My first “something” attack

NOTE: The first title to this post was “my first DOS attack” which is what it appeared to be to me…now WordPress support has weighed in, so we don’t know exactly what it is….see follow up below.

UPDATE3: Looks like it is over, whatever it was. It fell off the radar yesterday 09/22 and has not returned.

Some readers may have noticed that my hit counter has been flying lately. Shortly after posting the 4th million real traffic count, it took off like a rocket. Initially I had attributed the increase to having the NASA “press conference on the state of the sun” story posted on Glenn Reynolds “Instapundit” which is known to make huge traffic increases.

But something odd happened, the post that was getting all the traffic had nothing to do with that story. Also, there was no trackback URL that indicated that the post getting all the attention was linked or referenced at some high traffic site like CNN or Drudge. The post that was getting all the traffic was a story and analysis I did some months ago about the differences in global temperature anomalies tending to be offset different. It turned out that GISS was much higher than UAS, RSS, or HadCRUT due to GISS choice of continuing to use an outdated baseline period instead of a more current one like the other metrics.

Here is the traffic report:

Blog Stats Increase due to DOS “something”

Saturday 09/20     23,486
Sunday   09/21     20,802
25,319
Monday  09/22     1,006

That specific post about the way the four global temperature anomaly metrics are presented differently created some angry rhetoric with some other bloggers, and there was also some bad behaviour from a specific commenter that I won’t go into except to say that person is no longer welcome here.

Since most DOS attacks tend to focus on the main URL, and since this DOS attack focused on the one specific story URL that made a few folks very angry, I’ll have to conclude that there is a connection. This DOS attack may have been aimed at creating a violation of the Terms of Service, so that WP would shut me down for “stuffing my own traffic”. Fortunately that’s been recognized for what it is and won’t happen now.

You know you’ve really “arrived” when you start getting DOS attacks that are content specific, I’ll wear it as a badge of honor, much like when newspaper and TV journalists get their first death threat for doing a story somebody doesn’t like. Some newsrooms order a cake with black frosting and skull and crossbones to celebrate. As a TV meteorologist, I never had a death threat over the weather, but I’ve been present to two in newsrooms that I recall.

For now, I’ve moved the post elsewhere to a new URL, and the attack has stopped. WordPress support is tracking back through cyberspace to nab the culprit. I don’t much care for these juvenile shenanigans, but it’s just a minor annoyance at this point. It’s more amusing than damaging.

But I thought I should let everyone know why I have had the sudden jump in “popularity”. When I do my end of month report, I’ll adjust the numbers accordingly to get an accurate count. It is funny how this worked out, a story showing the biggest baseline different at GISS compared to other metrics has caused me to question and possibly adjust my own numbers.

UPDATE: My first change only briefly stopped the attack, so we’ve gone to “plan b” Sunday numbers have been added to to reflect the moment, up from 18k earlier. Also note that in a large scale DOS attack, the numbers would be much higher. The numbers you see are only what gets through wordpress security to post spam comments and attempts at spam posts.

FOLLOW UP: I got the word from WordPress support on this:


Hi,

Our stats expert has had a look and found no evidence of a DoS or anything untoward.  He says “the most plausible reason is an email newsletter featuring the URL, or else some other non-browser app loading the URL such as a feed reader. I have not been able to find any evidence of of a DDOS attempt or other “foul play.”

Separately, I’ve checked our security logs and see no other signs of activity that would normally indicate a blog under attack.

In short: we’re quite sure the traffic is genuine and doesn’t correspond with an attack of any kind.

Kind regards,
Alex
WordPress Support

And also this:

Hi Anthony,
We don’t know where the traffic is coming from; all I can tell you is that our stats guys believe it is organic (i.e. genuine browser traffic, not from a single source, not a bot or script or other automated trickery).  We can speculate as to possible reasons but there’s no way for us to confirm or identify them.

What we are sure of is that there’s no danger to your blog or WordPress.com.  It’s not at all unusual for popular blogs to get a sudden surge in traffic for no obvious reason (and from no single identifiable source).

I don’t think there’s anything to fix or worry about: one of your posts is getting a lot of traffic for indeterminate reasons, and your stats accurately reflect that.

