(Updated 1:35pm CST below)
(Updated 2:20pm CST below)
(Updated 3:01pm CST below)
(Updated 4:02pm CST below)
If you’ve been following the news today, you may have seen the charges from Sen. Joe Lieberman’s campaign that his opponent is responsible for his website being down for over 18 hours. There’s been a lot of confusion about this, and I just heard an interview on MSNBC with Lieberman’s campaign manager where he had what seemed like a shifting explanation for why the site was down.
As someone who has as much experience as anyone with how webhosting companies work, I just thought I’d chip in my 2 cents here after a few people emailed me about it.
Frankly, the explanation of the Lieberman campaign that this was a ‘denial of service’ attack doesn’t make any sense at all. First off, a “Denial of service” or DOS attack would take the server completely offline and you wouldn’t see even the ‘This site is offline’ webpage that’s showing up now. DOS attacks would also take down any other websites that are in proximity to the Lieberman website, and that doesn’t appear to be happening either from what I’ve been able to see.
The Lieberman campaign manager, in an interview I just saw on MSNBC, also intermixed the terms ‘attack’ and ‘hits’ in his technical explanation of how the site was taken down. One thing that could have happened with the Lieberman is that it received a large amount of traffic, like when a site get’s linked to from other popular websites like cnn.com, and it went over the data transfer quota that’s set by their webhosting provider.
In fact, that’s the primary cause of the errors like the “This page is unavailable” webpage that’s displaying on the Lieberman websites. These kinds of things are usually done automatically when that data transfer quota is reached in order to protect other websites in proximity to the one in question from being affected by the large amount of data or ‘hits’.
The bottom line is that the claim of the Lieberman campaign manager that this was a coordinated attack by ‘bloggers’ and that they can’t get the site up doesn’t hold water from a technical perspective, or a logistical one for that matter. It also doesn’t explain why the website right now is up displaying the default ‘unavailable’ page. Didn’t the Lieberman campaign have backups, or at the very least, why don’t they put up a webpage with a phone number and non-default message?
Lot’s of questions. More soon.
Update 1:35pm : After a bit of poking around, I’ve found out that the joe2006.com site was running a version of the “Joomla” content management system software which is known to have a fair amount of security vulnerabilities.
The last release of the software has 3 “HIGH LEVEL” security fixes, all dealing with “SQL injection” attacks which allow someone who knows what they’re doing to insert their own content into a site’s database for display on a website.
This is starting to sound like the cause of the problem that the Lieberman campaign is having with their websites, and if that does hold true, they have no one to blame except themselves and their IT people for running software with known security exploits, NOT any devious behavior from the Ned Lamont campaign.
One other thing, an SQL injection would have absolutely zero affect on the email systems for any organization.
This is starting to look more and more like pure incompetence on the part of the Lieberman campaign or whoever is running their Internet presence. I understand that the site was also exploited just a few days ago by SQL injection. Looking through cached copies of the joe2006.com website, it doesn’t look like they ever updated the software to fix the problem. And they’re surprised that it happened again? What’s even more disturbing is that they’re trying to pin the blame for this on their competition when they full well know it’s someone on their side who totally screwed up.
Well it’s pretty clear that this was incompetence on the part of whoever is running the Lieberman’s campaign Internet presence, and frankly, it says a lot about them as an organization that the first thing they do is try to make it a political issue by instantly blaming the opposing campaign and running around screaming “HACKING” to the media and law enforcement.
Replacing the technology hat with my political one for a moment, a few comments on this whole thing. Clearly, this was a political move on the part of the Lieberman campaign, and they should be held accountable for that.
But beyond today, if as predicted, Joe Lieberman loses the Democratic Primary election to Ned Lamont, this sets his campaign up nicely for his threatened “Independant Democrat” run as a 3rd candidate. He comes off a potential loss tonite with the excuse of “The Internets caused it!!!” and sets himself up as an ‘outsider’ candidate who’s fighting for justice and all sorts of other ridiculous messages because while he didn’t win it the first time because of evil hackers on the Internet, he’s the kind of guy that doesn’t give up.
Or something like that.
At any rate, I hope whoever wins tonite in Connecticut supports the opposing Democratic challenger for the November race. It’s always interesting when the two things I do (technology & politics) intersect like this, because frankly there aren’t a lot of people who have a high level of expertise in both areas.
Well one more thing to add I guess. The Anti-Lamont website for meetned.com which is run by the Lieberman campaign is still up and running normally. It’s hosted on the same IP address as the main joe2006.com website (69.56.129.130) and should put the entire ‘Denial of Service’ story to rest. There’s no way that if one website on that IP address was under a real DOS attack that any other website that shared that IP address would be available.
It doesn’t change the fact of incompetence on the Lieberman campaign, but it does put the final bullet in the “Denial of Service / Our site was hacked” story they’ve been giving all day.
I live in the Washington Heights neighborhood of Milwaukee, WI with my wife Jen, our daughter Emerson, and sons Carter and Colton.
Holy smart metro-geek Batman!
Seriously, I can’t even my wireless network to work :(