The Leiberman "Hack" Bogus?

Probably.

According to Steve Gilliard, a Lieberman rep named Dan Gerstein is claiming that Joe's election website has been hacked. As per Mr. Gilliard's blog:

"Several bloggers and readers here have noted that www.joe2006.com, the Lieberman campaign blog was offline for hours with the message, “This site is down for maintenance. Please check back again soon.”

The senator’s aides blamed the shutdown on liberal bloggers and other opponents. “They hate Bush but they use the same tactics as the Bush campaign,” said Dan Gerstein, a Lieberman adviser, referring to the bloggers..."

Gilliard then posts a bit from Justin Rood of TPMCafe In his piece, Mr. Rood displays a copy of an email from a "Dan Geary" - who is apparently the website administrator of Lieberman's site.

"...This note is to confirm that the suspension of displaying the website www.joe2006.com: was not due to to an overdue account. Friends of Joe Lieberman is completely paid in full. The screen that showed yesterday is a default image from the server. In order to isolate where the denial of service attack was coming into the site, we disabled it as rapidly as possible. Once we were able to isolate all the site files for study we were able to add an appropriate one-page maintenance message.

Your campaign has in fact paid every invoice submitted to it within a week and a half.

Regards,

Dan Geary"

LINK to Gilliard: http://stevegilliard.blogspot.com/2006/08/pinocchio-gerstein.html

Here's the skinny. Lieberman's site went down. The default message that originally appeared was assumed by some to be the default message one sees when a hosting client has not paid their bill. Still others claim that the site went down because they went over their bandwidth limit. The Lieberman camp claim that the site was subject to a Denial Of Service attack - meaning that the site was so flooded with requests, it shut down. The Lieberman camp is blaming Lamont supporters.

Being a webmaster, I researched this story from a webmaster's perspective. I did a WHOIS lookup on www.joe2006.com. When I did this, I discovered some interesting things about Joe's site. First off, Joe is hosting his site on a shared server. That means his site is on the same server as 73 other websites. Another thing I discovered is that Joe hasn't locked his domain. When you don't lock your domain, you take the chance that it can be hijacked. This is irresponsible website administration at best.

According to the WHOIS: http://whois.domaintools.com/joe2006.com

The Lieberman site is on the Domain Name Server NS1.THEPLANET.COM. This is the DNS server for a datacenter named ThePlanet. Note that I said DATACENTER. ThePlanet is not a host. ThePlanet owns racks. Racks that individuals can rent. This means that whoever is "hosting" Lieberman's site is either a hosting re-seller or owns their own server that they co-locate at ThePlanet.

I called ThePlanet and spoke to a very nice Tech guy named John. John confirmed my theory. Whoever owns the server is totally responsible for the administration of that server. Even if all 74 sites on the server were attackd, ThePlanet would know nothing about it- it's not their responsibility. I pushed John but he refused to give me the name of the re-seller or individual that owns that server.

What does this all mean? It means that whoever is in control of that server knows exactly whether or not it was subject to a DoS attack. Being that the server is a virtual one - sharing space with 73 other sites, it would be natural to assume that if the server was attacked all 74 sites would be down. As of this moment, the ones I checked were totally online and operational.

My question is: Who is the hosting company for joe2006.com? Who is the site administrator? If it is this Dan Geary person mentioned by Gilliard, he's not a very good administrator. From what I have Googled, Dan Geary is a consultant for companies like Hyatt Hotels, Trump Hotels and Paramount Amusement Park:

"Dan Geary is a private-public policy consultant on environmental, public health, and consumer law issues. He and his organization have worked to institute equal opportunities for the developers and end-users of clean, renewable energy. Additionally, as the Nevada representative to the National Environmental Trust, Mr. Geary works with the nonprofit group to promote sound environmental policies, encourage conservation, and transform polluting industries.

Mr. Geary's career in public policy began as an aide to former U.S. Representative James H. Bilbray. Since that time, he has been a campaign consultant for a variety of federal, state, and local elected officials and, in 1994, was the Clark County campaign manager for U.S. Senator Bob Kerrey's presidential campaign. Mr. Geary also co-founded Nevadans for Medical Rights, an organization that spearheaded changes to the state’s constitution regarding marijuana for the terminally ill. Dan Geary co-owns the Geary Company Advertising Agency in Las Vegas and Geary Interactive, a San Diego-based Internet development and marketing firm..."
http://www.nevadarenewables.org/?section=members&id=349
http://www.gearycompany.com/company.html

My guess? Joe Lieberman's people don't know anything about how to host a website properly. You don't launch a Senate campaign on a shared, re-seller's server. You don't neglect to lock your domain. You don't go accusing people of DoS attacks without proof.

you know, that internet thing with all those tubes and wires...it gets full of stuff blah blah blah

or is he saying it got hacked, but that it was because of the Lieberman campaign's incompetence?