Kind regards,
Alex
Wordpress Support


Odd, very odd. Maybe I’m just being pigheadedly cautious, but you’d think somebody would let me know where this traffic is coming from if it was in a newsletter or feed reader as they suggest. With nearly 50,000 new hits on a specific post, I have not picked up a corresponding amount of comments, which makes me “skeptical” about this traffic being real. Or, perhaps it really is from Instapundit as I thought originally, but its from some un-trackable web mechanism. The traffic continues even as I write this follow up. But we are seeing a drop now. – Anthony

About these ads

79 thoughts on “My first “something” attack

  1. “I’ll adjust the numbers…” Horrors! Say it isn’t so! Look what they’ve driven you to!

    Seriously; nice job with handling this annoyance.

  2. Sounds like this was not a particularly well thought out attack.

    As much as a nuisance as it most assuredly is, it is, as you note, a sign that the forces of darkness have singled you out as a voice they are interested in silencing.

  3. I am jealous! Congratulations.

    As a NetGeekette myself, WordPress geeks can run a packet capture on the traffic to the old URL, crack open the secondary IP address and finger the perps.

    I am trying to remember who whined the loudest about that article…

    Hmmmmm… I wonder if they know this is a Federal Felony?

  4. Anthony,

    I don’t know about death threats for weather forcasters I used to live in Seattle and alot of us were mumbling under our breath “If I could find that guy from (TV station here) I’d kill him!”

    O’course there in sunny CA you have a bit less of the leaky stuff…

    (Please note no weather forcasters were hurt in the typing of this response)

  5. Congratulations Anthony,

    The AGW gasbags are just attacking the messenger. An old story when they lack evidence (except of the cumputer generated kind). They truely think bits and bytes are reality. Ho, hum.

    Please keep up the valiant fight. You are handling this so professionally.

  6. Congrats Anthony,
    You are definitely in the big time, what with good numbers not to have some one try to backdoor cause your shut down. I am so glad that you are level headed and take such youthful exuberance from an opponent in stride.

    Congrats again

    Bill Derryberry

  7. They can’t handle the truth. That’s why the [people] running Tamino, Rabett, RealClimate, etc., routinely delete otherwise reasonable comments that easily deconstruct their AGW baloney.

    They can’t handle the truth.

  8. Cyberspace is rather unruly and I am grateful that these blog comments are moderated. It is a lot of extra work I am sure, but I have seen many blog comments made useless by a few determined trolls, which is, in a way, another type of DOS.

    Reply: To the credit of the posters on this blog, there are very few ‘interventions’. – Anne

  9. To Tarpon

    “Do you know anyone, or have you done anything, that would make someone want to shut your site down?”

    Are you really unaware, or is this naive humor?

    Perhaps the attacks are originating onboard the Bio-Solar One, the Gore-ah’s Ark, a 100-foot houseboat, based on Center Hill Lake, and owned by the Goreacle himself.

    http://www.julescrittenden.com/2008/09/15/gore-ahs-ark/

    AGW first principle: Never discuss the message; destroy the messenger.

  10. Global warming threatens the Winter Olympics.

    Sigmund, Carl and Alfred: There Might Be Something To Global Warming
    September 19, 2008

  11. Smokey, nearly every thread at DotEarth has someone angry at the moderator, Andy Revkin, for not deleting skeptical comments, or banning skeptics. He’s a believer in CO2=AGW, but runs an honest forum.
    =====================================

  12. I’ll bet a Jackson it is just a script kiddie who got his panties in a bunch. (You know I am good for it, Anthony.)

  13. May be just for the fun of it. My nameserver sshd was under constant brute force attack recently; mostly coming from Korea. The names and passwords chosen were very lame. I get the impression the attack was by script kiddies. You’d think they would have given up after I blocked access to all the whole world except for Canada and the U.S. I’ve since changed the port which hasn’t been discovered yet bu I’m not logging attempts to connect to non-extant ports so, — who knows? — they’re probably still at it. More evidence of kiddies. At least the attack wasn’t heavy enough to become a DOS.

    OTOH, If it is really about the post, — well, I guess the truth is finally starting to hurt!

