You may have noticed that the site has been down for a while. We were hit with a combination of problems.
First, we have been plagued by this idiot script-kiddie, the registrant for usuc.us:
(Information erased: a call to the person to which the domain is registered reveals he has no idea what is going on. Does anybody know how to inform the domain name registry that it is registered under a false name and get it deleted?)
He has been running a bot that injects some javascript into a search string that redirects the scienceblogs main page to google, since the main page rather foolishly embeds the top search strings into the html. We’ve known about this for a few days.
Second, the sciencebloggers’ complaints about this have been effectively ignored by the management here (and I think many of us are getting more pissed about this neglect of an obvious problem than anything else.) Several of us have been running a rather kludgy and ugly workaround, inserting code on our pages that secretly runs searches, too, to displace Mr Sullivan’s hack from the list of top searches. This has caused performance problems—we’ve basically been trying to out-thrash the bot to keep it from taking over the main page. A more elegant way to fix this would have been to patch up the search display on the main page, but we don’t have access to that.
Third, in the midst of all the overwork to which we were subjecting MT and the server, MT ate a large chunk of the Pharyngula template code. Poof, my page disappeared. At least that absence reduced the server load so everyone else’s pages were running a little better.
Anyway, the bottom line is that right now the scienceblogs main page will occasionally whisk you off to google, the Pharyngula index page is a corrupt and broken shambles, and server performance seems to be up and down.
What an annoying pisspot.
I looked him up on Google maps. He drives an SUV.
Are you sure he is the script-kiddy, or is it possible his machines have been subverted without his knowledge?
Ahh. Thanks for the info. I hope it is all fixed soon! I find that starting my day without a nice dose of Pharyngula, Scienceblogs, and Co. is much like starting my day without caffeine. It makes for a slightly cranky, not-on-the-top-of-her-game scientist. Off to double up on the coffee to make up for the temporary lack of blog . . . .
Good point, quork. When my identity was stolen (while on vacation!) I cursed the name that withdrew money from my bank, until my boyfriend pointed out that his identity had probably been stolen, too.
Layers of evil!
He owns the domain which runs the javascript which does the redirect. He seems to have done some domain name squatting before. It is a little incongruous that he’d be living in a neighborhood infested with such twee names.
Careful PZ! Unless they’re really stupid, in order to avoid tracing, the kiddies use other hijacked systems/networks as a launching pad for their attacks. Unless you’ve got definitive proof, it’s very likely Mr. Sullivan is also a victim here.
Colorado Springs is a stronghold of the Christian Right. Perhaps his porn site is a front for Christian black ops.
This explains a lot. I had automatic googl redirect problem quite a few times in the past week, and couldn’t figure out what was going on, or from which end the problem was originating. Good luck getting everything put back together!
I dunno. Coincidence that he’s in Colorado Springs home of Focus on the Family?
I would expect an anti-atheist anti-evolution attack to come from there.
Until this guy says it’s not him and shuts it down… he’s to blame.
Oops! That should have read, “I had the automatic google redirect problems. . .”
We need a real old testament miracle here! Oh Lord, please smite this hacker, inflict him with boils on his butt, I mean MORE boils on his butt.. May Pat Robertson talk to him everyday and twice on Sundays! May DaveScott move next to him. May the hacker always be an ID proponent, and have little children laugh at him behind his back. May he always praise Buffalo Bill Demsbski and have adults laugh at him to his face.
Thanks for the update, hope it gets fixed soon!
This also explains the number of tracking cookies that have been found by SpyBot on the computer I use for Scienceblogs versus the one I actually work on (I do Scienceblogs on the kitchen laptop during breakfast).
Has Sullivan not responded to phone calls?
Funny how un-anonymous the internet is. A message board I post on was attacked repeatedly a few months ago and we found who the guy was and convinced him to discuss this problems in the board instead of hacking it. He posted a few times and disappeared.
Don’t take this the wrong way but I’m so glad to hear that’s what was happening. Underneath my tinfoil hat I’d started to think that redirect was happening because my bosses had rumbled my worktime reading and they’d put some script onto my machine to foil me.
