My Anthem

Friday, October 02, 2009

Some Update on malaysia-today.net

The attacks on Malaysia Today
(UDPATED WITH CHINESE TRANSLATION)
Posted by admin
Monday, 28 September 2009 16:21



The MCMC has in the past failed to silence Malaysia Today officially through blocking it in August 2008. Now, with even more revelations of various scandals of the government exposed through this site, we can't help but suspect that there is a more significant force, a hidden hand at play aimed at bringing down Malaysia Today.

NO HOLDS BARRED

Raja Petra Kamarudin


First of all, I have received tons of happy birthday messages via SMS, Facebook, e-mails and postings on this site. Initially, I tried to reply to all these messages one by one but as the messages flooded in I found it impossible to reply to each and every message individually. Therefore, I would like to say thank you and at the same time apologise to all those I was not able to personally reply to.

Now, you may have noticed that of late Malaysia Today has been ‘off the air’ almost every day, sometimes for a stretch of many hours. This has been going on for more than a week. The man leading our technical team thought that maybe we should inform our readers about what is happening so that you can be kept abreast of the developments. Rest assured we are doing everything we can to solve this problem.

Nevertheless, there is just so much we can do. Money, of course, is one issue that we have to address, as what would be required does cost us quite a sum. Money aside, though, if they choose to continue the attacks, even money can’t solve the problem. We just have to pick ourselves up and start all over again whenever we are hit and bear the disruptions to the site with a stiff upper lip.

Anyway, let our technical team explain what is the problem we have been facing.

What happened to Malaysia Today

By Malaysia Today’s technical team

With so much confusion and speculation making its rounds about what is happening to Malaysia Today over more than a week, we are compelled to offer our explanation so that the record can be set straight. Only limited technical details will be mentioned to allow you to appreciate the scale of challenge the site is facing.

You may now be aware that the site has been up and down since Friday, 17 September 2009. This was due to malicious activities by those behind the effort to cripple Malaysia Today. This is just one of the many rounds of cyber-attacks that we at Malaysia Today have had to face for more than a year now.

Coincidentally, this latest round of attacks started immediately after RPK’s explosive expose two weeks ago on Tuesday regarding the Malaysian Cabinet's knowledge and 'approval' of the PKFZ scandal long before it became public knowledge. Suspicious activities against the site happened as early as Wednesday, but the first damage was done in the afternoon of Thursday, which brought the site down.

The site was quickly recovered and by 6.00pm we were up and running again although with some loss of data. The attack revolved around the long-time problem faced by the site - a rather old version of Joomla content management system and the use of third-party components.

Lack of resources (financial, manpower, etc.) has always been a challenge faced by Malaysia Today, which affected the maintenance and operations of the site. During the recovery process, we locked down the site to reduce the danger of further compromises.

The next wave of attacks came the following day on Friday. This time it was in a wave of DDoS traffic crippling one of our nodes at Singapore. The Singapore node operates with about 30Mbps of bandwidth, a luxury by Malaysian standards but far short if we need to match any serious DDoS attacks. The node was basically choked with illegitimate traffic. Typical of DDoS network attacks, the origin of the attacks is difficult to pinpoint and sometimes pointless as the attack agents/zombies are likely compromised systems themselves.

We then activated our resources at our US node to recover the site. The process required optimisation of the site to cope with demand. (The demand on the site seemed much higher, possibly due to the interest on the PKFZ expose.) Hence the intermittent site outage, due to either overloading or optimisation process.

Being a service provider of a larger scale and sophistication, the US node has a higher capability of sustaining the attacks. Still, the attacks persisted on a daily basis and we tried deflecting them as far as we could. The DDoS traffic we suffered ranged from 227Mbps to 835Mbps, a mammoth scale for anyone familiar with maintaining Internet sites. The attacker does not appear interested in defacing the website, typical of self-styled college hackers. He/she just deleted articles published on Malaysia Today, literally one by one, with the single-minded aim of erasing all the explosive stuff on the site.

Further complicating the trace of attacks is the use of free proxy servers, on random basis, by the attackers. This is an irony, as we have been advising our users to use such proxy servers to overcome any potential content filtering by the government.

All the malicious activities and behaviours bear the hallmark of professional, for-hire hackers. These are certainly no amateurs, judging from the persistence and frequency of the attacks, with the main objective of making the content of Malaysia Today inaccessible to the public.

We believe that there is NO explicit blocking of the site by the various Malaysian ISPs. The inconsistent and intermittent accessibility of the site in the past many days are the result of the situation described above, although we must caution that it is almost impossible to detect any clandestine censorship.

The MCMC has in the past failed to silence Malaysia Today officially through blocking it in August 2008. Now, with even more revelations of various scandals of the government exposed through this site, we can't help but suspect that there is a more significant force, a hidden hand at play aimed at bringing down Malaysia Today.