  14. Been there, done that… it’s a weird feeling knowing someone is “attacking” your site. My car site, supporting 80s turbo Dodges, gets hit regularly from hundreds of China based IPs regularly.

    It doesn’t have to make sense… but in your case, it probably does. Sadly.

  15. In a previous life time, I worked on a Navy training contract (NPTU in Idaho Falls). If your name wasn’t inscribe on the s**t house walls, you weren’t doing your job!

    Congratulations on the affirmation of your effectiveness!

    Steamboat Jack

  16. Anthony,
    I protest againgst depicting the Goths, Vandals and Huns as barbarians, wo brought civilization a.k.a. Roman empire to its knees. When you read Gibbon carefully, he provides an alternative reason, as proposed first by Voltaire, who blamed Christianity for the fall of the Roman empire. The functional elite of the empire was educated scientifcally, under the influence of neo-platonic philosophy, and was very sceptical to the upcoming new religion (imperial religion since 391). Beginning in the second half of fourth century, this elite was moved out of office, but could not be replaced with christian personnel of the same quality. Typical was the fate of Hypathia, a professor of mathematics and philosophy at the University of Alexandria, who was lapidated for being a heathen witch.

  17. DOS attack is a new term to me. I had to look that one up. Basically its the work of a hacker who tries to gum up a website so that its service is slowed or stopped. That sounds exactly like the type of criminal activity an AGW believer would engage in. In my opinion hackers of all types should be severely punished if they are convicted of internet crime. Whether they are pranksters or serious criminals they can cause a great deal of financial damage. And they force all of us to use internet security systems to fend off their malicious software. Those systems are costly and slow down our PCs.

    Anyway if they catch him, I’m for hanging him. At the very least a long prison sentence should be imposed.

  18. ….some months ago about the differences in global temperature anomalies tending to be offset different. It turned out that GISS was much higher than UAS, RSS, or HadCRUT due to GISS choice of contuniung to use an outdated baseline period instead of a more current one like the other metrics.

    I guess one the privileges of a blogger is the ability to rewrite history. The story was a comparison of the different data series in which you embarrassingly failed to account for the different offsets, revealing that you had not done even the basic homework before posting. Where is the piece now by the way?

    Oh, and speaking of schoolboy errors, your headline on the Christy and Douglass paper is factually wrong. The paper does not claim CO2 forcing peaked in 1998,

    A plot of ln (CO2) is found to be nearly linear in time over the interval 1979-2004.

    And in a comment reply you confuse Delta-T with Delta-F. Seems anyone coming here for reliable coverage of this issue is making a category error …

  19. I was tracking the stats on this and the really sad part is that the amount of traffic the perps threw at Anthony would hardly be a blip on the total traffic on WordPress’ servers. All the traffic is load-balanced between a cloud of web servers accessing the common database containing all the posts and comments.

    If this is the best the AGWer’s can do for computer experts, no wonder the GCMs aren’t accurate.

  20. Re Werner Weber’s coments:

    Uh, yeah, Goths, Vandals and Huns were not vicious, effective, armed warriors who invaded, defeated, burned, pillaged, and raped the landscape and everything on it to feed themselves. (Granted, some subsequently stayed in place and melded with the what was left of the people they defeated.)

    It was ineffective Christian bureaucrats who brought about a culture of invasion, robbery, and slaughter upon themselves.

    Frankly, I do not believe that Gibbon or Voltaire were such fools as to believe such a simplistic and silly scenario.

  21. I had no idea what I was reading about today, I too had to look it up…

    It makes me feel old.

    Werner weber,

    Surely the longevity of the Eastern Roman/Bysantine Empire disproves your case against Christianty per se being the cause of the fall of Rome?

  22. To David Walton:
    I am quoting Gibbon. Incidentally, French revolution turned rather openly anti-christian, under the influence of intellectuals such as Voltaire.
    To Simon:
    There was a difference between eastern and western part of the empire. The western part abandoned Greek as official language, and no book in greek language has survived in Western Europe during middle ages. At Constantinople, the university was kept in operation.
    However, the eastern empire barely survived the first islamic wave, where they lost what is now Syria, Palestine, Egypt, Tunisia.