Best of luck fixing it though, sounds like a ‘throw-the-computer-out-the-window’ nightmare.
Hope it gets fixed soon. Some people have too much time of their hands. Well, given that he’s affiliated with porn, maybe it’s better he has TIME “on his hands”…
His affiliation with a porn site does not disqualify him from being a hired gun for Focus on the Family. It’s an “ends justify the means” organization. Besides, didn’t you know that good people are allowed to do bad things to bad people — and godless science is bad by definition.
Thanks for letting us know what that Google jazz was all about. I was pretty confused.
I enjoyed this post in the same way that I enjoy the more bio-detail-laden ones: I understand what you’re saying, but I don’t understand what you’re saying. Or something. Anyway, get well soon!
Also I read that porn addiction is a major “problem” within the christian right. ha!
http://www.csmonitor.com/2005/0825/p14s01-lire.html?s=widep
I just read that article from above. They are making each other take polygraphs so they don’t look at naked people.
Look I think porn can cause problems if you feel the desire to look at it 24/7 at work etc. But why the fuss over looking at a naked body? It seems to me demonizing human sexuality leads to the issues these folks are having and they are pastors.
So the answer for them is fear of a polygraph rather than an acceptance of their own nature.
For those suffering from withdrawal at the lack of Pharyngula/Scienceblogs this morning, may I suggest a palliative? I woke up to this story on the radio today – sure brightened up my day:
Charles Darwin and the Racing Asparagus
Wish you and scienceblogs a speedy recovery, Pharyngula!
PZ, I know that neighborhood… I have relatives in Colorado Springs, only one of whom is FOTF-nuts. (Ok, full disclosure: that one doesn’t associate with the Dobsonites because they’re not conservative enough. There’s one in every family, I like to think.)
Your imagined image of hellish suburbia in an underestimate. I’d go in to more detail, but words fail me.
Thank you for the efforts and for updating our little community…
Uhm. Am I missing something?
I’ve seen people talking about a Google redirect the last few days, and haven’t experienced anything different from my normal Science Blogs experience.
Am I proof against a script kiddy? Or is the effect random and I’m just sitting at one end of the Bell Curve?
I just ran into it this morning.
Do you supress cookies? What browser are you using?
SteveInMI wrote….
“Your imagined image of hellish suburbia in an underestimate. I’d go in to more detail, but words fail me.”
That being said, if you look towards the upper right of the google map, there is a street off Picturesque Cir called Whip Trail. Wonder who lives there? On second thought, I probably don’t want to know.
He hit my site too, which I discovered when loading my Movable Type Activity Log. It lists all seach queries, so when it hit his, I got taken out of my MT control panel and over to Google (and, as the reset button for the activity log is at the bottom of the page, I could never see the button to clear the log). In the end, I went in through a SQL editor to find the offending entry in my database and removed it.
Cant this guy be prosecuted? Wire fraud? Something?
When I complete my space based laser system, google maps/earth is going to come in real handy…
One wonders whether Mr. Sullivan’s neighbors are aware of his commercial activities. One wonders if they would be less than pleased with the knowledge that a pornographer lives in their neighborhood, perhaps preying upon their virgin daughters or enticing their sons into commerce with Satan. One wonders.
The effect is random, and you need to have javascript enabled for it to affect you. The bot tries to search for a string that is the javascript code; it then appears on the main page, where the latest searches on scienceblogs are listed. It gets bumped off the page when people make other searches, but it keeps coming back.
anyone google him yet?
Maybe he’s on a school board… or bible studies teacher.
Of course, if many many people wrote to the various churches in the area, concerned about Satan’s evil influence in the otherwise righteous and godly town of Colorado Springs, there might occur a kerfuffle.
Wow. I read ScienceBlogs through the RSS feed and had no idea there was a problem. :-)
Interesting. The same sort of redirect-to-Google tweak was interfering with use of Spamcop’s webmail a week or two ago, for a few days.
