Guest essay by Brandon Schollenberger
I’ve got mad haxor skillz. I’m a l33t hacker paid by evil organizations and shadowy conglomerates. That’s how I found Skeptical Science’s secret stash of Nazi fantasies. Or so some would have you believe. One commenter at Judith Curry’s blog said:
It may be that Anthony/WUWT did not know that WUWT’s “anonymous” contributor was probing the SkS website for vulnerabilities using professional-grade hacking techniques and/or software tools.
Given the shocking nature of my discovery, I figure people might be curious how I came about it. Was it via some l33t haxor skillz? Was it because of some professional grade hacking? Was I perhaps paid by someone to break into a secure site and extract incriminating photos?
No. It was much simpler than that.
It all began when I read a post on Skeptical Science’s website. I read the post, and I was curious. Naturally, I decided to click on a few links. That’s when I came across this link:
http://www.sksforum.org/redirect.php?t=11065&u=http%3A%2F%2Fwww.ncdc.noaa.gov%2Fcag%2F
As you can guess by the word “redirect,” the link went to the NCDC website. It just went there via www.sksforum.org. That’s when I first learned of www.sksforum.org. I didn’t expect anything from the site, but I decided to visit it anyway. When I did I did, I saw a banner at the top that was obvious an image file. I checked the URL for the image, finding it was hosted in the directory: http://www.sksforum.org/images/. I found the Nazi imagery when I went to that URL and clicked on a subdirectory (user_uploaded).
That’s it. I got intrigued by a link I saw on an SkS post, and I followed a couple links I found from it. My l33t haxor skillz amounted to nothing more than being able to follow a few links. But that’s not where the story ends. When I went to write about how I came across the Nazi roleplaying, I found I couldn’t find the links I had originally used. Why is that? Skeptical Science deleted the post.
That’s right. SkS deleted a post they had written simply because it inadvertently included links that exposed their private forum’s location. Google has a cached verison of the post, but without that, there’d be no record of its existence. Rather than just fix the links for the post, SkS deleted it in its entirely to cover up the existence of their forum. That’s how desperate they are when it comes to PR – They’d rather delete an entire post than address a minor mistake.
Author’s Note: To be clear, I was not an “anonymous” contributor. I made no attempt to hide my identity. Anthony Watts decided not to post my name simply because, at the time, I had not told him I was okay with being identified. It was simply a courtesy.
Moreover, I am trained in network security. I know a fair amount about hacking. I don’t believe in engaging in it, and I would happily help any blogger with security issues. Upon first discovering this directory, I intended to contact John Cook to inform him of the problem.
I only “went public” with my discovery after seeing SkS’s Photoshopped images of their critics. I appreciate privacy, but I feel no obligation to hide my knowledge of inappropriate behavior
That said, if you feel I’ve engaged in professional-grade hacking, feel free to contact me about potential jobs. I’d happily take your money to browse some URLs.
=============================================================
Yes, Brandon’s description is true, it was all out in the open as I’m sure many WUWT readers also discovered. I simply didn’t use his name in the original essay because he hadn’t used the typical “submit story” route for WUWT, which automatically applies permission to include your name as part of the publication agreement, and given the lunacy over there at SkS, I didn’t know if he was concerned about retaliation. He brought the issue to my attention later in the day, and I amended the post to include his name.
And, in case you have not seen it, this is worth a look – Anthony
Brandon, what do I do for a living and how long have I been doing it? What University did I attend? You can’t answer any of these questions because you don’t know.
To show how much of a fraud you are, please quote the alleged “misleading and false information” I have given people about network security. When you fail to do this, your dishonest behavior will be exposed for the world to see.
Lucia believes comment spammer bots are “hackers” and apparently her regular commentators,
http://rankexploits.com/musings/2012/how-constant-are-hacking-attempts/
“Anyway, over the past two weeks three or so people wrote to tell me they got banned.”
That is all I need to show that she does not know what she is doing let alone anything relevant to network security. No actual REAL hackers care about her site and why would they? Seriously.
Poptech–
Your reading comprehension skills appear to be subpar today. Not only d0es that post not say spammer bots are “hackers”, it specifically distinguishes between hacking and spamming.
