NOTE: The first title to this post was “my first DOS attack” which is what it appeared to be to me…now WordPress support has weighed in, so we don’t know exactly what it is….see follow up below.
UPDATE3: Looks like it is over, whatever it was. It fell off the radar yesterday 09/22 and has not returned.
Some readers may have noticed that my hit counter has been flying lately. Shortly after posting the 4th million real traffic count, it took off like a rocket. Initially I had attributed the increase to having the NASA “press conference on the state of the sun” story posted on Glenn Reynolds “Instapundit” which is known to make huge traffic increases.
But something odd happened, the post that was getting all the traffic had nothing to do with that story. Also, there was no trackback URL that indicated that the post getting all the attention was linked or referenced at some high traffic site like CNN or Drudge. The post that was getting all the traffic was a story and analysis I did some months ago about the differences in global temperature anomalies tending to be offset different. It turned out that GISS was much higher than UAS, RSS, or HadCRUT due to GISS choice of continuing to use an outdated baseline period instead of a more current one like the other metrics.
Here is the traffic report:
Blog Stats Increase due to DOS “something”
Saturday 09/20 23,486
Sunday 09/21 20,802 25,319
Monday 09/22 1,006
That specific post about the way the four global temperature anomaly metrics are presented differently created some angry rhetoric with some other bloggers, and there was also some bad behaviour from a specific commenter that I won’t go into except to say that person is no longer welcome here.
Since most DOS attacks tend to focus on the main URL, and since this DOS attack focused on the one specific story URL that made a few folks very angry, I’ll have to conclude that there is a connection. This DOS attack may have been aimed at creating a violation of the Terms of Service, so that WP would shut me down for “stuffing my own traffic”. Fortunately that’s been recognized for what it is and won’t happen now.
You know you’ve really “arrived” when you start getting DOS attacks that are content specific, I’ll wear it as a badge of honor, much like when newspaper and TV journalists get their first death threat for doing a story somebody doesn’t like. Some newsrooms order a cake with black frosting and skull and crossbones to celebrate. As a TV meteorologist, I never had a death threat over the weather, but I’ve been present to two in newsrooms that I recall.
For now, I’ve moved the post elsewhere to a new URL, and the attack has stopped. WordPress support is tracking back through cyberspace to nab the culprit. I don’t much care for these juvenile shenanigans, but it’s just a minor annoyance at this point. It’s more amusing than damaging.
But I thought I should let everyone know why I have had the sudden jump in “popularity”. When I do my end of month report, I’ll adjust the numbers accordingly to get an accurate count. It is funny how this worked out, a story showing the biggest baseline different at GISS compared to other metrics has caused me to question and possibly adjust my own numbers.
UPDATE: My first change only briefly stopped the attack, so we’ve gone to “plan b” Sunday numbers have been added to to reflect the moment, up from 18k earlier. Also note that in a large scale DOS attack, the numbers would be much higher. The numbers you see are only what gets through wordpress security to post spam comments and attempts at spam posts.
FOLLOW UP: I got the word from WordPress support on this:
Hi,
Our stats expert has had a look and found no evidence of a DoS or anything untoward. He says “the most plausible reason is an email newsletter featuring the URL, or else some other non-browser app loading the URL such as a feed reader. I have not been able to find any evidence of of a DDOS attempt or other “foul play.”
Separately, I’ve checked our security logs and see no other signs of activity that would normally indicate a blog under attack.
In short: we’re quite sure the traffic is genuine and doesn’t correspond with an attack of any kind.
Kind regards,
Alex
WordPress Support
And also this:
What we are sure of is that there’s no danger to your blog or WordPress.com. It’s not at all unusual for popular blogs to get a sudden surge in traffic for no obvious reason (and from no single identifiable source).
I don’t think there’s anything to fix or worry about: one of your posts is getting a lot of traffic for indeterminate reasons, and your stats accurately reflect that.
Kind regards,
Alex
WordPress Support
Odd, very odd. Maybe I’m just being pigheadedly cautious, but you’d think somebody would let me know where this traffic is coming from if it was in a newsletter or feed reader as they suggest. With nearly 50,000 new hits on a specific post, I have not picked up a corresponding amount of comments, which makes me “skeptical” about this traffic being real. Or, perhaps it really is from Instapundit as I thought originally, but its from some un-trackable web mechanism. The traffic continues even as I write this follow up. But we are seeing a drop now. – Anthony
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
The European Union fight against global warming could become watered down due to the economic crisis.
Although the European Commission has said it wants to cut greenhouse gases by 20 percent by 2020, business leaders have criticized levies, or fines, as being too oppressive in the current economic climate.
Business leaders have denounced the policy and have begun threatening to take their investments to other countries which don’t have punitive measures.
With the prospect of further job losses, a number of European politicians are speaking about diluting the emission laws.
The EU’s Environment Commissioner Stavros Dimas has nevertheless publicly called on politicians and businesses not to oppose the climate change measures.
http://www.barcelonanews.net/story/409352
Mike D:
“Lapidated!” LOL. My new word for the day! [H/T to Werner Weber]
Fascinating this is the first attack. Given your readers and commenters reputations for debunking the [snip] one would think it would have occurred long ago.