:)

http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=132&topic_id=2765091&mesg_id=2765091

Conclusion: The wound probably always was, and most certainly is now, self-inflicted.

websites are up, it is more likely that there could be another cause than the "liberal bloggers" "hacking" the site. I know that my site had gone down because someone else hosted on the server was moving around alot of files and such and that kind of thing. Also, just like not taking necessary precautions on your home PC to prevent hacking and viruses often ends in bad results, not taking care of your site and server is even worse, regardless of your political affiliation. Not to mention the most likely scenario of someone trying to obtain a few "poor joe" votes, as well as some free media coverage.

logged in and zapped the entire site.

And rather than simply restoring the site from a daily back up, they decided to milk their own fuck up for political purposes:

http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=132&topic_id=2765091&mesg_id=2765091

:thumbsup:

I actually understood most of what you wrote, compared to the gazillions of other threads out there about the "hacking."
k&r

That is an attack where you prevent packets from getting in by flooding the service with requests. And there would be nothing wrong with the files on the site.

I don't claim to be an expert. You probably know more about DoS attacks than I do. I've never been a victim of such nonsense.

you name it. Send this to KO for Countdown.

Message removed by moderator. Click here to review the message board rules.

...at ThePlanet. It was a reseller.

thanks

but why would a lobbyist be administering a site for him and not hiw own people?

However, the email sent to Marion (the webmaster of Joe's site?) supposedly from "the host" was attributed to Dan Geary. From Justing Rood, via Gilliard:

From: "Dan Geary"
Date: Tue, 8 Aug 2006 06:05:17
To:xxxxxxxx@deweysquare.com
Subject: account status - www.joe2006.com

Hi Marion,

This note is to confirm that the suspension of displaying the website www.joe2006.com: was not due to to an overdue account. Friends of Joe Lieberman is completely paid in full. The screen that showed yesterday is a default image from the server. In order to isolate where the denial of service attack was coming into the site, we disabled it as rapidly as possible. Once we were able to isolate all the site files for study we were able to add an appropriate one-page maintenance message.

Your campaign has in fact paid every invoice submitted to it within a week and a half.

Regards,

Dan Geary

http://stevegilliard.blogspot.com/2006/08/pinocchio-gerstein.html

failed to disprove some operative of the Lamont campaign didn't sell Holy Joe BAD TUBES for his Internet connection. So there!

(Recommended:#13)

They forget that the Internet IS NOT A TRUCK!

:toast:

"You don't launch a Senate campaign on a shared, re-seller's server."

Why not? They are cheap and easy to setup. Your not suggesting he buy a server and rack space for a site that will only be up for a few months?


"Being that the server is a virtual one - sharing space with 73 other sites, it would be natural to assume that if the server was attacked all 74 sites would be down."

Standard response to a DOS attack is to filter the packets or requests so that the attack ones can be quickly disposed while allowing the others through. In the case of a single source attack, this is as easy as filtering on the IP address and wouldn't take down even joe2006 for long. A worse attack is a distributed attack. Here, the only way to filter the requests is by the destination, that is www.joe2006.com. Using this filter will take down the site being attacked, but the others would still run.

Anyone running virtual servers should know how to isolate DOS attacks in this manner.

"They are cheap and easy to setup."

The operative word being "cheap". Why not buy his own server and lease rack space? Considering the campaign had millions of dollars, they could at least pay for decent hosting and proper tech. The point being that if the host was aware of a DoS attack and was able to filter the IP, they could just as easily have move the whole site to a different server. My host did it for me within the expanse of fifteen minutes. - just because my FTP server was slow.

I find these sites all registerred to the same IP. This means that the website was on the cheapest of all services where you share 1 computer box/IP with at least 73 people - not even a VPS. When you go to some of the other sites you do get timeouts and connection resets occationally, but you can get through. None of the DoS attack would effect joes files.

