Written By:
Anthony R0bins - Date published:
4:46 pm, April 29th, 2015 - 110 comments
Categories: blogs -
Tags: The Daily Blog
Earlier today Martyn Bradbury reported that The Daily Blog was under attack:
Sorry – problem with the blog at the moment – we are under a sustained attack
— Martyn Bradbury (@CitizenBomber) April 29, 2015
The site has been up and down all afternoon.
If there is anything The Standard can do to help let us know.
Update:
The Daily Blog has been compromised and is currently under repair
— Martyn Bradbury (@CitizenBomber) April 29, 2015
Update: 2205
lprent; It looks like it is back up again. Good. I expect we will hear the reason shortly.
Nope – down again.. Looks like a late late night for someone. Godknows that I know what those are like. Good luck for an early complete.
The server will be getting hardware changes this evening starting at 10pm NZDT.
The site will be off line for some hours.
Just noticed that myself so came here to check out what is going on – hmmmmmmm
Good on The Standard for lending its support
+1 on support.
+1 support TDB. Bury the hatchet there are far bigger issues afoot in this country.
Great to see unity, heartening
I expect we’ll see the GCSB leaping into action any minute now. After all, isn’t part of their job to protect Kiwis from cyber attacks?
LOL.
In order to protect Kiwis effectively the GCSB no doubt have to undertake the odd offensive action, and who better to target if not someone who has embarrassed the Dear Leader…..
They had to destroy the blog in order to save it.
or save “us” from it, in the interests of Natzional security.
I thought it was very funny too, well done Murray.
LOL
+1
Bomber has his failings but sometimes he really rises to the occasion, and he certainly did so over the pony-tail case harassment case. Maybe Lynn could assist if he has the time? Good diplomacy maybe?
So typical of the National Party’s thugs eh.
I have been having a great deal of CPU running on TS over the past day or so along with the hundreds of attempted logins. It may not be anything suspiciously local. We seem to be having one of those nasty botnet periods at present.
But the usual defences weren’t getting challenged enough for me to look at. And the fan noise seemed to stop last night.
TDB: Let me know if you need a hand or some tips about what to put in place.
Well said, Lprent. Solidarity between progressive blogs would be an unbeatable force for good!
I’m not particularly into solidarity as I’m a person of extreme individuality. Just ask any author here past and present – I am sure that is the one thing they will agree on.
However I’m usually merely irritating (Lyn’s words) when I’m not having to defend things that I am responsible for.
Unless I decide that I want to change something (or write some code), in which case I tend towards the utterly implacable. Cameron Slater has an idea of what that is like.
Just a personal set of traits.
@Anne +1
Bomber’s in big trouble after International Ponygate. Will we see the Jackboots matching in and seizing his computers aka Nicky Hager or maybe a more subtle and less public cyber attack…..
We don’t know what or who has caused it. Pretty early to label it a NP related thing? Isn’t it?
I thought it was my computer for a while there.
Bit suspicious I’d say, particularly coming so soon after TDB reported the Key/waitress issue!
Many thanks TS for reporting this and for offering TDB support. And I wish Martyn and TDB team all the best for getting the site up and running again.
Kia Kaha my friends.
I am sad to hear that this is happening. There seems little point to such behaviour but I suppose somewhere there is someone thinking that they are cool and clever.
Kia kaha, kia maia, kia manawanui.
The GCSB was the ones doing the attack maybe.
I noticed TDB was down and i knew it had too be pay back from the right wing nutters.
um, yes, I went there a little while ago to read their article about how the unite union was going to assist the victim, Amanda Bailey. I can see the front page and the article headings, but when I click the links to read more, it goes to error message, ‘server not found’!
http://thedailyblog.co.nz/
Most of today it wouldn’t load at all.
Then the front page would go up, sometimes, but any further in was met with a 404
Now, the article pages can be accessed but are devoid of content. Just the banner, the article title and nothing else but a blank page.
