Site Hacked

Well well. It is confirmed, this site was hacked at about 11am EST Australia this morning (9pm NY Time). We do not know what the motive was. It appears to be an XSS (Cross Site Script) type hack — for those who are interested. There are many log files to go through. News was posted on WUWT also.

Thanks to the expert help of my Webmaster, it’s been mostly restored within only 3 hours.He was onto it immediately and worked non-stop to unravel the mess. (Some comments are still missing from the weekend threads, we hope we can restore them too.)

UPDATE from my webmaster:

The attack was undertaken over a 9 hour period using proxy servers from around the world including universities, schools and broadband providers. Unfortunately, hackers believe themselves to be smarter than they are. In this instance they have used the web01.defence.gov.au web server as a proxy which is located at the Woomera Air Force Base. No doubt the Department of Defence will be interested in all the data collected by the jonannenova.com.au web server pertaining to its machines. Additional confirmation will be sought from private broadband suppliers who keep detailed logs of their web traffic.”

Thanks for the patience of readers.

Jo

9.5 out of 10 based on 99 ratings

116 comments to Site Hacked

  • #
    Chris

    You could ask the Norfolk Constabulary for help investigating.

    So long as you don’t mind waiting three years for the result, which is “Yep. You were definitely hacked.”

    10

    • #
      Rereke Whakaaro

      That is not a bad idea. If they said, “You were definitely hacked”, then you could be absolutely certain that it was an inside job.

      10

  • #

    If I was a betting man I’d try to get odds on the hacking coming from the UWA.

    Welcome back anyway, was getting withdrawal symptoms.

    10

  • #
    unhappy constituent

    Someone must be starting to get worried, keep up the good work Jo we need to win this fight and you do an incredible job in getting the truth out.

    10

  • #
    Transport by Zeppelin

    Jo; can we expect a Novagate any time soon 😉

    10

  • #
    Markus Fitzhenry

    Buggered if I know why you are so gracious and advise your readers to be civil to these swine. The populace was all for the Nazis to be taken out the back at shot at the Nuremberg Trials.

    Hopefully, politicians will get smart enough to understand the damage these dogs are doing to their ability to effect good governance, coupled with the realisation that the electorate is fed up with non delivery of needed services because of the waste inflicted by the left and greens, they will form a political will to retaliate against these mugs who support the world of warmist fear.

    10

    • #
      Rereke Whakaaro

      One can learn a lot from studying Mahatma Gandhi.

      “The more they attack us, and the more we fail to respond, the stronger we become.”

      10

      • #
        papertiger

        You are right there. Shame is our ally. Eventually the hard cases will out themselves, like Peter Gleick did. I bet a whole bunch will be outed regarding this hack.

        10

        • #
          Mark D.

          Except what if they have no shame?

          10

          • #
            Greg Cavanagh

            They’ll have pride or ego. Both mean that they can’t stand on the side lines impartially (which is why they hacking a site). Papertiger is right; they’ll eventually make themselves known. Doubly so if they’ve been active in some way but made zero impact. Time to ramp it up a bit, Doh!

            10

  • #
    John in NZ

    Welcome back.

    I wondered what was happening. Yes I know it is annoying but then again it is also sort of cool. As Unhappy Constituent said, someone is worried.

    Someone has noticed you and is sufficiently afraid to try to cause you problems. I expect he has very small reproductive organs and is trying to find some way to compensate for the lack of female companionship.

    10

    • #
      Geoff Sherrington

      Oh dear, John, Immediately presuming it was a male! Do you know something we should?

      10

  • #
    pat

    Would not surprise me one bit if it wasn’t the government itself.

    10

    • #
      AndyG55

      “Would not surprise me one bit if it wasn’t the government itself.”

      noope, this sort of thing requires some actual knowledge of something other than union type thuggery.

      10

      • #
        Rereke Whakaaro

        Yes, reading between the lines of the Web-master’s quote on Jo’s post. The hackers were rank amateurs.

        “Duh, I know, lets go in through a defence site, then Nova will think the military are after her, wouldn’t that be cool?”

        10

      • #
        Senex Bibax

        Wait until the NBN is fully rolled out…

        10

    • #
      Geoff Sherrington

      Oh dear, AndyG55, immediately presuming it might be a structured body. Keep gpoing, that’s one up on John takling about unstructured bodies.

      10

  • #
    crosspatch

    It is part of the “progressive” agenda known as “shut up”. If you have an opinion counter to theirs, they attempt to silence you.

    10

    • #
      A Lovell

      Andrew Klavan has a great youtube video, ‘Shutup’, which is a perfect illustration of your observation.

      10

  • #

    As I mentioned on the Anthony Watts thread, I believe the DoD web server, along with a few other servers that were used, are honeypot proxies. The vulnerability originates from a third party plugin and has been known for about two months. Unfortunately, I can’t police third party software which is free.

    10

  • #
    cohenite

    Is this hacking a criminal offence? I’ll have to check.

    10

    • #
      cohenite

      Yes, it appears so; Division 477 here.

      The AFP need to be notified.

