AGW, but runs an honest forum.
=====================================
I’ll bet a Jackson it is just a script kiddie who got his panties in a bunch. (You know I am good for it, Anthony.)
May be just for the fun of it. My nameserver sshd was under constant brute force attack recently; mostly coming from Korea. The names and passwords chosen were very lame. I get the impression the attack was by script kiddies. You’d think they would have given up after I blocked access to all the whole world except for Canada and the U.S. I’ve since changed the port which hasn’t been discovered yet bu I’m not logging attempts to connect to non-extant ports so, — who knows? — they’re probably still at it. More evidence of kiddies. At least the attack wasn’t heavy enough to become a DOS.
OTOH, If it is really about the post, — well, I guess the truth is finally starting to hurt!
Been there, done that… it’s a weird feeling knowing someone is “attacking” your site. My car site, supporting 80s turbo Dodges, gets hit regularly from hundreds of China based IPs regularly.
It doesn’t have to make sense… but in your case, it probably does. Sadly.
In a previous life time, I worked on a Navy training contract (NPTU in Idaho Falls). If your name wasn’t inscribe on the s**t house walls, you weren’t doing your job!
Congratulations on the affirmation of your effectiveness!
Steamboat Jack
Anthony,
I protest againgst depicting the Goths, Vandals and Huns as barbarians, wo brought civilization a.k.a. Roman empire to its knees. When you read Gibbon carefully, he provides an alternative reason, as proposed first by Voltaire, who blamed Christianity for the fall of the Roman empire. The functional elite of the empire was educated scientifcally, under the influence of neo-platonic philosophy, and was very sceptical to the upcoming new religion (imperial religion since 391). Beginning in the second half of fourth century, this elite was moved out of office, but could not be replaced with christian personnel of the same quality. Typical was the fate of Hypathia, a professor of mathematics and philosophy at the University of Alexandria, who was lapidated for being a heathen witch.
DOS attack is a new term to me. I had to look that one up. Basically its the work of a hacker who tries to gum up a website so that its service is slowed or stopped. That sounds exactly like the type of criminal activity an AGW believer would engage in. In my opinion hackers of all types should be severely punished if they are convicted of internet crime. Whether they are pranksters or serious criminals they can cause a great deal of financial damage. And they force all of us to use internet security systems to fend off their malicious software. Those systems are costly and slow down our PCs.
Anyway if they catch him, I’m for hanging him. At the very least a long prison sentence should be imposed.
….some months ago about the differences in global temperature anomalies tending to be offset different. It turned out that GISS was much higher than UAS, RSS, or HadCRUT due to GISS choice of contuniung to use an outdated baseline period instead of a more current one like the other metrics.
I guess one the privileges of a blogger is the ability to rewrite history. The story was a comparison of the different data series in which you embarrassingly failed to account for the different offsets, revealing that you had not done even the basic homework before posting. Where is the piece now by the way?
Oh, and speaking of schoolboy errors, your headline on the Christy and Douglass paper is factually wrong. The paper does not claim CO2 forcing peaked in 1998,
A plot of ln (CO2) is found to be nearly linear in time over the interval 1979-2004.
And in a comment reply you confuse Delta-T with Delta-F. Seems anyone coming here for reliable coverage of this issue is making a category error …