Yh, h’s bvsly Chrstn nd prbbly hgh-rnkng mmbr f Fcs n th Fmly. t’s dfntly nt mttr f hm trgtng Scncblgs bcs y’r bnch f gks wh cn’t gt rl wmn t stsfy yr sxl rgs. Np.
anyone google him yet?
Too common a name, he’d be hard to google.
Ah! That’s why. I’ve enabled Javascript through Firefox, but crippled it severely using the ‘Advanced Javascript Settings’ because I dislike Javascript stealing my status bar or resizing my windows.
My Javascript Console for Firefox shows a huge number of Javascript errors, all for the scienceblogs.com site. All errors are dropped, undisplayed.
Perhaps I AM immune to this particular tomfoolery.
>>I looked him up on Google maps. He drives an SUV.
Not precisely. The vehicle on the driveway could very well be a minivan. At the resolution of Google Maps, it’s hard to tell.
Second, when I search for my address, Google points proudly to three houses over. So the house Google points to may not be the correct one.
Y knw wht’s s fnny bt ll ths “dsmvwl Jsn cz h’s trll” stff? Mst f th cmmnts md hr by thrs wld b cnsdrd trllng f thy wr md nywhr ls.
Qck, Grg! sk m sm mr qstns ‘v lrdy nswrd!
Zeno: I understand there’s a growing problem with spoofed WHOIS data. Perhaps the porn domain in question isn’t affiliated with the guy at all. (Maybe that’s part of the program – to get the porn domain flooded with crap?)
Notice he lives about 7(ish) miles from Focus on the Family Headquarters
Start address: 8605 Explorer Dr
Colorado Springs, CO 80920
End address: 3171 Whileaway Cir W
Colorado Springs, CO 80917
Distance: 7.9 mi (about 14 mins)
He’s also been linked to the Hitler Zombie through a guy named Adolph Mongo.
Ooops. My comment got posted to the wrong post. Sorry.
No problems for me. Running firefox with the noscript extension. I recommend noscript.
I’m still not convinced this guy’s system hasn’t been zombified and he’s a victim too. Not that I know enough technically to judge.
Indeed. It has me living in the middle of the parking lot across the expressway. And my ex appears to be camping out in one corner of a Chinese cemetary near her home.
I have to join the ranks of those saying: “stop hyperventliating and thing logically for a minute.” Especially before posting someone’s name, address, and personal invective against them. Especially when you cannot prove he did anything! This is a very irresponsible post. The kind that lands you in court when the guy ends up being assaulted or something.
WHOIS data is spoofed ALL THE TIME! Identities are stolen every day. Anyone hosting a website in their own name (esp if its a blog or the launching pad for online attacks) is asking for trouble. As an aside, there are tons of services that will register a domain on your behalf to avoid just this kind of situation. Oh, and to everyone linking the supposed script kiddie to FOTF because they’re physically located in Colorado Springs better not have family in Milwaukee. I thought this was a science blog. Yet, it seems that many posters here have left reason and skepticism at the door.
He has a phone number there. It wouldn’t hurt to just call and ask him nicely if he even knows it’s happening. He may be appalled to find out he’s being spoofed.
Ha! That guy got me too! I’m giving him a call on Thursday. His wife said he’d be back then.
Me too. Javascript is enabled, but all of the advanced settings are disabled. Just opened the JavaScript Console and checked, and yup, lots of error for scienceblogs.com, but most of them are just unknown properties in CSS sheets. I also block cookies from scienceblogs.com. I don’t seem to have the problems that PZ described, dunno if it has anything to do with my JavaScript or cookie settings though.
Mr Sullivan, slimy and contemptible hack that he is, is probably chortling into his breakfast of booze and cornflakes at the chaos he has wrought.
So, are you trying to say he’s a graduate student?
There once was a trollboy named Jason
Whose rhetorical flubs were amazin’
‘Til one day PZ growled,
“Let him be disemvowelled!”
And started his comments defacin’.
(That’s been stuck in my head all day and I just needed to get it out. Thank you.)
something wrong with “booze and cornflakes” for breakfast, PZ?