      10

      • #
        Rereke Whakaaro

        Whoa, there Cohenite, slow down,

        There may be a small problem of jurisdiction. You would need to look at the legislation for the country where the attacked server was housed. If Jo is using servers outside of Australia, and one of those was the target, then Australian law may not pertain. Given that this is a WordPress based site, it could be almost anywhere.

        I know this because the takedown of the Mega Upload service (which is housed in New Zealand) by the FBI, was deemed unlawful by a New Zealand court.

        10

        • #
          cohenite

          Oh sure Rereke; that is the case, jurisdiction is very important:

          Division 477.1 of the Criminal Code Act states:

          (1) A person is guilty of an offence if:

          (a) the person causes:
          (i) any unauthorised access to data held in a computer; or
          (ii) any unauthorised modification of data held in a computer; or
          (iii) any unauthorised impairment of electronic communication to or from a computer; and

          (b) the unauthorised access, modification or impairment is caused by means of a carriage service; and

          (c) the person knows the access, modification or impairment is unauthorised; and
          (d) the person intends to commit, or facilitate the commission of, a serious offence against a law of the Commonwealth, a State or a Territory (whether by that person or another person) by the access, modification or impairment.

          Prosecution of a hacker in Australian law is dependent on the act in question being committed on Australian territory, and if this isn’t the case, prosecution will be extremely difficult.

          But what caught my eye was the use of “web01.defence.gov.au web server as a proxy”. The AFP must be interested in that!

          10

      • #
        Geoff Sherrington

        Cohenite,
        I’m more worried about 569, which I recall is somewhat secret.

        10

  • #
    Ally E.

    Wow! Please pass on my congratulations and appreciation to your webmaster, who sounds brilliant. Glad you are back up and running so quickly. When you find out who did it, press charges, Jo!

    10

  • #
    Billy NZ

    Thanks for all you do Jo.Love your site.Do you think you may be over the target?Many thanks from NZ for the work you do.

    10

  • #
    KeithH

    Bit of a shock to be greeted by “Your account has been blocked” but I thought it must be an outside attack. I’m also a bit miffed that my last post (written as it actually happened) hoping to be first announcing Mars Rover had successfully landed, disappeared into cyberspace. Even got so excited that I semi-apologised for being O/T on an unthreaded post!! After attributing Robert Manne’s “wall of money” comment to Clive Hamilton on a previous thread, I must concentrate in future or fellow posters will start to suspect I’m getting old!!

    10

    • #
      Rereke Whakaaro

      Well, has the Mars Rover successfully landed? … don’t keep us in suspense …

      10

      • #
        KeithH

        Wait for it Rereke………..Yes!

        10

        • #
          Rereke Whakaaro

          Thank you, thank you, I was so worried, you wouldn’t believe.

          Ah, I might need a little lie down to recover from all the excitement …

          10

          • #
            Popeye

            Guys,

            You’ve forgotten – this landing is just ANOTHER conspiracy theory.

            All the images etc are achieved with mirrors and special sound effects.

            Gosh, soon you’ll be telling us all that chem trails DO exist and are part of the American take over the world plot!

            We ALL know that man NEVER landed on the moon and that the Twin Towers were exploded by the CIA.

            (Sarc off)

            Cheers,

            10

  • #
    Andrew McRae

    If it’s XSS then was it this one?

    Since a comment deletion command is protected by user privilege checks they can be abused by impersonating a valid user, which in this case is forcing a valid user’s browser to issue commands of the attacker’s choosing via XSS. Possibly the only payload they need to inject is script to create an IFRAME tag or IMG tag with a URL that sends the admin user’s session id and authentication token back to a server under the attacker’s control. This identity token can then be used to craft web requests that look authentic to the blog server.
    I would have thought that issuing different tokens to different IP addresses regardless of whether they are for the same user, and then checking received tokens match the IP they were first issued to, would prevent this attack, but that is just a W.A.G. of mine.
    That’s unless I’ve misunderstood how this XSS exploit works.
    Either way an upgrade of WP could fix it.
    They probably don’t have your admin password or they would have done far more damage.

    Looks like Waffle had figured out their tactics. Maybe he can enlighten us?

    Either one of us commentators has really peeved somebody off, or else Jo can claim yet another success story. I mean, you know somebody thinks you’re making progress when they think your web site is important enough to attack.

    Was there a pattern to the comments that were deleted?

    10

    • #

      If it’s XSS then was it this one?

      No, it wasn’t. It was from a third party plugin. Unfortunately, the architecture and routing of WordPress means that vulnerabilities are easy to create and, open-source basically means amateur code written by n00bs trying to establish themselves in the software industry. I’m disinclined to reveal what the vulnerability was as that information can be used against other websites by yet more would-be script kiddie attackers.

      And no, there was no pattern. The aim was to kill the database. I caught the attack while it was happening and locked everything up while a stocktake of the damage was taken and the security issue identified. After that, the backup button was pressed and we’re back online. I need to write a few scripts to scrape out Jo’s email inbox to restore the lost comments which, should be done sometime tonight. Nothing has been lost.