READ CHINESE TRANSLATION HERE++++ from ccliew.blogspot.com:


++++


2009年9月28日 星期一
毫不留情: 《今日大马》受到的攻击

多媒体委员会在2008年8月正式封锁《今日大马》,可是却无法让它消声灭迹。现在,通过本站说揭露的更多各式各样的政府丑闻,我们不得不怀疑这是一股更强的力量,一只黑手在玩弄着,其目的即是击垮《今日大马》。

首先,我收到大量来自短讯、面子书、电邮和来自这个网站的庆生信息,我想要一一回覆这些信息,可是当这些信息排山倒海的继续涌入,我觉得不太可能回覆每个信息,因此,我要在此感谢您,以此同时,对于无法一一回覆,我再次向大家致歉。

现在,你也许已经意识到《今日大马》几乎每天都在『停止广播』的状态,有时这种状态则维持了好几个小时,这种情况持续了接近一个星期。领导我们的技术小组的人士认为也许我们需要通知我们的读者们发生了什么事,以让你对最新的事态进展有所理解,大家放心!我们会竭尽所能解决这个问题。

可是,我们需要能做的不多。金钱!当然是其中一项我们需要注明的课题,而要做到这些,会花掉许多钱。尽管除了钱的问题,如果他们选择继续攻击的话,这个问题不是金钱可以克服的。每次我们的被攻击,网站被瓦解时,我们只有哑子吃黄莲,收拾包袱重新再来过。

总而言之,就让我们的技术小组解释我们目前所面对的问题吧!

《今日大马》发生了什么事?

《今日大马》技术小组著

超过一周,有许多的困惑和谣言围绕在《今日大马》所发生的事,我们被迫做出解释,以平息外面的舆论。为了让您评估这个网站目前所面临的挑战难度,我们将细述部分的技术细节。

你或许有发现到,自从2009年9月17日至今,这个网站的情况时好时坏,这是因为有人在背后做出恶意活动,以瘫痪《今日大马》。这是自从一年多前直到现在为止,我们在《今日大马》被多次网络攻击的其中一次。

巧合的是,最近一轮的攻击发生在两周前的星期二,当日,《今日大马》揭露了马来西亚内阁知晓和『批准』巴生自贸区这桩路人皆知的丑闻的事,在当天,我们即刻受到攻击。早在星期三,网站发现了可疑的活动,可是,首次造成损坏是在星期四下午,并导致网站故障。

在下午六时,网站快速的重新恢复运作。尽管如此,我们损失了部分资料。网站面临了长时间被攻击的问题,这是因为所使用的Joomla内容管理系统以及一些插件的关系。

缺乏资源(财力,人手等等)一直以来都是《今日大马》所面对的问题,这致使了网站的维修和运作受到影响。在修复过程中,我们封锁了网站,以减少进一步的暴露在危险中。

次轮攻击发生在隔天星期,这一波是『分布式拒绝服务攻击』(DDoS),瘫痪了我们在新加坡的站点,新加坡站点的频宽是30Mbps,对大马人来说是个奢侈,可是要对抗严重的DDoS攻击就显得非常不足了。由于这些非法流量,这个站点被卡死了。典型的DDoS网络攻击中,要找出攻击来源是很困难的,同时,攻击这些代理/电脑犯罪分子(zombies)是毫无意义的,因为他们懂得互相协调。

接着,我们启动我们在美国的站点,以恢复本站的运作。这个程序需要对对本站进行优化,以应付流量需求(流量的增加可能是因为对巴生自贸区被揭露而引起了网络使用者的星期)。由于上载过程或优化过程在进行中,网站间歇性的中断服务。

美国是个大规模和复杂的网络供应营商,它有很强的抵御攻击的能力。可是,攻击还是每日进行,我们只有尽最大能力击败他们。我们所蒙受的DDoS攻击由 227Mbps到835Mbps不等,任何熟悉网站维修的人都知道这是场大规模的攻击。攻击者看来没有兴趣只损害网站外表,那是典型的学生式骇客的做法。他/她删除掉发布在《今日大马》的文章,老实说,即是一篇篇的删掉,他们的想法只有一个,即是删除本站所揭露的所有文章。

攻击者随意的利用免费代理服务器,使得追踪更加变得复杂化。这是很可笑的,因为我们开始劝告我们的读者使用这种代理服务器,以克服政府过滤内容的潜在问题。

这些所有的恶意活动和态度证明了这些都是受聘的骇客专家的所为。由攻击的坚持和频密度来看,这可定不是业余骇客所做的,他们主要的目的就是让公众无法取得《今日大马》的内容。

我们相信马来西亚的各家网络营运商并没有明显的封锁本站。本站服务的间歇性中断即是以上情况造成的。尽管我们必须谨慎,可是任何秘密的网络审查是几乎不可能的。多媒体委员会在2008年8月正式封锁《今日大马》,可是却无法让它消声灭迹。现在,通过本站说揭露的更多各式各样的政府丑闻,我们不得不怀疑这是一股更强的力量,一只黑手在玩弄着,其目的即是击垮《今日大马》。

出处∶Malaysia Today
原题∶No Hold Barred∶The attacks on Malaysia Today
作者  ∶拉惹柏特拉
发表日期∶28-09-2009
翻译  ∶西西留

Labels: 毫不留情

No comments: