NOTE: The first title to this post was “my first DOS attack” which is what it appeared to be to me…now WordPress support has weighed in, so we don’t know exactly what it is….see follow up below.
UPDATE3: Looks like it is over, whatever it was. It fell off the radar yesterday 09/22 and has not returned.
Some readers may have noticed that my hit counter has been flying lately. Shortly after posting the 4th million real traffic count, it took off like a rocket. Initially I had attributed the increase to having the NASA “press conference on the state of the sun” story posted on Glenn Reynolds “Instapundit” which is known to make huge traffic increases.
But something odd happened, the post that was getting all the traffic had nothing to do with that story. Also, there was no trackback URL that indicated that the post getting all the attention was linked or referenced at some high traffic site like CNN or Drudge. The post that was getting all the traffic was a story and analysis I did some months ago about the differences in global temperature anomalies tending to be offset different. It turned out that GISS was much higher than UAS, RSS, or HadCRUT due to GISS choice of continuing to use an outdated baseline period instead of a more current one like the other metrics.
Here is the traffic report:
Blog Stats Increase due to DOS “something”
Saturday 09/20 23,486
Sunday 09/21 20,802 25,319
Monday 09/22 1,006
That specific post about the way the four global temperature anomaly metrics are presented differently created some angry rhetoric with some other bloggers, and there was also some bad behaviour from a specific commenter that I won’t go into except to say that person is no longer welcome here.
Since most DOS attacks tend to focus on the main URL, and since this DOS attack focused on the one specific story URL that made a few folks very angry, I’ll have to conclude that there is a connection. This DOS attack may have been aimed at creating a violation of the Terms of Service, so that WP would shut me down for “stuffing my own traffic”. Fortunately that’s been recognized for what it is and won’t happen now.
You know you’ve really “arrived” when you start getting DOS attacks that are content specific, I’ll wear it as a badge of honor, much like when newspaper and TV journalists get their first death threat for doing a story somebody doesn’t like. Some newsrooms order a cake with black frosting and skull and crossbones to celebrate. As a TV meteorologist, I never had a death threat over the weather, but I’ve been present to two in newsrooms that I recall.
For now, I’ve moved the post elsewhere to a new URL, and the attack has stopped. WordPress support is tracking back through cyberspace to nab the culprit. I don’t much care for these juvenile shenanigans, but it’s just a minor annoyance at this point. It’s more amusing than damaging.
But I thought I should let everyone know why I have had the sudden jump in “popularity”. When I do my end of month report, I’ll adjust the numbers accordingly to get an accurate count. It is funny how this worked out, a story showing the biggest baseline different at GISS compared to other metrics has caused me to question and possibly adjust my own numbers.
UPDATE: My first change only briefly stopped the attack, so we’ve gone to “plan b” Sunday numbers have been added to to reflect the moment, up from 18k earlier. Also note that in a large scale DOS attack, the numbers would be much higher. The numbers you see are only what gets through wordpress security to post spam comments and attempts at spam posts.
FOLLOW UP: I got the word from WordPress support on this:
Our stats expert has had a look and found no evidence of a DoS or anything untoward. He says “the most plausible reason is an email newsletter featuring the URL, or else some other non-browser app loading the URL such as a feed reader. I have not been able to find any evidence of of a DDOS attempt or other “foul play.”
Separately, I’ve checked our security logs and see no other signs of activity that would normally indicate a blog under attack.
In short: we’re quite sure the traffic is genuine and doesn’t correspond with an attack of any kind.
And also this:
What we are sure of is that there’s no danger to your blog or WordPress.com. It’s not at all unusual for popular blogs to get a sudden surge in traffic for no obvious reason (and from no single identifiable source).
I don’t think there’s anything to fix or worry about: one of your posts is getting a lot of traffic for indeterminate reasons, and your stats accurately reflect that.
Odd, very odd. Maybe I’m just being pigheadedly cautious, but you’d think somebody would let me know where this traffic is coming from if it was in a newsletter or feed reader as they suggest. With nearly 50,000 new hits on a specific post, I have not picked up a corresponding amount of comments, which makes me “skeptical” about this traffic being real. Or, perhaps it really is from Instapundit as I thought originally, but its from some un-trackable web mechanism. The traffic continues even as I write this follow up. But we are seeing a drop now. - Anthony