      10

      • #
        bananabender

        open-source basically means amateur code written by n00bs trying to establish themselves in the software industry.

        What a load of crap. Thousands of outstanding professional coders are employed by Google, Apple, Intel, HP, Microsoft etc to write opensource code. Virtually every major university and government agency in the world also contributes to opensource projects.

        Then you’ve probably never heard of Linux (most widely used server OS), Android (most popular phone OS), OpenBSD (most secure general OS) etc, etc.

        10

        • #
          bananabender

          I forgot to mention Apples’ OSX and iOS are based on opensource. Firefox, Google Chrome and Apple Safari web browsers are also opensource.

          10

        • #
          Rereke Whakaaro

          When I read what Waffle had written, I assumed he meant that the script kiddies involved were trying to establish a hacker reputation in the industry.

          When I watched the movie about the formation of Facebook, I was surprised at the way new coders were “auditioned” from the ranks of the students, but apparently that is what happened.

          10

          • #
            AndyG55

            “I assumed he meant that the script kiddies involved were trying to establish a hacker reputation in the industry.”

            I don’t know that you would get much cred from using a pre-existing known issue.
            Sort of like putting a learners tag over a piece of graf art.

            10

          • #
            Rereke Whakaaro

            I agree – zero cred.

            But everything is pre-cut anyway. The last time I cut any real code was about twenty years ago – it’s all lego now, and about as interesting.

            That’s why I can’t figure out how why climate modellers keep stuffing it up. Perhaps they have misunderstood cloud computing 😉

            10

          • #
            AndyG55

            “I can’t figure out how why climate modellers keep stuffing it up. ”

            Their coding is probably quite reasonable..

            ..its just that they feed it garbage assumption.

            10

          • #
            crosspatch

            I wouldn’t say “zero cred” as those sorts have to start somewhere. They first establish their bona fides by showing willingness to pull off an attack in the first place, no matter how simple. It’s sort of like the ancient Spartans proving themselves by sneaking out and killing an unarmed slave. The key is to do it without getting caught and in this case it appears possible that they might have been unlucky. Many of these “hacktivists” associate themselves with the “progressive” political left which has no scruples and no integrity as long as you are advancing the “cause”. Mantras such as “no rules, just results” are typical for these people. There IS some cred in using a very simple exploit in the sense of “Hahaha we were able to take down Nova’s site with the easiest exploit on the book, a 6th grader could have done it” in that they try to shift the focus from their own inability to use a sophisticated attack to the site being vulnerable to an easy one.

            In this case, however, they might have left a breadcrumb trail leading back to one or more participants so I am not convinced they are bragging about it today.

            10

        • #

          There are some great open-source projects out there. No doubt. But, 9/10 successful open source projects are a disaster in terms of quality of coding. Professional grade programing is strongly typed and highly defensive. About 50-75% of the code in a solid piece of sofware is exception and error handling along with internal analytics, metrics and debugging, not to mention a properly encapsulated and extensible architecture. Unlike the ultra-hyper-aggressive code you find in most open-source projects which are usually nothing more than a bunch of scripts smashed together.

          Then again, I’ve been coding for decades so, what would I know, right?

          And by script kiddies, yeah, I mean (would-be)hackers. It takes no effort to google “wordpress hacks”.

          10

          • #

            Professional grade programing is strongly typed and highly defensive

            But there’s not been much of that since the early 1980’s.
            Most large corporate customers and government departments depend of battalions of “support” staff running around with bucket putting out little “fires”.

            The software houses depend on cheap labour provided by “code monkeys” with no practical experience in the area in which the software is to be used. Contrary to popular belief, the code monkeys aren’t all PFY (pimply faced youth). Quite a few drive around in expensive cars, wear name-brand suits, carry briefcases and have greying hair; and not as a fashion statement. Those are all wedges of “credibility”. IME, a number of them are incapable of any programming task other than reimplementing their old bugs in a new language.

            I’ve seen commercial code. The code that’s hidden is often much, much worse than that in the open source universe.

            You’d be lucky to find 10% that even has The Right Stuff on the horizon.

            10

          • #
            Simon C

            But then corporates can employ crap ‘professional’ coders. In one job I went into back in the 80’s, I found that just about every project my predecessor had done was unwieldy, incomplete, bug-ridden and with more unexecuted code left in than was being executed! None of the code was structured, nor was any of the data – it was unsupportable. My boss told me to fix one project, I said I couldn’t without a re-write (it was that bad!), he said to just fix it, so I said ok, and re-wrote it – was the only way. My issue was, some of these projects were controlling industrial processes, where bugs could result in something very ‘messy’, and I don’t just mean the product, and I didn’t want that hanging over me!

            Anyway, as has been said, the attacker (or the attacker’s instigator) was obviously finding Jo’s articles hard to swallow, which is what happens when truth reveals lies and deceit. Perhaps a certain identity impersonator was trying another tack.

            Glad you caught the attack in good time, and glad to have the site back.

            10

          • #

            I’ve done alot of contracting throughout my career and worked on plenty of code I’m ashamed to be associated with. Software suffers a number of problems. The open-source movement which gives businesses the idea that development is cheap and easy is one of them. But, there is a market for quality software and that begins with rock solid business processes and project management.