Kia kaha TDB
Pretty obvious. The database is getting work backed up and timing out the web server worker threads trying to fetch data from it. The front page gets cached because it doesn’t have comments on it, so it tends to stay up when the posts do not.
It could be because it had too many apache2/nginx processes and threads accessing it at the same time.
However it could also be from the wordpress 4.2.1 security update that went through yesterday to correct for a exploit on long comments. Part of that update involved a sweep of all comments to remove possible harmful javascript. It took a couple of hour to run on TS with 900k+ comments. If it was a slow database without 8 cores and SSDs, it’d take somewhat longer.
I got caught by that kind of problem in 2009 with a slow single core database system. It took me couple of hours to realize I wasn’t under attack.
BTW: the vulnerability that wordpress 4.2.1 fixed was a brute
https://wordpress.org/news/2015/04/wordpress-4-2-1/
http://developers.slashdot.org/story/15/04/28/0227244/new-zero-day-disclosed-in-wordpress-core-engine
In other words a classic buffer overflow bug allowing for malicious code to gte past the KSS checker.
Because I am a teeny bit paranoid there has always been a character limit on comments here. It is pretty large, which is why Penny Bright fails to hit it. But I suspect BLip has a couple of times when he has posted a list as a comment.
Umm.
It could also be malicious code pushed into the site code (usually by not closing permissions for write or admin access) and then chewing up server processes.
That is what the damn bots have been trying to get access to on this site pretty strongly in the last month. I had to lock them out more firmly last month.
There are a lot of possibilities
No, Hone. We may not like what the GCSB is doing in connection with the Five Eyes programme, but harassing little internal blog-sites is way beyond their brief. That responsibility lies with the SIS and they have much, much bigger fish to ‘worry’ about.
If it turns out someone is blocking the site I’d say… ask a certain well known whale what he knows in the first instance.
“That responsibility lies with the SIS”
“They have much, much bigger fish to ‘worry’ about”
If they go for “bigger fish”, then the responsibility does not lie upon them, therefore making your statement contradictory which deems your argument void.
You are reading Anne’s argument rather oddly. “That responsibility lies with the SIS” and “they have much bigger fish to worry about” can both be true at the same time and you do not have to think hard to see that. Anne is saying, if it turns out that someone is blocking the site, you can rule out the GCSB because they have different job. And you can probably rule out the SIS as well, since while it is their responsibility, they have bigger fish to worry about. Therefore, you need to look somewhere else. There is a well-known whale who is generally well informed about such matters so perhaps you should ask him. Nothing wrong with it!
IF someone deliberately does something like that to a site, is it a kind of vandalism? And therefore the police need to be notified?
“If it turns out someone is blocking the site I’d say… ask a certain well known whale what he knows in the first instance”
Who? the fat german hacker whale aka kdc?
Show solidarity.
Make an offer to Martin Bradbury the option of guest posts here until it is resolved.
Agree. I think it’s kinda covered in the OP, if not explicitly. TDB made a similar offer when TS was down a couple of months ago, so I imagine there wouldn’t be a problem reciprocating here. An injury to one is an injury to all.
I’d prefer to resolve it there rather than having to add the 30+ authors listed on TDB piling into here.
There are usually just two types of attacks. The classic DoS at the switch that his ISP (probably voyager like me) can handle. Then the one that targets wordpress.
In the latter case paying for wordfence gets rid of most of it at the .htaccess level, and the plugin I use for comments gets rid of the rest.
But if needs must then I have another server here. I’d just have to give up playing games for a while.
What are you playing these days? I just rebooted Dead Space 2 for a bit of shits and giggles.
Mostly Civ5 at present. I’m mostly playing for zen whilst background thinking. A little of some old games like Homeland2
But I only use linux at home so that is limiting. But I also can’t be bothered learning new games. I have too many lumps of code to get into at present.
Ditto, It looks like Martyn has done something right…
I fear that the internet may in the future not turn out to be the free info. avenue that so many of us hope for.
