Yet more cyber attack problems. Here is a look inside my comments editing page.
Mmmm – when I click on the link I get the page with full functionality. I do hope that’s only me!
I had already deleted hundreds of these nonsense comments this morning. The interesting thing about them is that they do not give any message, do not attempt to sell anything and do not contain any links to other sites. Their sole purpose is to overload and crash the site.
They are of course running on an automated programme, but the quetion is, was this blog targeted for a denial of service attack, or is this simply a nihilistic attempt to crash anything at random across the web?
Most likely an attack to shut you up. Keep talking
I work in IT and I wouldn’t get particularly paranoid. We often setup sites and the person (academic) says the would like a blog or wiki. When we say they will need to be moderated the normal response is no one will attack us, why would they want to attack a site on xyz?
Welcome to the new world 🙂 It’s very much like tagging in graffiti. When the attacks happened on Estonian sites following the removal of the war graves I never thought it was state sanctioned just nationalistic script kiddies!
Paul
I’ve been meaning to tell you to use wordpress for ages for other reasons and now again for this issue there are a couple of plugins that will deal with this for you. One is called hashcash, the other akismet. They’re open source so probably available on other platforms.
Hello Craig,
your link above leads to an “.mht” file, which is a webpage archive format specific to Internet Explorer. It is apparently functional from here if I use IE, but requests username and password if I try to send my edit to the copy on your server.
Craig,
your site probably attracts the lowest form of spammers because no account is required to post comments. If you’d prefer more competent spammers you’ll have to increase your site security!
Username and password to create an account is sadly required; we are paying the price for purity.
Akismet, a free plugin for WordPress, blocks virtually all spam comments.
You might be targeted or it could just be bots spewing to whatever site it can get through. And that can be dangerous to both your site and readers.
Akismet has blocked 1.1 million spam comments on my blog. It works.
I see that there are two Akismet versions for Movable Type; MT-Akismet and Akismet for MT, available from here:
http://akismet.com/development/
It may be random. It could equally be Israel supporters who are extremely active in this kind of behaviour, and have the techncial means, as I know from other sites. You have carried some comments about the rogue state, which could well result in you being hounded. I wouldn’t be surprised. Stifling of discussion, apart from the ‘right’ kind, is the aim.
These “pointless”, short comments could be beacons indicating that the “scouts” of a larger spamming net were successful in posting some arbitrary comments. They might be followed by a crawler or uploading their logs to a control site. This could be part of a targeted attack or just usual botnet business.
Chances for a DOS attack are minimal: Payload is too small and seems not to be repeating, Usually DOSes send the same or similar strings as quick and often as possible. Also the idea of a “nihilist attempt” doesn’t technically make sense: DOSes need vast capacities bundled for a short burst to bring a site down before it could engage throttling. load balancing or just switch to static content until the packet storm has calmed. That’s why they use to be distributed to large networks,
Craig,
You could consider adding a Recaptcha (or similar) validation mechanism to the comments page, if you’d rather not add user name and password logins for commenters. (It would probably be less effort too.)
Democracy Now! do it try to limit posts to real people and keep out scripts (see link below for an example):
http://www.democracynow.org/get_involved/contact
If this was an attack, it was amateur.
Sadly if you allow free comments without at least “captcha” protection you are likely to be flooded sooner or later. A commmon problem is that people try to get their site addresses (often gambling sites) all over the web so they will come high in search engine results. In my experience a simple “captcha” reduces the problem to manageable proportions. Please don’t make it too difficult like some sites do. It is having it at all that makes the difference; level of difficulty is almost irrelevant.