            10

      • #

        Looks like the secret is out.

        Hint: If Waffle sounds like he knows a lot about these matters, that’s because he does. He is the man to thank. – Jo 🙂 Thanks Waffle!

        10

      • #
        Andrew McRae

        Waffle is da man.

        Steady hand at the tiller.

        Jolly good show.

        10

      • #

        Waffle, well done mate. Spotting the fire early is the hallmark of a real pro.

        Pointman

        10

    • #
      Richard S Courtney

      Andrew McRae:

      You are right when you say;

      They probably don’t have your admin password or they would have done far more damage.

      These bar-stewards destroyed two of my past computer systems so I now have severe protections including separated systems. Hence, I now don’t receive some communications because my protections refuse to accept them.

      I suppose the bar-stewards think their behaviour is OK because it supports “the cause”.

      Richard

      10

    • #
      Capn Jack Walker

      Aaargh, skullduggery’s afoot, if we catches them, then over the side and along the hull for barnacle food the bastards be.

      And Davy and his kraken can have the rest.

      10

  • #
    Phil Ford

    When was the last time anyone here read about a warmist site getting hacked by a group of climate skeptics? That’s right – never. It just doesn’t happen. We don’t go around hacking our opponents simply because we don’t agree with what they are saying. We prefer to present our arguments and make our case – and in an ideal world we would welcome all and any chance to state our case in public forums such as the mainstream media, who deny us repeatedly, as well to debate our opponents in the full glare of public scrutiny. Except that our opponents are too cowardly to face off against the best of us, knowing their house of cards will fall completely in the face of skeptical science.

    Warmists are cowards, all. Too scared to face off against their critics publicly, they must resort to these tawdry underhand tactics (again and again) trying to silence the right of climate skeptics to dissent, to take issue, to question the dominant narrative of CAGW. Such people will never win – and must never be allowed to win.

    As the song says:

    ‘There’s a battle ahead, many battles are lost
    But you’ll never see the end of the road
    While you’re traveling with me …’

    The fight goes on.

    10

  • #
    inedible hyperbowl

    Now I am sure that they “know where I live”!

    10

  • #
  • #
    inedible hyperbowl

    Or it could be related to the carbon tax.

    10

  • #
    KinkyKeith

    Good to be back here.

    Just a question, was the other outage a few weeks ago the same thing or just teething problems with the new setup.

    KK 🙂

    10

    • #

      No Keith. The other outage was an internal bug generated in the move. This was malicious and from outside.

      We had a DOS attack early July 2011 – which prompted the need for an expensive upgrade and shift to safer US servers which happened in early Oct last year. While that move was smooth and a credit to the team then, it was expensive (even at a discounted rate) and the site was costing a lot in bandwidth afterwards as well. That’s why waffles offer to help was so attractive.

      This time the attack wasn’t expensive for me, though that’s mostly due to Waffle’s time (which he didn’t charge for) and thanks to his preparedness and quick action. He is making a big contribution, which I am very grateful for. He deserves kudos here. I noticed the hack within ten minutes, phoned him immediately, but he was already on it, closing things down and locking it up.

      10

  • #
    KinkyKeith

    Wondering.

    Is it possible to list the “deleted” items on a special thread?

    Maybe there was no specific target, just causing damage an forcing the site off air.

    On the other hand there may, as a few people have said, been something a bit too sensitive?

    KK

    10

  • #

    Jo, so sorry for your trouble, but because you were hacked I read your blog for the first time, and it is lovely! Cheers, Bill

    10

  • #
    theRealUniverse

    Just ask the NSA. They spy on ALL the worlds internet. Bet those rascals know whos been doing it! Also its all stored on ‘Echelon’ Hmm guess those CIA spymasters could be useful (sacrasm not intended) XD.

    10

  • #
    jaytee

    Can’t have been GetUp! They now believe in free speech, apparently:

    10

  • #
  • #
    aquix

    hmmmm [looks thoughtfully at the sky, and takes a long toke from a pipe]

    What could the motive be?

    10

  • #
    Mick Greentree

    Probably Australians. They are the only real AGW fanatics left and supported by the Government. Even if they get caught NOTHING will be done to prosecute. If you catch them get a very wealthy person to go after them legally and get it plastered all over the press good luck

    10

    • #

      Not so common outside the US, but if the perps can be identified then let’s not forget that for every crime there is a corresponding tort eg civil action for the same offence.
      Nothing to prevent a private prosecution either.
      I’m sure I’m not the only one willing to donate something out of my Carbon Tax compo.

      10

  • #
    Sonny

    Well, if anyone needed convincing of the lack of evidence and lack of ethics behind the warmists’ case you need to look no further.