But I rather hope that it will, and such sabotage will not turn into domination, and thereby censorship.
My server has also been under a sustained attack.
Your keyboard knows how it feels!
You don’t have a server listed? What is it?
Erm, I’m not telling.
Yes. That is a totally believable story then…
/sarc
Do you want to tell me details about my server? Why would I do that?
My IT guy says it’s under attack. I have no reason to disbelieve him, but you are free to.
Every server in the world is under attack at present. It is like background noise.
My mailbox shows blockages from compromised machines everywhere in the world being locked out of The Standard when they try to login.
Is that usual what’s going on?
Only the expert Iprent can answer that for sure, although we all know that a server was under constant attack by the Prime Minister, of all people, of this country!
About every other year we get a widespread major botnet attack of some kind. This year it appears to be picking author names off the posts and then trying to login to them. Needless to say I have some pretty fierce protection. They violate it and get locked out for a few hours and I get a email message.
At present, I get message every 4 or 5 minutes from machines being blocked from login.
We have very few author or above logins, and they all have adequete passwords. I also get notified when editor and above login it. My daemons also look at where they login fom.
what are they trying to do and why?
Not sure particularly.
Most likely they want to take it over for spamming emails, attacking other sites, and putting up posts.
Is ts a random target then, or deliberate?
have you told the police so they can help your wife?
Yep. Cannot access TDB. “502 Bad Gateway”
@ posters (11) & (12) Ditto. Same here.
So much for free speech then! As long as dear leader isn’t challenged or criticized, then NZ is able to speak as freely as it likes! Yeah right!
That’s right mary_a, it is undoubtedly John Key who has attacked Bradbury’s dog’s breakfast of a website. There’s just no other explanation.
Indeed Gormless, Bradbury is so important and a threat to the Government, he must be attacked. His strategising for Mana was incredibly effective, so I’m picking the CIA. That or he has shit security.
Do you want to tell me details about my server? Why would I do that?
My IT guy says it’s under attack. I have no reason to disbelieve him, but you are free to.
There’s precedent. Remember when “they” had to silence him on National Radio not (specifically and emphatically not) because he was a boring fucktard who read out long pre-prepared speeches, but because he was sticking it to the man.
“They” hate him because he’s turning New Zealanders onto socialism.
I agree with Gormless, there are so many possibilities, to assume some kind of government link is a bit OTT at this stage.
Bomber has finally got up their noses enough and now they are paying back. This will increase the street cred of TDB and Bomber – at least after this attack has been repulsed. Kia kaha Bomber.
“Street cred”? Jesus you’re lame.
“Jesus you’re lame.”
Hey marty, is there something you haven’t been telling us? You been hiding your light under a bushel?
I will never see Marty in the same light again, lol
lol x2
Lordy, best I take more care in addressing you from here on lest I be cast into the lake of fire ….
I wouldn’t make it eternal – promise 🙂
LOL
Anyone who has the pleasure of administering a website running WordPress deals with these sorts of attacks on a regular basis. Just one of those things.
We’ve a web developer. A popular website being attacked and taken down is not unusual these days. The core WordPress technology used here tends to get more malicious bot traffic and more attacks than most, simply because it is the worlds most popular CMS platform.
The last week has seen very similar attacks on tens of thousands of websites worldwide. There is nothing here that tells me that thedailyblog attack was politically motivated or done by right wing activists etc. Likely just another random denial of service (DOS) attack, which those of us who build blogs for a living see on a regular basis. However I suspect the developers will learn from this and as we all do, put in place additional measures to minimise it occurring again. It’s an ongoing battle, but just part of the job for those who build high traffic websites or blogs.
Chaos and Mayhem strike again.
I think you give him too much credit
When this site has some troubles, does everyone go to other sites and blame the Government or NAts or WO and it turns out to be a techncial issue?
The Whale or so may be behind this. Never trust the rotten brigade in power, and their allies and underlings.