  23. Pingback: Tiresome Little Punks : Pursuing Holiness

  24. Final episode of THE CLIMATE WARS. Dr Iain Stewart investigates climate models but there’s a problem, the models show changes are slow and steady but historical data indicates sudden changes taking place over a few years.

    In episode two Dr Stewart ‘proves’ the Medieval Warm period (800 – 1300AD according to wikipedia) did not exist, hockey stick says no. In episode three he demonstrates how sudden climate change can destroy a civilisation.

    The ANASAZI tribe of North America disappeared around 1300AD. He then goes on and tells us that this was due to sudden climate change which made the water supply dry up.

    So the Anasazi civilization disappears in 1300AD the time that the medieval warm period gave way to the little ice age. This guys got a PHD but apparently can’t see the connection. All the gear no idea.

    All three episodes should be available on the BBC website soon

    http://www.bbc.co.uk/programmes/b00djvq9

    Also, when the Goths went into Rome they considered themselves to be Roman citizens and were christians. They were looking for a home within the Roman Empire, eventually crossing the straights of Gibralter and settling in North Africa.

  25. Is the attack originating from one URL or several? You may have trouble stopping it if the person knows what they are doing and has a small to medium sized Botnet available. If someone is really serious they’ll use a Botnet and rotate the attacking bots so it is really hard to stop.

  26. M White,

    “when the Goths went into Rome they considered themselves to be Roman citizens’

    That would be the reason they slaughtered a Roman army and killed the Roman Emperor Valens in 378 AD (Alaric the Gothic King took Rome from the Romans in 410AD, subsequently the Roman capital was moved to Ravenna and this was sacked in 476AD, ending the Western Roman Empire)? I’d say that the Goths did NOT consider themselves roman citizens since they swore fealty to Alaric, not Piscus Attalus, the puppet Roman Emperor Alaric appointed as ‘Emperor’. True, Alaric was the ‘master of Soldiers’ in Rome, but he was not a Roman Citizen, his frustration with Rome’s lack of accommodation , finally sacked the city in 410AD. After that I suppose the Visigoths were ‘Roman’. :)

  27. OT

    Coldest September minimum EVER recorded here in Perth Western Australia this morning. People reporting scrapping ice of car windows. The weather is suppossed to be warming this time of year not cooling. I blame Golbal Warming myself.

  28. Your website has offered a lot of unteresting insights. And has been so very helpful during the past hurricanes to ease the worry with these storms.

    I guess someone is jealious of your good quality.

    People that hurt other people by trying to destroy the good in others, are very troubled people.

    Your website draws a lot of good people.

    Everyone who is good who reads your website should take a minute of silence and offer a prayer for the repair of our world.

    Don’t let the dark snuff out the light.

    Stay in the boat.

  29. Re: To David Walton:
    I am quoting Gibbon. Incidentally, French revolution turned rather openly anti-christian, under the influence of intellectuals such as Voltaire… etc.

    So? What does that have to do with you original statement, “I protest againgst depicting the Goths, Vandals and Huns as barbarians” etcetera, etcetera?

    This is the defense of your original complaint? Sorry, but your notion that dysfunctional Christians are responsible for the invading hordes of vandals or even Islamics is silly. Gibbon make no such claim that I know of. They may have failed at a defense, or at rallying support in a tumultuous and wicked age but to suggest they were responsible for the invaders is simply ridiculous.

    Gibbon at most lays responsibility for an ineffective response to invaders and a collapse from corruption within. Where does he indicate corrupt and inept Christian rulers aided and invited destruction and havoc from independent invaders with their own agendas?

    The great intellectual Voltaire also said “Within 100 years of my death, Christianity will be swept from existence and will have passed into history.”

    Yeah, like that happened.

    Now, I am no Christian, nor do I wish to defend a bloody history done in the name of that religion. But you sir, protest at calling a Goths, Vandals and Huns barbarians? Oh, come now.

  30. If Greenpeace can climb a smokestack to paint insulting graffiti on it, then surely someone can run a botnet to attack a blog that has criticized Dr. Hansen. Computers
    were so much more fun back when “hacker” was a badge of honor.

    Not much point in speculating about the source, so I won’t.