    ————————————————–
    [We are certainly not making any accusations or suggestions without evidence. – Mod]

    10

    • #

      Hacking has no political motivation. Never has, never will. It’s a MSM construct that websites are hacked for political motivation. Now leaking data, that’s a different thing…

      10

      • #
        crosspatch

        That is starting to change. We have rather established “hacktivists” in the US associated with our “progressive” movement, though LOOSELY associated (in that the “progressives” don’t want to directly claim alliance with them). Defacing of websites counter to their meme isn’t unheard of nor are DoS attacks and even other pranks such as “SWATting” where someone spoofs a phone call pretending to be you and reports some horrible crime that results in a massive police response to your residence. It is part of a pattern of general harassment as these groups get desperate to silence anyone with an opposing view.

        10

      • #
        crosspatch

        Examples we are seeing from some of the “Anonymous” wannabes and the political left are in new tactics they have developed to harass people they disagree with. One recent example was an effort to get a popular radio personality in the US off the air. A group used, by their own estimate, over 500 fake Twitter accounts under software control to harass advertisers on this particular personality’s show. They also have discovered how exploit Twitter’s anti-spamming algorithms to goad people into a communications pattern that causes their accounts to be automatically suspended by Twitter’s software (Twitter Gulag).

        The point being that we ARE seeing a marriage in the US of the political left with “hacktivism” and this isn’t just for the rooting out of corruption as has been done in the past. These tactics are now being applied to political opponents and anyone who might be outspoken in their opposition of their policies. Some examples of the sort of thing that has been going on can be found at this site: http://texasprogressivepress.com/ and you can pick through the blog after reading the initial page and some of the tactics being used on Internet communications are explained here: http://thetrenches.us/ where there are several articled describing how the “Twitter gulag” works.

        10

  • #
    lmwd

    I agree with a couple of other commenters above. Jo should take it as a compliment. If she was peripheral to the climate debate, they wouldn’t have bothered. She clearly has got them bothered. More like running scared.

    They’re not winning the debate on either logic or science and even the mainstream media is beginning to turn away in a belated attempt to now position itself as agnostic. It’s a slippery slope then to scepticism and when that term starts getting bandied about in the mainstream media like it’s ‘the new black’, well, you know the end is in sight for ‘consensus’ and ‘settled science’.

    They can’t wait for anti-democratic Govt regulation to do the dirty work of silencing anyone who holds alternate views and all they have left is a desperately pathetic attempt to shut Jo’s site down for a couple of hours through hacking.

    Some excellent lines by Frank Furedi.

    Of course there have always been censorious busybodies and illiberal moralisers who loathed any public expression of free thinking.

    Today, calls for press regulation, the policing of the internet or the criminalisation of speech are promoted by people who know what they don’t want to hear but have no idea of what they stand for.

    http://www.theaustralian.com.au/news/opinion/hate-campaigns-against-freedom-of-speech-go-all-the-way-back-to-socrates/story-e6frg6zo-1226442552809

    10

  • #
    Otter

    Interesting to see New Names among the commenters on this. The hacker’s attempt has backfired in that respect.
    Also interesting to note the lack of congrats from the likes of brooksie, mattie, et al. Must have spoiled their day.

    10

  • #
    Geoff Sherrington

    Also today- it’s rampant
    http://www.smh.com.au/digital-life/consumer-security/aussie-exposes-icloud-flaw-but-apple-stays-silent-20120806-23pmx.html

    Recently I wrote to a Minister asking for an agreement that I would be compensated for loss if a villain found a pattern of occupancy in my transmitted smart meter readings and found a good time to burgle my home. The answer was that the electrical use transmitted data was strongly protected. No agreement offered, no responsibility assumed.

    Ho Ho.

    10

  • #
    MadJak

    Typical Statism

    You can’t beat their arguments, so censure them to try and silence them by hacking their site.

    Bloody Muppets.

    10

  • #
    a jones

    All’s well that ends well.

    To cheer you up here is a little limerick I penned in response to the last few days climate shenanigans. It is a parody of one of fifty years ago which itself was a parody of a late Victorian one. There are several versions all probably written by our old friend Anonymous.

    Anyway:

    I dislike this whole climate scam
    There’s Muller, McKibben and Mann
    Mann’s tree rings are bunk
    Muller’s stats are all junk
    And McKibben just weeps all he can.

    Hope this amuses.

    Kindest Regards

    —–
    Thanks! I like it 🙂 Jo

    10

  • #
    Shevva

    No-one ever calls me a severmaster 🙁

    I salute the web master, always good when it all goes wrong (Even if it was some PEBKAC) and you have it fixed quickly.

    10

  • #
    Byron

    “hackers believe themselves to be smarter than they are”

    Soooo much Correlation to sooo many CAGW cultists 🙂

    10

  • #
    Athelstan.

    Sweet roses have big thorns, they stick in bad guys sides, wrap them up in thorns Jo!

    10

  • #

    Just glad to see you back in Business! I would love to be a fly on the wall in your WebMaster’s office as he digs into the logs to decipher what happened. Now that kind of sleuthing is what I live for!

    10

  • #
    ATheoK

    I am sad and disappointed that you and Waffle had to suffer a website attack.

    [snip] I started coding back when hacking the system meant one knew how to code or debug interfaces to the hardware/software. Just because we could do tricks with the machines beyond the ken of keyboard thumpers. Back then one computer joke was “Be wary of programmers who carry tools”, as meaning they were capable of making the machines work, one way or another…

    Nowadays, hacker implies a person with malicious intents often following up with malicious actions. criminal coders is perhaps more apt. I hope you identify the perpetrators and can seek enforcement action.

    10

  • #
    msher

    MEMORYVAULT

    If you see this, would you read posts I left for you at another Ozzie friend’s place.

    msher

    P.S. I don’t know if you saw my post that I thought your piece on Delingpole on the floods in Oz were staggeringly good.

    ——————————————————————–
    [Off Topic but as MV is a regular contributor we will act as a dating service this once – Mod]

    10

    • #
      memoryvault

      .
      MOD

      Thanks for the leeway.

      MSHER

      I didn’t “stop” writing on Delingpole, I got “moderated” out of existence.

      10

  • #

    I am sorry to learn of what has happened. If it was some rogue hacker I hope he receives justice.

    I believe we must consider the possibility that someone was trying to gather data in order to use it as a weapon against the skeptics. I thinking along the lines of what happened to the Hartford folks.

    It appears to come from Australia (Woomera Air Force Base). The person at the top of my list would be a warmist in Australia. Perhaps an individual or organization that has somehow recently been humiliated or perhaps a person or organization whose article or work was being discussed in one of Jo’s recent posts? Perhaps someone who responded to a recent post by commenting and came off looking bad as a result of debating with the regular posters on this site via comments? Perhaps someone who is in despair because they feel the warmest cause is lost?

    I am not accusing anyone in particular but I am trying to narrow the list of likely suspects. Gee, who would be the first person to come to mind? Hmmm…

    10

    • #
      crakar24

      Ed,

      You dont mean…….him………..do you?

      Only Adumb person would try this…surely

      10

      • #

        No Crackar, I was thinking of someone else. Someone more visible, someone who posted under his own name in response to a post Jo did. Perhaps it is just a coincidence that Jo recently authored a post that challenged an Australian bemoaning the fact that the warmest are losing the battle for the hearts and minds of the people?

        Man, oh Man I wonder who it could be? I am not accusing anyone but….

        10

        • #
          crakar24

          Perhaps it is just a coincidence that Jo recently authored a post that challenged an Australian bemoaning the fact that the warmest are losing the battle for the hearts and minds of the people?

          This does not narrow it down any Ed, the list of the aggrieved is a long one. Best we not go any further in case we pick the wrong name, i do agree with you that a hack is generally not a random thing. I cannot see some no name hacker sitting there watching the Olympics and thinking “shit im bored i might go and hack a web site that i no nothing about”.

          10

    • #
      Gee Aye

      Gee, who would be the first person to come to mind? Hmmm…

      You asking me or accusing me?

      And no… if a man did it I’ll eat my hat.

      10

  • #
    Roy Hogue

    Jo,

    If you discover any possible legal action against the hackers — and it looks like you do have grounds — stick it to them as hard as you can.

    There is no excuse for this, or any other kind of trespass.

    10

  • #
    Steve C

    Jo, bad news of course that this happened, but kudos in excelsis for getting your site back up and running so quickly. To you, for a great site, a great choice of webmaster, *and* for giving him credit here, and to Waffle, to whom an old tech tips his hat – I wish him fun and profit from his log sleuthing.

    And, as a stranger here … thanks both for this site. I visit often, but mostly just comment over at Anthony’s – too much interweb, too little time …

    10

  • #
    Joe V.

    Hackers are everywhere. Is there anything to suggest this was anything do with warmists or anyone else ? Of course it’s fun to speculate and I’m the first to indulge in a good bit of speculation . It frees the mind to consider all possibilities, unencumbered by facts.
    .
    Let’s hope the logs through up some interesting evidence. It’s amazing what you can track down on the Internet with a little ingenuity and plenty of time.
    .
    There’s a bunch of scamsters doing jail time now after picking on a colleague from our IT department who bought tickets from a bogus website that never arrived.

    The polis initially weren’t too interested, but when shown how much we’d deduced about the perpetrators their interest was aroused and later they told us they’d traced it to a gang and prosecuted.
    .
    Of course that involved deception and monetary theft. I wonder what sort of a crime ‘just’ hacking into a private server is, when it’s not govt or defense or such.

    10

  • #
    tckev

    I wonder why they (whoever they are) did that?
    Have you done anything lately to upset anyone?

    Keep-up the good work, harden your security, and keep exposing the fools, the corruption, and the evil that is being perpetrated on the ordinary people.

    You are getting to someone.
    Keep going!

    10

  • #
    Paul D

    Snore….

    Another WordPress web site hacked. So what’s the news?
    Join the enormous club.

    10

    • #
      Dylan

      My thoughts exactly.

      We have malicious attacks on our websites daily – from DOS to SQL injections – but never a problem as we use a well-configured server and avoid WordPress like the plague.

      Is there any evidence that joannenova.com.au was targeted because it’s a climate skeptics website?

      The DOD remote host was most likely a spoof btw.

      10

  • #
    pat

    great to see u back jo. thanx to those who helped.