Search Results for 69.56.129.130

74 Results for 69.56.129.130 (Joe2006.com)
Website DMOZ Yahoo
1. 7styleguides.com 0 listings 0 listings
2. aislefivestudios.com 0 listings 0 listings
3. aronhoguelaw.com 0 listings 0 listings
4. azulpoolandspaservices.com 0 listings 0 listings
5. bmrca.org 0 listings 0 listings
6. bottleblankie.com 0 listings 0 listings
7. brokerbrothers.com 0 listings 0 listings
8. burgindesigns.com 0 listings 0 listings
9. cesargproductions.com 0 listings 0 listings
10. chmdesign.com 0 listings 0 listings
11. colorcritical.com 0 listings 0 listings
12. crossroads-exhibitions.com 0 listings 0 listings
13. davidortmann.com 0 listings 0 listings
14. dawndudas.com 0 listings 0 listings
15. dcafineart.com 0 listings 0 listings
16. dcgsolutions.com 0 listings 0 listings
17. design12.biz 0 listings 0 listings
18. dopsychotherapy.com 0 listings 0 listings
19. encompus.com 0 listings 0 listings
20. firstresponsegroup.com 0 listings 0 listings
21. fitnesszonept.com 0 listings 0 listings
22. focusid.com 0 listings 0 listings
23. fsdesign.biz 0 listings 0 listings
24. fsdsgn.com 0 listings 0 listings
25. fulltankprod.com 0 listings 0 listings
26. fulltankstudios.com 0 listings 0 listings
27. goutam.com 0 listings 0 listings
28. halfmooninn.net 0 listings 0 listings
29. hazardcenter.com 0 listings 0 listings
30. husseini.com 0 listings 0 listings
31. imageupmanager.com 0 listings 0 listings
32. includehub.com 0 listings 0 listings
33. jillkelly.biz 0 listings 0 listings
34. jkvphotography.com 0 listings 0 listings
35. joe2006.com 1 listings 0 listings
36. landairseadesign.com 0 listings 0 listings
37. launchproof.com 0 listings 0 listings
38. leonardflagg.com 0 listings 0 listings
39. marshallfornevada.com 1 listings 0 listings
40. mdcgroup.net 0 listings 0 listings
41. meetned.com 0 listings 0 listings
42. monorailjim.com 1 listings 0 listings
43. myhostcamp.com 0 listings 0 listings
44. naranjojorge.com 0 listings 0 listings
45. nemetzfamily.com 0 listings 0 listings
46. newlogicusa.com 0 listings 0 listings
47. nvdemsinsider.com 0 listings 0 listings
48. nvtoday.com 0 listings 0 listings
49. paradoxengineering.com 0 listings 0 listings
50. patkochakji.com 0 listings 0 listings
51. peggypierce.net 0 listings 0 listings
52. protectnevadasfuture.com 0 listings 0 listings
53. rksdesign.com 1 listings 0 listings
54. rksguitars.com 1 listings 0 listings
55. robertodiaz.com 0 listings 0 listings
56. rooster-creative.com 0 listings 0 listings
57. roryreid.net 0 listings 0 listings
58. rosemarywomack.com 0 listings 0 listings
59. sandiegofiftysixers.com 0 listings 0 listings
60. santoslounge.com 0 listings 0 listings
61. shannongeis.com 0 listings 0 listings
62. shub.org 0 listings 0 listings
63. stadwiser.com 0 listings 0 listings
64. stonehometeam.com 0 listings 0 listings
65. stonesellssandiego.com 0 listings 0 listings
66. tablacal.com 0 listings 0 listings
67. tablainc.com 0 listings 0 listings
68. takingtheheat.com 0 listings 0 listings
69. threethirty.com 0 listings 0 listings
70. tobysandland.com 0 listings 0 listings
71. web619.com 0 listings 0 listings
72. wellbrand.com 0 listings 0 listings
73. witwindowsanddoors.com 0 listings 0 listings
74. carmelvalleylibrary.org 0 listings 0 listings

I'll admit that my asumption could be wrong - that not all the sites on the same server would be affected by a DoS attack on one? That is what you're saying, correct?

The DNS all translates to the same IP which sends all the requests to the same computer. Only at the computer does the virtual server part of apache kick in and look at the actual name that was used to access the site (part of the http packet). All these sites use the exact same apache server on the same computer on the same IP. A DoS attack on one would effect all of them.

The only other option would be a smart router in the server room somewhere before the attack filtering out the attacking packets by looking inside the http packet. This would let all the other sites run normally. If it was a single source DoS attack (from one IP address) Joe's site would run normally as well. It would get a bit more difficult to filter the packets if it was distributed as that would be coming from many different IP address, but it can be done by looking at number and frequency of request and creating a list of attacking IPs - shouldn't take more than 15 or 20 minutes to get the filter set right.

All of this leaves Joe's original site as it was before the attack.

