I have confirmed that www.drroyspencer.com has been hacked and rendered inoperable.
Dr. Spencer confirms this in an email exchange with me this AM and writes:
“Apparently some Indonesian female hacker.”
Whether this is a direct attack on his views about climate, an indirect attack via a hired gun, or just some kid looking to hold up a trophy for others to see is unclear at this point.
It does point to the risks though of running an independent server. My best advice to anyone in the climate issue is to run on wordpress.com rather than an independent server as they keep everything running smoothly and up to date against the latest security threats.
Looking at the page source, it would appear the Title metatag was hacked and loads a flash song from http://flash-mp3-player.net/. If he can still login to the backend and remove the title tag from the settings, he should be good to go. If they inserted the title tag into the WP template.php page, he may have bigger issues and need to FTP into his site to remove the tags. But based on viewing the page source, his info and database appear to be intact.
Must have shown up on someones radar.
“I think it was KISS!”
Skillet, “an American Christian rock band formed in Memphis, Tennessee in 1996”, according to wikipedia.
Stuck-Record says:
February 28, 2013 at 8:58 am
Can we have a 2-year long investigation by Norfolk police please?
———————————————————————————————–
Not forgetting assistance from the Anti-terrorist Branch, S-R 😉
Joking aside, I do believe there’s a valid argument for the police to take invasion of private space / servers more seriously than invasion of corporate ones (individuals have fewer resources to protect themselves so are more deserving of protection by Society) but I doubt it’s catch on!
Sigh….. If you are going to self host, you should *at least* use ZBblock out of the box. You don’t have to use all my extra signatures.
The rate of *attempted* hackage at any self hosted WP blog is enormous.
Looking at the page source, it seems that the WP installation must still be there because I can see the text of the page below some extra crap. Gabby just injected something that’s preventing it from displaying. Someone ought to be able to scan his files, database and so on and get it back up pretty quickly.
Stuck-Record says:
February 28, 2013 at 8:58 am
Can we have a 2-year long investigation by Norfolk police please?
They would love that, I hear the UK is thinking of making some gov people redundant, aka laid off. Trying to recall the Detective that called me over the climategate thing, Scott Baker? Seemed a nice chap, good luck Sir.
Probably because February’s 2013 anomaly is going to come in at about +0.25C down from 0.5C last month. They cannot stand the heat LOL. Im sure Dr Spencers site will be up and running soon.
Re: Max Hugoson @ur momisugly 8:49 — “Ah, Dr. Spencer will be the Modern C.S. Lewis as he writes the CRUTape Letters. ” Belly laugh of the day – a devilishly fine comment!
I noticed that it was hacked yesterday and this morning, but I just checked drroyspencer.com at 1:27 EST and it looks fine.
I noticed that the site was hacked yesterday and this morning, but I checked at 1:27 p.m. EST today and it looks like it’s already back!
Works ok for me, last posting 21st Feb.
Google’s Blogger has always served me extremely well for running blogs and websites, and Google knows a thing or two about hosting.
Seems to be OK now.
Scuzza Man (@ScuzzaMan) says: February 28, 2013 at 9:48 am “There’s no easy way to be a dissenter. “In the Empire of Lies, truth is treason” – and treason is a dangerous occupation.”
“You do not become a “dissident” just because you decide one day to take up this most unusual career. You are thrown into it by your personal sense of responsibility, combined with a complex set of external circumstances. You are cast out of the existing structures and placed in a position of conflict with them. It begins as an attempt to do your work well, and ends with being branded an enemy of society. (Vaclav Havel, The Power of the Powerless, Living in Truth,1986)”
Up for me now.
lucia liljegren (@lucialiljegren) says:
February 28, 2013 at 10:03 am
Gabby just injected something that’s preventing it from displaying.
Isn’t the bigger issue how she did that on Roy’s local server?
With all due respect Anthony, I completely disagree with you. I have been in this business (IT industry) for more than 25 years. In that time I have owned and operated hosting companies large and small. My forte’ is systems architecture and applications programming, from back-end to front-end, various scale applications from tiny to huge, on a variety of systems and environments that run the gamut. One thing I have learned in all of these years, running on widely popular application platforms (especially when open to public networks,ie: Internet) significantly increases the likelihood of an attack or exploit. One only needs to look at Microsoft’s virus history to see this clearly. There are many reasons why this is so, and I won’t get in to details as I have not the time to be giving a CompSci 101 lesson here. I can think of many applications much less vulnerable than WordPress.