So: I ban things for hacking. I also ban for things that are not hacking. These other things include scraping, snooping and spamming. See?
As for your claim that there are no real hack attempts at my site: The list in that post includes
“95.141.35.196 (1 times) server1.touchweb.it ” which attempted to access a known vulnerable plugin “timthumb) The curious can read about timthumb here. Most people consider attempts to upload scripts that permit an unauthorized user to take over control of a server to be hacking.
93.91.49.18 (1 times) snat18cb.inet4.cz attempted a url injection attack and anchor hack. A url injection is an attempt to manipulate my database. See What is Url Injections?
While it’s possible the bans were mis-diagnosed, none of these have anything to do with spamming. And, as I noted: The post specifically distinguishes hacking from spamming. The former is things like trying to take over my database, trying to take over my server, trying to break into the admin side of wordpress and so on.
Why? Most hacking is ultimately about money. They want to inject links to gain SEO (so they can outsell their competiros), or get into the data bases to steal emails which they sell, or insert scripts that let them steal information from my site visitors and so on. Or they want to take over the server so they can use it to spam– which they hope will gain them money. It’s usually not personal.
Anyway, Real Climate, Collideascape, Jo Nova got hacked. Heck, my knitting blog got hacked way back in something like 2008. My server logs show URL injections, anchor hacks, vulnerability scans, XSS attempts and so on. Chances are hackers try to break into WUWT too– but Anthony isn’t going to see these because he doesn’t run his own server.
This has nothing to do with spam and as far as I am aware I have never suggested that spamming is hacking. Certainly, in that post I specifically say spamming is not hacking.
Interesting discussion.
I fear that Poptech has said intemperate things and needs to back down. But that does not mean he is clueless with respect to internet security. There may well be unfortunate things said that amount to folly but a folly does not mean that the sayer is always a fool.
We all write things we regret on the internet sometimes.
Perhaps everyone needs to calm themselves and step back a bit.
And we should note the important news in this discussion.
Lucia has a knitting blog?
M Courtney says:
August 10, 2013 at 1:38 pm
> Lucia has a knitting blog?
Given the interdiscipline nature of climate science I would have expected her to have a quilting blog.
Baidu certainly seems to be a pest in the realm of web spiders. They seem to scan my site every day or so.
Poptech says:
August 10, 2013 at 12:29 pm
“That is all I need to show that she does not know what she is doing let alone anything relevant to network security. No actual REAL hackers care about her site and why would they? Seriously.”
Hacking is a highly serialized automated process.
Those all say “suspect” for a reason because the software you are using does not really know. The fact that you think you can blacklist (ban) your way to network security shows how naive you really are. It is absolutely impossible to do this.
Jo Nova got legitimately hacked because she has the most popular skeptic website in Australia, you don’t. All of the legitimate instances are likely comment spam bots trying to post links, a bulk is likely false positives. You are just not that important.
Poptech:
“Popularity” is not needed for hacker attacks to occur to AGW sceptics.
I don’t have a blog and never have had one so – in this context – my “popularity” is zero.
But I have suffered two very damaging hack attacks.
Richard
M Courtney
It’s is very neglected.
As for Poptech, I haven’t made any comments on his level of knowledge about security. I have no idea what he knows about it. I’m only responding to what he claims I’ve said. Specifically:
1) He said I think the baidu spider and similar things are hackers. He also criticized Brandon for not teaching me that I am wrong is said belief. I do not think any such thing about baidu, have never thought so and have never said so. I knew baidu was a scraper before I even began blogging about climate.
2) He said I claimed spambots are hackers. To support his claim he linked a blog post where I specifically distinguish between hacker and other things that are not hackers. These spammers was one of the items in the list of “things that are not hackers”.
Since I am not a security expert, I am sure that I will have at some point said something incorrect about security. Certainly, some of my site visitors helped me find tools that improved my site security (like ZBBlock and Cloudflare). They have also helped me reduce the server load from scraping. I know for a fact that Brandon has corrected some of my mis-statements or just muddled statements about how certain things work on the intertubes. But Poptech’s crtiticism seem to be based on entirely fictional shortcomings.
richardscourtney is not an IT expert. Nor am I.