    How about putting out a press release “Popular Skeptic Climate Change Website under Attack” “Persons unknown have started a Denial of Service (DoS) attack aimed at a particular critical of inconsistencies in Climate data maintained by Dr James Hansen of NASA’s Goddard Research Center.”

    Instead of shutting you down, use them to increase readership.

  31. I believe James Hansen has a reliable algorithm to correct your traffic for the UHI (Unwanted Hacker Intrusion) effect, which has the advantage that the adjustment can send your figures even higher.

  32. John Phillips (13:29:32) : Oh, and speaking of schoolboy errors, your headline on the Christy and Douglass paper is factually wrong. The paper does not claim CO2 forcing peaked in 1998,

    Sorry, Anthony, but I have to agree with John’s point. The Douglass and Christy paper says that the temperature anomalies reached a peak in 1998, not the CO2 forcing. In fact, the CO2 forcing was specifically modeled as the linear term of the regression after accounting for both the ENSO and aerosol effects. A linear term obviously does not reach a maximum.

  33. With all due respect, Anthony, I don’t think you’re truly “qualified” to “adjust” your blog’s data.

    Why don’t you send it to the real pros of data adjustment, Mr. Hansen and Mann et al. They can’t but do a first class job on it, can’t they? :-D

  34. Just a quick note to reassure readers: there’s no chance this blog will be shut down either due to a DoS attack or “traffic stuffing”. We’re not even sure that there’s anything mischievous happening, but we’ll look into it.

    – Alex, WordPress.com staff.

  35. “That specific post about the way the four global temperature anomaly metrics are presented differently created some angry rhetoric with some other bloggers. . .”

    The truth hurts and even angers. Too bad they can’t handle it like adults.

  36. Mark Nodine (17:41:28) :

    “John Phillips (13:29:32) : Oh, and speaking of schoolboy errors, your headline on the Christy and Douglass paper is factually wrong. The paper does not claim CO2 forcing peaked in 1998,”

    “Sorry, Anthony, but I have to agree with John’s point. The Douglass and Christy paper says that the temperature anomalies reached a peak in 1998, not the CO2 forcing. In fact, the CO2 forcing was specifically modeled as the linear term of the regression after accounting for both the ENSO and aerosol effects. A linear term obviously does not reach a maximum.”

    What Anthony actually said was “In it, a bold claim is made about the likelihood that the atmosphere no longer shows the characteristic of CO2 radiative forcing, and that the effect apparently peaked around 1998.”

    The characteristic of CO2 forcing is positive feedback. With no feedback, we get little if any temp increase. From the abstract,

    “These effects do not have the signature associated with CO2 climate forcing. However, the data show a small underlying positive trend that is consistent with CO2 climate forcing with no-feedback.”

    This of course in reference to the subsequent 10 years after 1998 when temps have not increased.

    Anthony didn’t make a “schoolboy” error.

  37. The “four global temperature anomaly metrics” [plus the Argos deep sea buoys]. I never get tired of looking at this chart: click

    I’m a big believer in visual aids. They put everything in perspective.

  38. The European Union fight against global warming could become watered down due to the economic crisis.

    Although the European Commission has said it wants to cut greenhouse gases by 20 percent by 2020, business leaders have criticized levies, or fines, as being too oppressive in the current economic climate.

    Business leaders have denounced the policy and have begun threatening to take their investments to other countries which don’t have punitive measures.

    With the prospect of further job losses, a number of European politicians are speaking about diluting the emission laws.

    The EU’s Environment Commissioner Stavros Dimas has nevertheless publicly called on politicians and businesses not to oppose the climate change measures.

    http://www.barcelonanews.net/story/409352

  39. Fascinating this is the first attack. Given your readers and commenters reputations for debunking the [snip] one would think it would have occurred long ago.

    CimateClinic.com was hacked a couple of months ago, but the server hosting my reseller account (which hosts “The Mysterious Climate Project”) put in heavier security and I haven’t been bothered since.

    Wear the badge proudly, it shows the [snip] are getting desperate!

    Jack Koenig, Editor
    The Mysterious Climate Project
    http://www.climateclinic.com

    Reply: In trying to keep discussion open and simple, we try and avoid such pejorative terms ~ charles the moderator

  40. Re Mike D: “Lapidated!”

    Personally, I prefer lapidary to lapidation. (And no, Anthony, I won’t make any more comments about who may or may not be getting stoned.)