From Roy’s website:
After my first experience getting hacked, I am back up. Thanks to my developer, Jamon at Clearsightstudio.com, who also installed a new security plugin. Shouldn’t happen again.
I hope Dr Spencer’s site is up and running okay now. Nice work by Thomas and others to so quickly spot ways around the problem – I wouldn’t know where to start.
BTW, Anthony, for my own blog, which is small and has nothing to do with climate politics (I’m a science fiction author), I chose WordPress.com precisely on your recommendation after Jo Nova’s site was repeatedly hacked. I’m sure others with more important sites have used that advice, too. Just wanted to say thanks.
As for any site that goes down, in my opinion if the person behind it is still up and running, then the site is still what it is and will build back to its former glory. If WUWT was wiped away, for instance, you are still Anthony Watts, you still do what you do, you still have all your contacts and your entire world-wide audience. If you opened from scratch, the site would still be WUWT with exactly the same style and nature, even if it was “thinner”. I know it wouldn’t happen like this because I’m fairly sure you back up your site and files regularly, but you see what I’m saying.
Such hackers – or those behind the hackers – are trying to crush the spirit of the person running the site. From what I’ve learned coming here and visiting like sites, you guys and gals are uncrushable. So the hackers are wasting their time, and anyone payiing for such a hit-job is wasting their money.
Keep up the good work – everyone – we are winning. 🙂
Your “local” server should have a back up for you to use to restore most if not all of your database.
It was possible to google for distinctive features of the replacement page and I have found that all kinds of pages were hacked the same way. So I don’t think it was some kind of anti-skeptic attack, it was much more likely completely random.
Agree with the comment on WordPress security and common platforms. Its literally a numbers game for the hackers, no point trying to hack 1 off sites when there are millions of WordPress sites to crawl through. If you run any sort of website you will be common with scripts that hit your site looking for ‘weaknesses’. Also a lot of the plug ins for WordPress are not written to the same high standard as the core code..
That said, if you know what you are doing, it is possible to set up Apache and the environment in general to better ‘defend’ against attack. There are quite a few Apache modules which will detect ‘bad’ requests and stop them dead before they get anywhere near the website code.
Scuzza Man (@ScuzzaMan) says:
February 28, 2013 at 9:48 am
“The problem with using the corporate “cloud” services – WordPress, Blogger, Amazon EC3, etc – is that they are highly susceptible to political pressure.”
All US American companies are subject to the Patriot act and must allow American services to access all their data. The company is prohibited from telling the customers that it happened.
So, as a European, I wouldn’t use an American hosting company. The Patriot Act affects even their data centres located outside the US.
At least officially, the EU doesn’t have an equivalent to the Patriot Act – for the time being. That doesn’t mean Eurocrats are nice people; maybe they’re just slow.
It is quite clear now that climate change leads to colder-warmer winters, wetter-drier winters, asteroids and website hackings caused by mental illness that stems from climate change.
I did mean to comment about this when it was mentioned in earlier comments.
First of all this is not a targeted attack. The script kiddy responsible won’t know the eminent Dr Spencer from the Eminen Dr Dre ( see what I did there? no, of course not, you are scientists )
This is part of an ongoing attack from a basic script in the wild. it comes from an Indonesian girl named gabby who sometimes identifies with a cause to do with the area but mainly it a ‘see what and who we can screw up ).
They look for a certain vulnerability in a blog / host and exploit it if they can. What agenda there may be is never pushed and you can rest assured that this has nothing to do with the site or the climate issue.
If you look at webstats for other similar sites currently running the same script you will see that there is absolutely nothing to tie them together other than they are on the internet and were vulnerable to a stock script that’s been in the wild for over 12 months.
It should be easily fixable with a backup and an addition of code to prevent further backdoor intrusion but Dr Spencer would have to take that up with the bedraggled IT types who no doubt periodically help him with this stuff ( that last part, a bit of poking fun. Forgive me I’m returning from a friend’s funeral )
All in all it’s a grave inconvenience but in the big scheme of things it’s nothing. It’s the web equivalent of having your house TP’d.