But, as his son, I can confirm that the attacks on his PC/Laptop.. internet, whatever, have been targeted; he is not just a target of random attacks like the rest of us.
His internet provider put him up to special support levels for a while as they saw something weird too.
Very rarely do I echo, or even entirely agree, with my father but this time I will.
“Popularity” is not needed for hacker attacks to occur to AGW sceptics.
PopTech
I do not think I can ban my way to network security. I do however prefer to ban connections with obvious hack signatures because I notice they tend to continue to connect over and over for hours at a time. This sucks resources to the extent that they crash my blog. So: I ban to reduce the level of resources used by bots, some of which happen to attempt hacks.
Real question: Why do you think that I think I can blacklist my way to network security? Possibly you think this for the same reason you thought I think Baidu ‘hacks’ or spammers are hackbots? If you tell us, we’ll all know why you think what you claim.
M Courtney says:
I emailed some of Keith Kloors web helpers after he got hacked and before he moved to new digs. They said they were amazed at the level of hack attempts at Collide-a-scape. I suspect climate blogs in general may be subject to a more than normal level of bots, hackers, script kiddies. Some of it might be politically motivated. However, I don’t really know.
Poptech
You don’t know what you are talking about. The timthumb attempts, the uploadify attempts and many of these attempts are definitely not comment spam bots. Neither are XSS attempts or all sorts of other things. If you think they are, you are simply mis-informed. (And yes I can say this without knowing what degree in CS you earned nor where you earned it.)
If you think only popular web sites get hacked, you are very, very naive. If you think only Australian blogs get hacked, you are even more naive. If you think only skeptic sites get hacked, you are My knitting blog was hacked way back when. It was not Australian, not that popular and not a skeptic climate blog. It was done by script kiddies playing around.
As for “legitimately hacked”: I don’t have any idea how you distinguish between “legitimate” or “illegitimate”. I would consider someone injecting stuff into my database, breaking into the admin area or uploading files that take over my site “hacked”. If you were to decree those “not legitimate”, I would suggest that a hack is a hack.
Poptech says:
August 10, 2013 at 2:06 pm
“Jo Nova got legitimately hacked because she has the most popular skeptic website in Australia, you don’t. All of the legitimate instances are likely comment spam bots trying to post links, a bulk is likely false positives. You are just not that important.”
Scripts iterate over blocks of IP addresses looking for a list of vulnerabilities, they trawl for victims. They don’t care what server they hijack, they take what they can.
Right, I think only Australian blogs get hacked.
Do you use the timthumb extension?
It is always good to use products (CloudFlare) that got hacked to prevent hacking,
http://www2.macleans.ca/2012/06/14/the-4chan-breach-how-hackers-got-a-password-through-voicemail/
Lucia banned one of my IP addresses which isn’t mine <— Hilarious. You cannot stop me from posting at your site, I can post under any name at will. Now you pissed me off.
Just ran a check, I can still access your site from over 1000 IPs.
Lucia, why did you try to ban an IP address that was not even mine?
Poptech:
Please explain why you are hijacking this thread by harassing Lucia.
Is it that you don’t want discussion of the thread’s subject or do you have some kind of ‘thing’ for her so you are trying to get her to notice you?
Richard
Richard, please explain why you are posting nonsense.
OK Poptech and Richard, cease please. Take it off thread.
@ur momisugly Brandon Schollenberger (at 12:59AM and 1:03AM)
You can say that again!
PopTech
Anthony has requested we stop this discussion. He didn’t specifically ask me to stop but I assume he’d prefer this bickering end. But I suggest that if you want to answer to your questions (which I find odd btw), you post at blog. I have never banned you and have made no attempt to ban you. So, you should have no trouble posting at my site.
Yep, one of my IPs is still banned. No need to discuss anything further, that speaks for itself.
Poptech, please take it offline.
http://wattsupwiththat.com/2013/08/08/mad-haxor-skillz-godwinize-skeptical-science/#comment-1386621
Nice One, I don’t answer to you here so please don’t ever tell me to do anything again, thanks.