    7 Aug: SMH: Coalition woos farmers with shorter carbon storage plan
    Lenore Taylor, National Affairs Correspondent
    THE Coalition is planning to pay farmers to store carbon in their fields for just 25 years in its bid to use soil carbon to meet 60 per cent of Australia’s efforts towards long term greenhouse gas reduction.
    Almost all existing greenhouse schemes require carbon-reducing land use changes to remain in place for 100 years but farmers were reluctant to modify their practices for such a long time, particularly for the very low prices proposed in the Coalition’s ”Direct Action” plan.
    ”Our preferred option is to give farmers a choice of either a 100-year or 25-year time frame, the latter of which doesn’t lock up land for generations,” a spokeswoman for the opposition climate spokesman, Greg Hunt, said…
    But carbon farming groups say that even for a temporary 25-year reduction they would need to be paid much more than the $8 to $10 per tonne the Coalition has budgeted in its $10.5 billion ”Direct Action” policy…
    Michael Kiely, of Carbon Farmers of Australia, said farmers were very pleased to be offered a ”more realistic” 25-year timeframe, but would still need to be paid a lot more than $10 a tonne to take the offer up.
    ”I’d rather get $100 a tonne because I understand what it means,” he said…
    http://www.smh.com.au/opinion/political-news/coalition-woos-farmers-with-shorter-carbon-storage-plan-20120806-23qd5.html

    reality:

    6 Aug: TVNZ: Polluting firms snaffle cheap carbon
    New Zealand’s major emitters of greenhouse gases took advantage of the plummeting global price of carbon units to offset their emissions in 2011, figures from the Ministry for the Environment show…
    However, international prices fell to as low as $8 a tonne by the last year, and have been even lower during 2012, as a glut of European carbon credits floods the fledgling global market.
    As a result, some 73% of all units surrendered in 2011 came from offshore sources and the 2.1 million forestry-based New Zealand Units surrendered for the 12 month period was less than half the 5.3 million units surrendered in 2010, when the scheme had only run for six months.
    Likewise, NZU’s derived from other than forestry for the year totalled 2.3 million, compared with 2.6 million in the six month period a year earlier.
    By comparison, surrenders of Certified Emission Reduction units (CER’s), derived from foreign carbon offset programmes, clocked in at 4.2 million, compared with just 133,150 a year earlier…
    http://tvnz.co.nz/business-news/polluting-firms-snaffle-cheap-carbon-5007829

    10

  • #
    pat

    let the taxpayers pay for everything:

    5 Aug: Guardian: Sean Neville: NER 300: Prize fund for carbon capture projects shrinks by £800m
    Michael Liebreich, at Bloomberg New Energy Finance blames eurozone crisis for decline in the value of NER 300
    The future of carbon capture and storage in Europe has been thrown into doubt after 800m Pounds was wiped off the value of a prize fund for developing the technology.
    The NER300 fund was supposed to encourage firms across the continent to build commercially viable CCS projects in return for about Euro3bn (2.4bn Pounds) but the cash was linked to the value of carbon credits, which have plunged 50% in the two years since the project was launched.
    The UK leads the way in CCS technology, but now experts are calling the funding system flawed and fear the few remaining projects across the country could be in jeopardy…
    Liebreich (Michael Liebreich, chief executive of Bloomberg New Energy Finance) added that the EU Commission should have used direct funding, rather than use money generated from the sale of carbon credits – whose value has plummeted…
    Kieron Stopforth, a CCS analyst at BNEF, believes carbon credits need to be much higher to encourage energy firms to invest. “For CCS projects in the EU to be economically viable a carbon price of at least 80 Euros a tonne is needed.”…
    There are six projects across the UK, but the companies running them are concerned about clashes between the Department for energy and climate change and the Treasury over funding.
    However, they are fearful at speaking out while the competition for funding in the UK is underway…
    http://www.guardian.co.uk/environment/2012/aug/05/value-carbon-capture-fund-declines?newsfeed=true

    6 Aug: Sacramento Bee: AP: Experts: Carbon capture, storage too costly in US
    At an energy forum in Morgantown, West Virginia University geology professor Tim Carr said storing pollution underground is possible for large, stationary sources. But it raises the cost of producing electricity 75 percent.
    Carr says no one should expect widespread deployment without investment and support by the federal government.
    Consol Energy CEO Brett Harvey says the U.S. should look to China. There, industry is using it on big projects, but the government has taken on the liability…
    http://www.sacbee.com/2012/08/06/4697871/experts-carbon-capture-storage.html

    10

  • #
    Adamastor

    [Thanks for that information about servers and IP’s — Jo]

    10

  • #
    pat

    give us more taxpayers’ money:

