nanog mailing list archives
RE: NY times appears to have had a rough morning..
From: "Tracy Snell" <tjs () enteract com>
Date: Sun, 13 Sep 1998 11:17:09 -0500
Actually they were hacked by a group calling themselves HFG. The correct website was restored several times only to be overwritten by the hacked version minutes later. The hacked page talked about cron jobs, I imagine they hacked one in to keep putting the hacked web page up. Looks like they finally gave up and took down the server to fix it.
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of Phil Howard Sent: Sunday, September 13, 1998 10:51 AM To: rirving () onecall net Cc: nanog () merit edu Subject: Re: NY times appears to have had a rough morning.. Richard Irving wrote:Hrmm.. This sunday am I logged into www.nytimes.com, and got an unusual front page. Someone may want to take a look......Looks like the classical underconfigured/overloaded server to me. They were probably running with not much spare capacity before, or didn't configure the correct number of listening processes (or enough RAM to handle them). Possibly a SYN attack. But on this date, more likely a demand "attack". This is not unusual when you consider the total capacity is ultimately determined by the suits. FYI, I had no trouble pulling it from icreport.loc.gov. I got it in the evening, which would have been the 2nd demand curve for the day. So server capacity there was enough to deliver it in that probably broader hump. But maybe the masses, who normally go checking news sites and wouldn't recognize a .gov site as even being an Internet thing, were clobbering places like www.nytimes.com. Even www.cnn.com seemed kinda slow to me. -- Phil Howard | stop7it2 () anyplace edu die7spam () spammer0 com stop0ads () spammer5 org phil | a2b8c2d0 () s1p8a2m2 edu stop9it3 () anyplace com stop8303 () spam4mer org at | no45ads1 () lame3ads org eat2this () dumbads5 net stop6629 () anywhere net ipal | end1ads8 () s2p4a6m3 edu ads8suck () anyplace com stop0549 () no9place com dot | blow3me9 () anyplace com no29ads0 () anywhere net stop1694 () no71ads2 net net | stop4688 () s5p9a1m1 net end0it82 () no2where com end1it08 () no0place edu
Current thread:
- NY times appears to have had a rough morning.. Richard Irving (Sep 13)
- Re: NY times appears to have had a rough morning.. Phil Howard (Sep 13)
- RE: NY times appears to have had a rough morning.. Tracy Snell (Sep 13)
- Re: NY times appears to have had a rough morning.. Derek Balling (Sep 13)
- Re: NY times appears to have had a rough morning.. Hank Nussbacher (Sep 13)
- Re: NY times appears to have had a rough morning.. Phil Howard (Sep 13)