The gremlins were very unhappy with Yossi Gurvitz, Itamar Sheltiel and me yesterday for exposing the identity of Doron Zahavi as the military intelligence agent alleged to have tortured Mustafa Dirani and threatened East Jeruslem Palestinians in his new role as Arab affairs liaison to the Jerusalem police. An Israeli colleague posted a link to my post at the right-wing Rotter forum last night and at 5:30AM this morning a sustained DDOS attack began on my site. Yossi’s and Itamar’s blogs were also attacked as well after they joined me in identifying Zahavi.
Apparently, Zahavi has a lot of Rotter supporters in Israel. One guy at that forum yesterday even tried to make a joke out of the alleged act of sodomy-rape performed on Dirani. So a DOS attack is certainly not beyond nice folks like that.
So please know if you attempted to visit my site and got an error page ignore whatever verbiage you read there. This was a DDOS attack. I’ve taken security precautions to avoid future attacks. But of course when you do that the gremlins escalate their efforts and attacks could happen in future, especially if I again gore the ox of the Israeli secret police and their fellow goons.
It probably didn’t help things in terms of making friends with them that Yossi called me Israel’s answer to Wikileaks. Though it makes me enormously proud that he did so.
This new security will raise my server hosting costs by four five times. So I’m asking you, my loyal readers to step up and help me defray these costs for the sake of freedom of the press and in the face of attacks by the secret police and/or those who imagine they’re helping them. Please use the Paypal button in my right hand sidebar to make as generous a gift as you can. Make a one-time or better yet regular monthly contribution to help sustain these new monthly costs I’m incurring. Keep my voice heard loud and clear and send a message to the hackers that we won’t back down and won’t be intimidated.
UPDATE: The DDOS attack was renewed this afternoon and the site down again for several more hours, and my site is back up and has been upgraded security-wise. If any readers have problems accessing it please contact me.
UPDATE II: At 10:30PM July 30th, and after some major screw-ups concerning my host’s migration of my site to a new, more secure server, the site appears to be up and functioning again. I apologize to you, my faithful readers and to the weird error messages you received when you couldn’t access the site. You aren’t a spammer and weren’t being singled out for punishment or anything else.
And by the way, if the Rotter boys think they’ve silenced us they’ve got another thing coming. Tomorrow, I hope to have further information exposing Doron Zahavi, the nature of which I don’t want to discuss until I’m ready to publish.
This was a DOS attack.
DOS as in religious or as in DOS computer language?
DOS as in “denial of service”
DOS means ‘denial of service’.
http://en.wikipedia.org/wiki/Denial-of-service_attack
Hang in there, Richard. I got the message and thought I had done something wrong, and then realized you were being hacked.
Hang in there.
Richard,
I am sorry for these attacks.
Just to be sure,
If it says: “Your IP address has been associated with abuse in the past”, then this is part of the attack, or part of the new security system that still has to be tuned?
Thanks,
Yuval
Ignore the error msgs. They’re formulated generically & don’t describe the real reason the site is inaccessible. For the past day or so it was DOS attacks. For the past 8-10 hrs. it was Hostgator supposedly upgrading my security & moving me to a new server & bungling things in the process. The site should be up & running for all as of now. But if it isn’t pls. either publish a comment here or e mail me.
I’m not sure what you did was a right thing, but I am sure that what they did to you was a wrong thing. We stand with you.
Thanks Tzvee.
Hallelujah!
They’re trying awfully hard to shut you up, Richard. You must be doing something right.
Helllo Richard ,I am glad that the blog is on the air again,I really missed it.
Thanks, glad you have access now. I was really missing the blog after nearly 2 days w/o it.
Glad you’re back. Frustrating as all hell to be denied entrance to a site I consider significant and useful. Is there some kind of legal protection that might, for example, investigate the digital attack on you as a 1st-Amendment violation? One thing I learned in all this while trying to find a way to communicate with you is that you have an impressive array of enemies, Richard, hurling like hand grenades at you the various charges that the Israel-über-alles throng feel compelled to use in defending the state’s every outrage and by extension its determined efforts to solidify its status as a rogue nation. Nary a scintilla of recognition that your stance might suggest a deep desire to see Israel survive as that proverbial light – not blight – unto nations. Guess the rabid throng takes Chapter 7 of Deuteronomy quite literally: “…and when the LORD thy God shall deliver them up before thee, and thou shalt smite them; then thou shalt utterly destroy them [various locals]; thou shalt make no covenant with them, nor show mercy unto them…”. Woe betide those of Richardian persuasion who might think otherwise.
Glad to have my loyal readers back, Norman. It was like an enforced absence. I gather that some people are still having problems accessing the site for which I apologize.
See:
http://rotter.net/forum/scoops1/18250.shtml
Can anyone translate this: do they not like me?
They are hitting my blog more often than the Animal Liberation Front, which makes a change.
Hang on a mo, will try and give you the IP of the person who started this:
Domain Name netvision.net.il ? (Israel)
IP Address 212.143.134.# (NV1378-RIPE)
ISP NetVision
Location Continent : Asia
Country : Israel (Fac ts)
State/Region : Hefa
City : Haifa
Lat/Long : 32.8156, 34.9892 (Map)
This IP hit my blog within seconds of the post being published, quickly followed by dozens and dozens and dozens of hits using the Rotter posting as “referring IP”
I do hope this helps anyone fighting back against these black hat hackers.
Rotter is a popular Israeli forum. You would have many hits if someone posted a link to your site & you claimed your site was attacked. I’m not sure that means Rotter members are behind the attack on you. But you also haven’t given us a full IP address in your comment above. You’ve left out some numbers.