I had chocolate chip pancakes with a Hefeweizen this morning.
All systems seem to be operating normally . . .
I remember reading somewhere on another blog (great citation, eh?) that Colorado Springs is the location of some major AOL Grand Central Traffic locations, so an awful lot of addresses look like they’re coming from Colorado Springs because of routing via AOL accounts. My knowledge of computers doesn’t go beyond turn it on and hope it works, so I may have just spouted a load of bs – is that possible? (the explanation, not that what I said was bs. I know that part is possible)
(That’s been stuck in my head all day and I just needed to get it out. Thank you.)
No problem. As long as you feel better, that’s what counts. :-)
Hmm. According to Google Earth, I live in a swimming pool.
Nah, the address is legit, but the location — depsite a previous commenter’s note about 7 miles — is not even close to being in the same neighborhood as Focus. *I* am closer to Focus than this idiot.
The entire neighborhood does have the most ridiculous names, doesn’t it? It’s pretty amusing when juxtaposed with the often un-cared-for homes that were built 20-30 years ago. It’s a largely lower-middle-class, blue-collar kind of area, FWIW.
And this is where I do a happy dance that I’m moving from super-conservative Colorado Springs to Santa Fe, NM! Wheeeee! Buh-bye!
At last, we have found Aquaman…living in Iowa?
Hmm. According to Google Earth, I live in a swimming pool.
Heh. Google Maps has an old satellite photo of the apartment complex where I live, so according to them I live in a partially poured foundation in the middle of a large dirt lot.
Quit complaining. Google maps has the most pathetically poor resolution for my part of the world, so all I can say is that I live in a kind of blurry green smudge.
I have never had the Google problem either, I’m running Opera with javascript enabled. I haven’t done anything special with it. Speaking of “special”, Jason just keeps trying doesn’t he? I like the disemvoweling thing, it’s much more entertaining than just blocking someone.
I have never had a problem with this site, but I just looked at the Firefox javascript console. The .css files for scienceblogs.com seem to be a total mess–someone had the dim-bulb idea of ‘removing’ options by preceding their names with an underscore (so text-align is renamed _text-align and no longer works.) There is also a tag called ‘text-deocration’ in the .css for the scienceblogs.com home page.
While it might well be the case that our friend here is pure as the driven snow, he definitely has some dirty fingers:
http://forums.sijun.com/viewtopic.php?t=40941&sid=d478f570ed0b35b4888383fdb980d3b4
He (or someone using his registration info) has squatted over what appears to be HUNDREDS of sites.
Yeah, for all of its nice names, that part of town is a dump. This guy lives within a block or two of my optometrist. I’m not even kidding. It’s a pretty unkempt pile of humanity, and the traffic is miserable.
This town is really getting the bad rap it deserves around pharyngulaland. One of these days, something that isn’t Ted Haggard, a scriptkiddie-pornographer, or Wayne Allard will come from this city (I hope).
Also, “Carefree” is the most ironic name in the history of road names. If you want to get in a wreck, you drive on Carefree. “Meander” is not just a street name, it’s actually our official urban development policy. There are 4 north south corridors in this city. But if you try to move east or west, well, may Bog in his bolshy heaven have mercy on your soul.
And now you know.
Ah, Dustin, you are quite familiar with the Seattle bus “system”, I see.
Do you supress cookies? What browser are you using?
Posted by: Steve_C
I dunno about that poster, but I am using IE6 with third party cookies blocked, and have had no problems on any of my many visits to Pharyngula and other scienceblogs. I also use SpywareBlaster which disables known bad sites and known bad ActiveX.
I’m wiling to bet that this guy isn’t zombified…. porn merchants are pretty notorious for scumware and dialers and other shenanigans (like hijacking the City of Los Angles entier netblock).
Another stop on the “Peasant Mob World Tour”. Bring your own pitchforks, I’ve got the torches and the list of spammers.