CimateClinic.com was hacked a couple of months ago, but the server hosting my reseller account (which hosts “The Mysterious Climate Project”) put in heavier security and I haven’t been bothered since.
Wear the badge proudly, it shows the [snip] are getting desperate!
Jack Koenig, Editor
The Mysterious Climate Project
http://www.climateclinic.com
Reply: In trying to keep discussion open and simple, we try and avoid such pejorative terms ~ charles the moderator
Re Mike D: “Lapidated!”
Personally, I prefer lapidary to lapidation. (And no, Anthony, I won’t make any more comments about who may or may not be getting stoned.)
Congratulations!? 🙂
I spent the weekend trying to get someone to leak the location of the next Greenpeace Activist Training Camp, there was one in Alberta recently.
I wonder if they covered DOS attacks on top of such great courses as…
Banner Unfurling
Smokestack Climbing
Making Big Letters on the Ground
Best Paint for Concrete
Shouting and Going Stiff while being Arrested
Claiming Innocence due to Climate Change
Selecting appropriate Venues for Civil Disobedience
Hemp, it is not just for shirts
Save a whale, Eat an Inuit 🙂
Repeat constantly “I am not a wingnut”
Ok the last one I made up… you got me.
OK, I give, what is the best paint for concrete?
Lol, you forgot
We Don’t Need No Steenkeen’ Evidence
What is odd is that there were 50,000 page hits to that specific post and not ONE comment.
Dee Norris:
No, I was confusing you with Chuck Norris. Please get your facts straight.
— bi, International Journal of Inactivism
Reply – Hard to tell what you were confusing from the quality of the prose, IMHO, but what do I know, being just a foolish skeptic. Regardless, can you at least provide a trackback or something in the future so I can take a look at your musings? The entertainment value is the best part of the blogosphere! – Dee Norris
They don’t want to be up front with you–they have outsourced the stats thing to Mann.
(OT: Look for mail from me.)
Re: Odd, very odd.
Maybe it is the 800 or so RSS feed links I passed out last week or installed on new computers.
Oh, just kidding, I did no such thing. But I do regularly hand out links to Watt’s web pages. If this was a real DOS attack maybe it was a just test run.
I Googled — Sounds familiar: “A friend of mine found one station where the temperature gauge was just outside the air conditioner…”
and the only weird thing I found was the 4,156 blog reactions reported on —
http://technorati.com/blogs/wattsupwiththat.wordpress.com?reactions&page=2
with hits on that page and others. Maybe your fame is getting ahead of you. Let me know if you decide to go public and sell stock.
I just deleted a number of pieces of rancid spam, which, to put it mildly, had nothing to do with the subject at hand.
So to speak.
Reply: Please let that spam sit in the spam bucket for a while. I am trying to see if the source is all the same/related IP address or not. Thanks. – Dee Norris
[REPLY – Will do. (There’s more there right now. Rather awful stuff.) – Evan]
Point of reference: In my (insignificant) thread on the USAFF “Stay warm, World…” the number of “views” jumped dramatically (relatively) when I wrote of the NASA press conference; and linked to you.
http://www.usafreedomforum.com/forum_posts.asp?TID=308&PN=40
Why, that would be “BPC”. Glad to help.
Spam continues to pile up. I am also getting a lot of Invalid Key errors when I try to log on or access comments.
Ah well then Anthony…. Just enjoy th’ popularity. Bask in th’ sunshine of our kind regard. 🙂
I didn’t do it.
jeez (00:27:46) “I didn’t do it.”
But did you try? That is the question…
M. White: “Hockey stick say no”
LOL
Just in case you colonials can’t receive the BBC’s “Little Britain”:
http://uk.youtube.com/watch?v=yBAibOQchD0
Doesn’t NASA have an algorithm to massage the data and explain this away?
Hmmm… Your hit rate was a relatively flat curve with a slight upwards trend and then at the end it starts to go up rapidly. Now you’re adjusting the numbers to make them “right”. Why does this all sound strangely familiar?
Quickly! Install a CPM banner! 🙂
[…] news on one front – Watt’s Up With That has apparently not suffered a denial of service attack; it was legitimate (and well deserved!) traffic. I shamelessly lifted the cartoon from his post […]
WUWT continued to suffer an inflow of massive amounts of Russian porn spam targeted at that single post through out the night. The most offensive spam was the offer of videos of naked climatologists and something about raw weather! 😉
Anthony has now taken steps to prevent the clogging of the WUWT spam bucket with this junk but undoubtedly the spam servers are continuing attempt to post their messages to that one post.
Anthony, if you haven’t already, you may consider upgrading WordPress:
http://blogs.zdnet.com/security/?p=1868
Recently a security patch was issued and fixed vulnerabilities were publicized. It isn’t obvious that this has anything to do with your problem, but then I’m not an expert. HTH