The attack on you followed a link being put on rotter.net, my conclusion is that there’s a computer scanning the internet for “Doran Zahavi” and putting the links up on rotter.net far automatically, or least it’s fully automatic on Saturday mornings. (Happened MUCH too fast to be someone surfing and finding it by chance!)
The IP is incomplete because sitemeter doesn’t tell non-law-enforcement people that last group (at least not in the UK, due to data protection act.) But it allows you the ISP and location.
There’s no question that if you give the relevant sitemeter page to the FBI, NETCU or SOCA, they can get the whole IP from the ISPs it went through to get there, though they won’t discuss the details.
Once rotter.net had my post, it then put up all the comments I posted here, again, automatically within a few seconds. It didn’t catch on to other posts of mine on the same subject, that didn’t contain “Doron Zahavi” until one of the RSS subscribers came back and manually surfed through my site.
So, about nine tenths of it is robotic.
What happened to my site wasn’t exactly an attack, just the consequence of the RSS feeds going to a lot of people whose computers all verified the link at the same time.
But whatever put your site down was evidently more than this. (The RSS effect doesn’t last for very long.)
Also, yesterday, when you were inactive, there were several occasions throughout the day when DNS servers in both the UK and Canada briefly lost their ability to find your site. Your tech person needs to watch this, because a DNS attack would imply an aspiration to put up a clone of this site and harvest the FULL IPs of all your regular readers and comment-writers.
An incomplete IP address doesn’t help us much even though I understand this is how things work in England (not here or in Israel I gather where we have full IPs). A Rotter member posted in that thread that the IP address 212.143.134.129 belongs to the Israel Broadcasting Authority. This may have to do with the fact that many journalists are researching the story and all these referrals appear to be an attack, but aren’t.
Zipfile of all the DOS black hats’ IPs and other data made a cool 21Mb, which is with all the relevant UK authorities even now, before the black hats even realize that by having an RSS subscription to the forum that tells them whom to hack, they are leaving footprints in the snow, from the jeweler’s broken window right to their own front door.
Wouldn’t have done this if they expressed an opinion, no matter how extreme, but they HACKED.
Does anyone have an e-mail for an American law enforcement person or agency that investigates DOS attacks against American servers?
They are welcome to the IPs if they want ’em.
Oh yes.
One of the suspect IPs is a comcast one: one of the hackers is within US Jurisdiction after a breach of Federal anti-hacking laws. Sleep tight, mate.
I can’t read Hebrew, but HUGE consternation on the rotter.net site about the posts of Medawar. Can someone translate all the insults about Medawar, please?
Medawar hasn’t broken any law: he just took and read the data which their own too-clever-by-half system for disseminating information on targets for them to attack, delivered to him even as they slept.
They had a try at a DNS server attack, too, by the way, while Richard enjoyed his Sabbath rest.
No insults directed at you, alas. Just that you’re a blogger in Britain who reposed the story. They’re not happy about that.
One particularly deranged ALF supporter once put up SEVERAL websites vilifying me (or the person he decided, quite out of his own head, was me) once, which was why I wondered. Unfortunately, he decided that I was a stained glass artist living in Ipswich, which was a bit terrifying for real stained glass artists living in Ipswich.
The culprit turned out to be a freelance drama teacher and performance artist with addresses in Harlow and Swindon, which explained quite a lot but by no means everything.
There is a bit of a queue for people who want to harm me. The gentlemen of rotter.net are welcome to join it, but the people already in the queue might frighten them. A couple of years ago, one of the UK’s intelligence agencies appeared to be using my street for their training exercises because the appearance of real live extremist targets was more or less guaranteed during any given morning or afternoon.
This all ceased, or possibly became much less obvious, after I started to send the local police critiques on how well I thought each trainee officer was doing following the nutters about.
Relax, most of the insults were directed at me, not you. But if you start digging up good original info that embarrasses the powers that be then you too can be smeared in the pages of Rotter.
Indymedia UK, meanwhile, does the same thing on behalf of the powers that wannabe.
I usually visit this site w/o commenting but 2 days ago I found the site down and then yesterday i had been blocked from it.
Not cool but understandable. Fyi, include your contact information for IPs you blocked
No one is blocked at least not for the reason given in that msg. The error message is generic and didn’t describe the reality of the situation which was a DOS attack.
Could you make that DoS? It’s very confusing for us oldtimers who used DOS (Disk Operating System) before Windows… For a bit there I thought someone had revived DOS or I was in the wrong century.
Duly noted. I come from the DOS age as well. But I’ve never suffered a DoS attack, so the lingo is a bit new to me.
Nearly all the attacks are made possible by the probably needless complexity of the software environment on what are, after all, meant to be personal computers.
But I speak as one who had to be convinced of the need for CPM, having learned on machine-code-only machines with just a “monitor” programme in EPROM somewhere.
A DNS attack is a different thing from a DoS attack: in the latter they are just using many machines (usually, other people’s machines infected with a virus) to swamp the site, although this usually involves attempts to send commands or requests that tie up a lot of the site’s time or crash its server in some way.
A DNS attack is when the DNS databases that let your machine find Richard’s site, are hacked so they direct your computer to a different server, which has a copy of his content on, but which records your comments and more particularly, your IP, for future reference. That’s not so bad, but such fake sites are also normally designed to fire malware back at your computer to drag information out of it, or to send on malware to everyone in your address book and so forth.
So a DNS attack is more malicious, and more subtle, than a DoS attack.
The Firestarter firewall for Ubuntu machines reacts instantly to any change in the DNS server your ISP is using during a session. This is good.