I rent a VPS site that I have a few (6) virtual sites on. If it would get rid of this controversy I would give Joe the space and bandwidth.

If there is a DoS attack going on the files aren't accessible whether they are intact or not.

First the files would be the same as they always were. They would not have to find and put up an underconstruction page. The site would just be slow to come up as all the other sites on the same computer, but it would still be there intact.

Not to put down the OS or small ISPs in general, but you'd think a US Senator who was interested in getting re-elected would have gone with a more robust solution.

Pretty hard to argue with your reasoning.

It is conceivable that a load-balancing machine could be splitting up incoming traffic by host header name (I run one as part of my job), but most likely all those sites are running on one box.

as Joe's supposedly "hacked" website are working just fine.

Please explain how that could be if the IP address was being filtered.

Filtering doesn't take nearly as much processing as serving webpages, so it can handle far more attacks, even if the filtering is done on the same computer. Can this be done? Yes, all you have to do is remove the virtual host from the apache configure. Look here to see how to add a virtual server. I'm sure anyone who can figure out how to add one can figure out how to remove it. Filtering done. The original posters acusation that an attack on one virtual host must take them all down is wrong. I've explained it once, the original poster agreed and still people are argueing, so now, I'm explaining it again.

I'm not saying he was or wasn't hacked. All I'm saying is that using the fact that the other sites are up to prove that the senator's site wasn't hacked by a DoS attack is bogus. My personal belief is that it was a cheap site and it went down due to overload because of all the press that the senator got. It happens every day on the internet.

http://66.102.7.104/search?q=cache:3Omdfclo6MUJ:lists.arin.net/pipermail/ppml/2000-August/000015.html+%22current+bandwidth+shaping+methods+will+not+work%22&hl=en&gl=us&ct=clnk&cd=2

2) Denial of Service (DoS) attacks on web servers have a much larger
scope. Given the current state of IP it is possible for someone (even
anonymously) to generate a DoS attack on a web server. Within the
last few years distributed DoS (DDoS) attacks have appeared and their
effects have been made public (see
http://staff.washington.edu/dittrich/misc/ddos/). These attacks
generated enough traffic to the point were large Internet sites' web
servers could not response to respond to valid requests. There are
lots of proposals to the DDoS problem but, in short, nothing really
has been deployed or proven to work.

In a shared web hosting environment a DoS attack can take down more
than the target web site since multiple web sites are hosted on the
same web server. This may take down hundreds or thousands of web
sites in addition to the target web site.

With IP-based web hosting the target web site that is under attack by
a DoS can quickly be identified and dealt with. One common method of
reducing the effects of the DoS attack is to add a host route to null
at the broader routers. This way the router drops the traffic
generated by DoS attack to the targeted site and the other web sites
hosted on the same server will operate as normal while network
engineers attempt to trace the source of the attack. Since name-based
all the web sites share the same IP address a DoS attack the null
routing method will take down all the hosted sites and not just the
target site. In addition, it is much more difficult to identify the
target of the attack since it can be any of the sites sharing the same
IP address.

This same problem can be applied generally to things like filter
services. If one IP address gets blocked for some reason or another
all the name-based web sites are blocked.

(3) Current bandwidth shaping methods will not work. Most, if not
all, web hosting companies use a kernel-based or switch-based
bandwidth shaping. In order for this to work each web site must have
its own IP address.

as Joe's supposedly "hacked" website are working just fine:

http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=132&topic_id=2765091&mesg_id=2765091

Please explain how that could be if the IP address were being filtered because of a DOS attack.

nice work!

Perhaps someone deleted his website, either accidentally or on purpose. But reports of a denial of service attack appear to be greatly exaggerated.

1) His page currently says "under construction" which would usually indicate a missing index.html or similar file, not blocked access to the server.

2) As one poster noted, there are other sites sharing the same IP, and they are accessible, albeit slow.

3) The media reports of a DoS on Lieberman's campaign website are causing even more people to go to the website...therefore slowing down the server and creating the continued perception of a DoS attack. However, once the page finally loads, "under construction" is still there.

I worked in technical support for two years. A Denial of Service attack is when multiple computers are employed to use up all of a website's bandwidth. While there is very little bandwidth on the site, and it is slow...once again, a whole page of NOTHING is still there. The index page is missing but the server is still accessible.

What a fucking pathetic man Joe is. I don't care anymore about his voting record. He took a big dump on his record with the attack on liberal bloggers. As if they care Joe. I'm really beginning to think Joe is a mole in the Dem Party.

Joe the Mole.

- because I think the info in this thread is helpful and because it's my very first DU journal entry. :)