Unfortunately I’m using my phone so can’t post the link but go to No Right Turn to find the tool the government plans to use to shut down political dissent on the Internet. It’s the law that will put people in prison for up to two years for causing someone else “emotional harm” by posting something.This could apply to anything from a Facebook comment to a newspaper’s online content (Even the same stuff that is okay to print on paper I imagine). The implications for free speech on the Internet are huge.
Serious question – people believe government agencies are attacking The Daily Blog?
More likely it’s the usual bunch of creepy contractors.
Like the last time TDB was hacked….those right-wing bastards redirected him to a Eastern European gambling site. Bomber had proof it was the govt. but we had to take his word for it.
Why would the govt attack TDB?
National Party Dick Squad, sure, but govt? Nah.
Yeah, but the dick squad are pretty damn useless incompetents who succeed almost by accident and then almost certainly because someone organised them (probably Jason Ede).
They certainly aren’t technically competent. Generally the technically competent grow out of the childish joys of cracking and get on to building as they leave adolescence. Most actual cracks carried out by adults are either crims needing cash and paying some kids to do it for them, or they are disgruntled ex or current employees.
And it being TheContrarian, it’s safe to assume there is some anti-Bradbury spin in that comment.
Of course, Bradbury is tool. I don’t deny my anti Bradbury tendency. He is a class a douche.
Not me. If they were then it would have just cut out.
I suspect that he has either found he has a slow database while updating, or something nasty got into his code. Those are the most likely scenarios.
But they are usually either those or dying hardware (I remember a hard drive and a switch – both caused a lot of hassle) or failed upgrades after hikes in traffic.
But Occams razor is that likely to be more prosaic than a crack or DoS
I’m quite willing to get a survival site up if TDB needs it or to lend expertise if it is required. I doubt if there are many things that I haven’t had die on this site since it started.
lprent, if I ever seem ungrateful for all that you do for this site, it will be unintentional. I don’t understand the technical jargon in your replies here but I am humbled in the face of your knowledge. Respect, sir, much respect 🙂
I have the hide of a rhino, especially because I am an total arrogant techhead elitist programmer. And that is on top of the usual MBA attitudes.
I have problems considering the concept at an emotional level that anyone who can’t write a million lines of code may be human. I allow exceptions for people who can write 500 page books or put together a feature length film (I have seen people do both, and it looks like it is as hard).
However I think that a number of authors and commenters here are getting there
😈
/parody off
There is a little of Sheldon in us all.
Well, he could be talking a load of gobbeldygook for all I know Hateatea but it does sound very impressive I grant you. 😛
I really do have a lot of sympathy for the Sheldon character at times….
Ditto Hateatea.
There’s only one way to gain the kind of mastery over a technical area that lprent clearly has – thousands of hours actually doing the stuff and being fully focused on it (and, of course, having the cognitive and emotional predisposition to be able to and want to do it).
I’m very grateful lprent has spent that time and has put it to use by building and maintaining this site.
I don’t on what I have read so far.
Given what’s been said here about wordpress, I’d say the most likely option is that some malicious code has got in somewhere. They try constantly. The enemy never leaves the gate, but it’s not always the government.
I wouldn’t rule out some NAct idiots having a go at TDB, but it wouldn’t be high on the list of things I’d consider. More dangerous will be the new internet law, when some NAct backbencher claims to have their feelings deliberately hurt. The freedom and anarchy of the internet are seen as threatening by the powers that be/establishment/man/illuminati/(insert other favourite group). They don’t know how to handle it and will use very blunt instruments. I think things will be very different ten years from now.
What is interesting is that the claim of having their feelings hurt is in itself defamatory. I wonder what their feelings will be like after a defamation suit.
This proposal has a great hole in it because I will make anyone trying to use it truly miserable, then I will start on whoever tried to enforce it. Civil law is interesting. Expensive, but very very interesting.