    7 Aug: Illawarra Mercury: Chris Paver: Carbon tax threatens Illawarra Coke’s projects
    A major Illawarra polluter says its annual carbon tax bill is likely to be double what it originally thought, possibly threatening feasibility studies for new projects.
    Illawarra Coke Company expects its annual carbon liability to be more than $500,000 per year rather than the $200,000 to $250,000 it had predicted earlier.
    Managing director Rex Wright said the difference emerged due to the complex nature of the formula used to calculate assistance for high-emissions industries such as coke making.
    ‘‘It takes away our ability to fund projects and do other things within our business because we have to find another quarter of a million dollars which purely comes off your bottom line,’’ he said.
    As a trade-exposed company, Illawarra Coke is eligible for assistance to cover 94.5 per cent of the industry-average carbon costs in the first year of the tax.
    But without further government grants or funds, the 100-year-old cokemaker might not be able to afford feasibility studies for projects that could help reduce its carbon footprint, Mr Wright said…
    ‘‘They’ve given money to the steel industry … they’ve also given money to the coal industry and we’re saying … are there any funds around that we might be able to tap into to help us with these sorts of things,’’ he said.
    BlueScope Steel and a number of the region’s coalminers will receive significant assistance to adjust to carbon pricing…
    http://www.illawarramercury.com.au/news/local/news/general/carbon-tax-threatens-illawarra-cokes-projects/2644757.aspx

    reality:

    5 Aug: Victoria News Canada: Daniel Palmer: Carbon credits a major expense for Vancouver Island Health Authority
    The Vancouver Island Health Authority spent more than $880,000 last year to pay for carbon offsets, something the organization attributes to colder weather in 2011 and the expansion of its hospitals…
    Pacific Carbon Trust buys carbon credits from energy-efficient companies in the private sector, and then sells them to school districts, health authorities and other government bodies to offset carbon output. Last year, the Trust sold $14 million in credits to public institutions…
    The carbon-trading program has led to B.C. becoming the third-largest carbon offset economy in North America. It is intended to fund green innovations and encourage reductions in energy consumption.
    The program has, however, failed to blossom into an international exchange and has not attracted private industry.
    Only $54,080, or 0.3 per cent, of carbon offset purchases last year came from the private sector.
    “It’s a free-market failure,” Bateman said. “If it were any other business, we’d shut it down and move on.”…
    http://www.vicnews.com/news/164963576.html

    10

  • #
    Mike Lorrey

    Given the revenue stream that the carbon tax promises to government bureaucrats in Oz, I would not be surprised if this wasn’t actually a real attack on the site by the australian defense department. After all, being a threat to its revenue stream is a threat to national security, is it not?

    10

  • #
    msher

    Moderator

    Thank you for letting my post number 38 to memoryvault asking him to check a post elsewhere stand.

    I’m actually a Delingpole regular poster, so I always know indirectly about this blog. Delingpole’s loss in MemoryVault is this blog’s gain. Thank you for not deleting my post to him. It wasn’t personal business, it wasn’t anti-AGW insanity business.

    Congratulations to Jo Nova and this blog for all you guys do. We are trying our hardest too.

    10

  • #
    val majkus

    Just to add my support Jo, good to see you back

    10

  • #
    Robert

    Things do get interesting now and again. Good to know things were sorted out quickly. The odd thing about these types, skiddies I call them (short for script kiddies which many of them are), their goal is to either get attention, cause damage, or both. Other than the problems they cause they really aren’t anything to get concerned about, they are the bottom feeders of the “hacker” community. I mean seriously, breaking something where the owner knows someone messed things up doesn’t take that much skill. The ones to worry about are those with the skill to get in, do what they came to do, and leave without your ever knowing they were there. Few and far between but they are out there. They don’t need or want attention because they KNOW they really are that good. Those who do this kind of job just wish they were.

    10

  • #
    Considerate Thinker

    Permit me a cycnical “projection” – these incidents will increase in frequency in direct proportion to the electoral prospects of those seeking to be elected, and the approach of the elections where voters will try and make their “informed” choices.

    Now the interesting part will be how well those interested parties can resist directly encouraging or profiting from the activities of hackers, or being caught, with political fingers in the pie.(/net.)

    10

  • #
    Vince Schultz

    There is no Woomera AFB, all American presence in Woomera ceased in 1999. I know, I was there. So maybe it was the US Government, would not be surprised.

    10

    • #
      Rereke Whakaaro

      Vince,

      When the Americans pulled out of Woomera, did the Australian military remain, or did civilian lessees move in?

      Just out of curiosity, I had a look on Google Earth, and although a lot of the buildings have obviously been removed, the hangers and aircraft movement areas still showed signs of being occupied in November 2009, with a twin-engine aircraft actually sitting on the pan.

      What is curious is that the latest views of the airfield on Google Earth have been partially obscured, and although the runway is obviously still being maintained (or at least kept clean), views of the base buildings themselves have been partially defocussed, when the earlier views were not. That is odd, I thought.

      Anyway, what attracted the original focus on Woomera was the Australian Defence Forces web address: web01.defence.gov.au which may have been registered to Woomera, and put elsewhere, or may have been relocated elsewhere, without the registration address being changed. Either way, it is a defence server, and who ever chose that as a proxy is a klutz.

      10

  • #
    John Seabrook

    I bet it was the [snip]! Or even worse, scientists! Or even worse still, [snip] scientists! But hey, in keeping with the philosophy of this site, even if you don’t know how it works, it’s still good to at least have a theory!

    [Please!] ED

    10