Reminds me of a few years back… there was a root vulnerability in Aurora, or some service like that, I forgot which one. Anyway, someone exploited that before I learned about the problem and turned my linux box into a scan zombie. I got blamed, but was able to clear it up pretty easily, particularly since it was only going for a day before I noticed it.
Identities are stolen every day. Anyone hosting a website in their own name (esp if its a blog or the launching pad for online attacks) is asking for trouble.
Sorry Pidgas, but **not** using your real name and information in a WHOIS is now a federal offense, since a lot of even bigger f***wits used aliases to hide themselves from law enforcement by using false information. They might still be doing it anyway, especially using zombies, but the feds are not going to care if you are running a Pokimon fan site or a child porn site if they find out you gave false information for your site registration, at least in the US.
Well, unless I am wrong, and that law actually wasn’t ever passed. Its part of the whole, “Posting things that offend people under an assumed name.”, legislation and while some might argue that its somehow unfair, I happen to think they are right, for the same reason its illegal to run a business and call yourself Elmer Fudd on the business license (unless its your actual name).
But, I also agree that the odds are probably better than 50-50 that this guy is a victim, not the originator. It wouldn’t be surprising from some ass to kill two birds with one stone and attack someone who belongs to what they think is the *wrong* sub-cult, by zombieing the guys machine, then using it to attack the *even more evil* science site. :p
I ran into the Google problem on September 12 in Firefox and IE. I reported it to webmaster and he wrote back the next day that no one else had reported it. I guess I was one of the first to see the problem. I have not seen the problem since September 12. Before I wrote the webmaster I used HTML-Kit to get the source code and HTTP headers for the homepage and found that the only instance of Google in the source code <script> link to a javascript file hosted at Google.
Point #1 – Who was the idiot that decided to put unparsed user-content into the html. Take that web designer out back and shoot him/her before more damage is done.
Point #2 – I don’t get the redirect, using Firefox and Safari. What actually happens over at Google. Is there a search already launched (ie is this guy trying to increase the number of requests for a website, to improve it’s rating?)
Some mornings tha must seem pretty accurate.
Bob
I can’t comment about the technical questions, but as for Colorado Springs, FotF is hardly the only noxious religious right group there. It’s the anti-Eureka, the capital of groups like this, most prominently Pastor Ted Haggard and the New Life Church.
Harper’s had a great article on the city and Pastor Ted, “Soldiers of Christ I”
http://www.harpers.org/SoldiersOfChrist.html
Given them, it wouldn’t be unimaginable that they could combine hacking with evidence blaming a local ‘pornographer.’
There’s a discussion here about the “Jonny” XSS vulnerability in MT 3.32. Someone said this bug hack has hit 36,000+ sites so far, and speculates that it is a precursor to “something big”…Nothing on MT’s website. Do a google search on +js +jonny .
Well, unless I am wrong, and that law actually wasn’t ever passed.
I think that there is some confusion here. There is a US law against using a fraudulent identity ot obtain internet access. That applies to info that is between you and your ISP, and does not have to be public.
ICANN will pull your registration if the information that you provide is not accurate and up to date. That is public, but ICANN are a technical, not legal, body.
Yeah Jim. This scriptkiddie lives only a paltry few blocks away from the infamous Patriot University, and he’s even closer to the local branch of Power Invasion Ministries, of Hell-House fame.
This town is the Vatican City of Evangelical Lunatics.
http://www.milezero.org/index.cgi/meta/blosxom/james_sullivan_is_not_a_spammer.html
update!
S wndr wht knds f chrgs y jcksss cn b brght p n fr hrssng nd lblng n nncnt prsn…
Wndr wht PZ’s mplyrs wld thnk f ths… thnk shll fnd t.
Calm down on the conspiracy theories gang. I am a professional web designer who has been hit by this as well on several commercial sites. The script is attacking sites based upon potential exploits, not agenda. The hack is not political, no matter how much you want it to be. This man, Mr Sullivan is the victim of identity theft, to the best of my knowledge from correspondence, and is not at fault. The poor man claims that his life has even been threatened.
Relax a little bit. The hack is not a political attack