Maybe someone, like WO(?) does keep an eye on sites for any vulnerabilities arising after something has happened, like this? They may exploit a weakness but I don’t imagine they would instigate it?
We’re at DEFCON 1 now, this is war. Have we got a nuke aimed at Whale Oil? 🙂
[lprent: Threats of violence in comments, even in play, will earn you a quick kick exit from this site. ]
Retracted, back to DEFCON 5 now. Waving a white flag.
If tdb has been hacked then it’s for the public good. No political blog site is safe. Wonder who will write the book exposing all bummers private emails?
Your idea of the public good seems well aligned with FJK’s.
Yes because we don’t need to hold politicians to account, it’s bloggers that are the real problem here. :eyeroll:
The Internet has become the world’s brain/nervous system. There is no way in the world that governments/whatever are going to allow it to be unmolested.
I wouldn’t put anything past ‘this’ Government, however I am hoping the problem has been caused by overloading – thousands of NZer’s trying to get onto the site to read Amanda Bailey’s side of the story…
http://www.digitalattackmap.com
Choose “unusual” and you’ll see that NZ and Brazil are experiencing a bit of extra botnet traffic at the moment.
Nothing like some of the massive ~400 Gbps attacks last year though
DDos should get stopped at the ISP or centre border these days. The sites either go off or stay one.
The deeper distributed site attacks are the problem these days.
At present there are pretty close to 40k attacks per minute on wordpress sites just at wordfence. That is about double what it was last week, and still rising.
http://www.wordfence.com/
You see that lift at 2100 monday? That was when I had a day of high CPU
It didn’t act like a DDos. It looked like it was a lot deeper into the wordpress
what version of wordpress is TS up to now?
http://www.theregister.co.uk/2015/04/27/wordpress_zero_day_xss/
4.2.1
Untied we stand – divided we fall, good on the standard offering support to our fabulous Martyn Bradbury.
Why doesn’t all opposition parties place a court injunction and request half of the public owned NVNZ/RNZ be placed under Opposition control.
It is wrong to have only the Government controlling all our taxpayer funded public media for their benefit and give no voice for the opposing political parties.
Every time an opposing media site goes down it serves to remind us all that we have possibly the most repressive control on freedom of our voices of anywhere globally.
Get organised for our sake opposition Parties and put your pettiness aside for our common good please.
@ CLEANGREEN (24) Hear hear my friend.
Having withdrawal symptoms without TDB already.
However, really do appreciate The Standard team being so supportive, accepting comments from Martyn’s regular visitors/posters.
In terms of reposting TDB material, it seems reasonable to presume that the attack on TDB may be intended to suppress access to the Amanda Bailey material.
This material perhaps could be accommodated here – particularly the original pieces.
Of course it is. A website is property. That property has been damaged.
However the police are on the side of the right wing so nothing will happen
edit: not sure why this ended up here, was in response to tracey somewhere up above
I just ran into a glitch on TS about 10am. Clicked away on a link (to Scoop), then when I came back all the comment fields were blank. This persisted when I reloaded the page from bookmarks. But now that I’ve restarted the browser a couple of times after doing other things (thus clearing cookies), it seems fine.
TDB is back up now.
Same thing happened to me. Seemed to clear itself after a few minutes. It’ll be interesting to hear what happened on TDB, though I suspect its the nature of these things that the originator of the attack won’t be found (assuming it was a DDoS and not just a glitch in hardware or software).
re TDB, still getting “504 Gateway Time-out” here
TDB has come under ‘attack’ from a few ‘regulars’ on this site in recent times
[not aimed at you Rob – can you check why my comments seem to still be going to moderation please] – Cheers
[lprent: I usually look at releasing bans around lunch time. I was otherwise engaged today. ]
Anyone else having similar trouble getting onto scoop today?
have also tried from the feeds here, but something is broken
Direct address is failing as are any links to the site
seems to be back up now and operating normally
Lol alert level is back to calf shit yellow. No threats imminent.