  41. Congratulations!? :)

    I spent the weekend trying to get someone to leak the location of the next Greenpeace Activist Training Camp, there was one in Alberta recently.

    I wonder if they covered DOS attacks on top of such great courses as…

    Banner Unfurling
    Smokestack Climbing
    Making Big Letters on the Ground
    Best Paint for Concrete
    Shouting and Going Stiff while being Arrested
    Claiming Innocence due to Climate Change
    Selecting appropriate Venues for Civil Disobedience
    Hemp, it is not just for shirts
    Save a whale, Eat an Inuit :)
    Repeat constantly “I am not a wingnut”

    Ok the last one I made up… you got me.

  42. I wonder if they covered DOS attacks on top of such great courses as…

    Banner Unfurling
    Smokestack Climbing
    Making Big Letters on the Ground
    Best Paint for Concrete
    Shouting and Going Stiff while being Arrested
    Claiming Innocence due to Climate Change
    Selecting appropriate Venues for Civil Disobedience
    Hemp, it is not just for shirts
    Save a whale, Eat an Inuit :)
    Repeat constantly “I am not a wingnut”

    Ok the last one I made up… you got me.

    Lol, you forgot

    We Don’t Need No Steenkeen’ Evidence

  43. Dee Norris:

    The International Journal of Inactivism seems to be confusing me with Anthony over my I Am A Skeptic post.

    No, I was confusing you with Chuck Norris. Please get your facts straight.

    — bi, International Journal of Inactivism

    Reply – Hard to tell what you were confusing from the quality of the prose, IMHO, but what do I know, being just a foolish skeptic. Regardless, can you at least provide a trackback or something in the future so I can take a look at your musings? The entertainment value is the best part of the blogosphere! – Dee Norris

  44. They don’t want to be up front with you–they have outsourced the stats thing to Mann.

    (OT: Look for mail from me.)

  45. Re: Odd, very odd.

    Maybe it is the 800 or so RSS feed links I passed out last week or installed on new computers.

    Oh, just kidding, I did no such thing. But I do regularly hand out links to Watt’s web pages. If this was a real DOS attack maybe it was a just test run.

    I Googled — Sounds familiar: “A friend of mine found one station where the temperature gauge was just outside the air conditioner…”

    and the only weird thing I found was the 4,156 blog reactions reported on —

    http://technorati.com/blogs/wattsupwiththat.wordpress.com?reactions&page=2

    with hits on that page and others. Maybe your fame is getting ahead of you. Let me know if you decide to go public and sell stock.

  46. I just deleted a number of pieces of rancid spam, which, to put it mildly, had nothing to do with the subject at hand.

    So to speak.

    Reply: Please let that spam sit in the spam bucket for a while. I am trying to see if the source is all the same/related IP address or not. Thanks. – Dee Norris

    [REPLY – Will do. (There’s more there right now. Rather awful stuff.) – Evan]

  47. Spam continues to pile up. I am also getting a lot of Invalid Key errors when I try to log on or access comments.

  48. Hmmm… Your hit rate was a relatively flat curve with a slight upwards trend and then at the end it starts to go up rapidly. Now you’re adjusting the numbers to make them “right”. Why does this all sound strangely familiar?

  49. Pingback: Attacks using technology; political and otherwise : Pursuing Holiness

  50. WUWT continued to suffer an inflow of massive amounts of Russian porn spam targeted at that single post through out the night. The most offensive spam was the offer of videos of naked climatologists and something about raw weather! ;-)

    Anthony has now taken steps to prevent the clogging of the WUWT spam bucket with this junk but undoubtedly the spam servers are continuing attempt to post their messages to that one post.

  51. From Mr Watts’ article:
    “Maybe I’m just being pigheadedly cautious”

    Someone engaged in the AGW being pigheaded? This is the first time I’ve heard that suggestion.

    If you would prefer me not to link from my network of Russian porn sites please let me know, I was only trying to be helpful.

  52. Pingback: What a difference a year makes: Another record month for WUWT « Watts Up With That?

Comments are closed.