What happened to Malaysia Today


By Malaysia Today’s technical team

With so much confusion and speculation making its rounds about what is happening to Malaysia Today over more than a week, we are compelled to offer our explanation so that the record can be set straight. Only limited technical details will be mentioned to allow you to appreciate the scale of challenge the site is facing.

You may now be aware that the site has been up and down since Friday, 17 September 2009. This was due to malicious activities by those behind the effort to cripple Malaysia Today. This is just one of the many rounds of cyber-attacks that we at Malaysia Today have had to face for more than a year now.

Coincidentally, this latest round of attacks started immediately after RPK’s explosive expose two weeks ago on Tuesday regarding the Malaysian Cabinet’s knowledge and ‘approval’ of the PKFZ scandal long before it became public knowledge. Suspicious activities against the site happened as early as Wednesday, but the first damage was done in the afternoon of Thursday, which brought the site down.

The site was quickly recovered and by 6.00pm we were up and running again although with some loss of data. The attack revolved around the long-time problem faced by the site – a rather old version of Joomla content management system and the use of third-party components.

Lack of resources (financial, manpower, etc.) has always been a challenge faced by Malaysia Today, which affected the maintenance and operations of the site. During the recovery process, we locked down the site to reduce the danger of further compromises.

The next wave of attacks came the following day on Friday. This time it was in a wave of DDoS traffic crippling one of our nodes at Singapore. The Singapore node operates with about 30Mbps of bandwidth, a luxury by Malaysian standards but far short if we need to match any serious DDoS attacks. The node was basically choked with illegitimate traffic. Typical of DDoS network attacks, the origin of the attacks is difficult to pinpoint and sometimes pointless as the attack agents/zombies are likely compromised systems themselves.

We then activated our resources at our US node to recover the site. The process required optimisation of the site to cope with demand. (The demand on the site seemed much higher, possibly due to the interest on the PKFZ expose.) Hence the intermittent site outage, due to either overloading or optimisation process.

Being a service provider of a larger scale and sophistication, the US node has a higher capability of sustaining the attacks. Still, the attacks persisted on a daily basis and we tried deflecting them as far as we could. The DDoS traffic we suffered ranged from 227Mbps to 835Mbps, a mammoth scale for anyone familiar with maintaining Internet sites. The attacker does not appear interested in defacing the website, typical of self-styled college hackers. He/she just deleted articles published on Malaysia Today, literally one by one, with the single-minded aim of erasing all the explosive stuff on the site.

Further complicating the trace of attacks is the use of free proxy servers, on random basis, by the attackers. This is an irony, as we have been advising our users to use such proxy servers to overcome any potential content filtering by the government.

All the malicious activities and behaviours bear the hallmark of professional, for-hire hackers. These are certainly no amateurs, judging from the persistence and frequency of the attacks, with the main objective of making the content of Malaysia Today inaccessible to the public.

We believe that there is NO explicit blocking of the site by the various Malaysian ISPs. The inconsistent and intermittent accessibility of the site in the past many days are the result of the situation described above, although we must caution that it is almost impossible to detect any clandestine censorship.

The MCMC has in the past failed to silence Malaysia Today officially through blocking it in August 2008. Now, with even more revelations of various scandals of the government exposed through this site, we can’t help but suspect that there is a more significant force, a hidden hand at play aimed at bringing down Malaysia Today.

  1. #1 by sheriff singh on Tuesday, 29 September 2009 - 11:57 am

    If the bog is renamed “1Malaysia Today”, maybe things might get better.

  2. #2 by sheriff singh on Tuesday, 29 September 2009 - 11:59 am

    If the blog is renamed “1Malaysia Today”, maybe things might get better.

  3. #3 by OrangRojak on Tuesday, 29 September 2009 - 12:09 pm

    Is bandwidth exhaustion the issue, or is it webserver / database overload? If it’s overload on the webserver / database, you need to get Squid. It’s very simple, JustWorks(TM) and is fighting DDoS for some very large sites every day. Google for “squid ddos”. And it’s free.

    If it’s bandwidth exhaustion ( I saw some big Mbit/s in the article) – how many different sources are the requests coming from? It should be possible to calculate bandwidth per address quite close to your firewall and block connections from ‘greedy sources. That might be annoying for visitors from networks like DiGi’s where we all share a single proxy address – one could only predict by looking at the site logs.

    Or alternatively, why not just host on blogspot or wordpress? Is your advertising worth that much? You could always rely on philanthropy, like Jimmy Wales – or The Nut Graph!

  4. #4 by OrangRojak on Tuesday, 29 September 2009 - 12:11 pm

    [email protected] singh

    Maybe RPK could consider sponsoring a ‘Malaysia Today’ sticker for the 1MF1T cars.

  5. #5 by my oumrie on Tuesday, 29 September 2009 - 1:39 pm

    So, how to access Malaysia Today ah? I miss it so much that it hurts…..!

  6. #6 by OrangRojak on Tuesday, 29 September 2009 - 2:06 pm

    http://mt.m2day.org/2008/

    If it doesn’t work straight away, don’t try again until your next coffee-break. A Denial of Service attack works by overloading the site. Refreshing the pages, or repeatedly clicking on links that are slow to respond, will have exactly the same effect

  7. #7 by OrangRojak on Tuesday, 29 September 2009 - 2:11 pm

    Use Google’s cache. Start your Google search with

    site:m2day.org “fried chicken”

    When the results come up, don’t click on the main link, click on the ‘Cached’ link beneath. You don’t have to use the “fried chicken” part of the search above, just using “site:m2day.org” will probably get you what you want.

  8. #8 by OrangRojak on Tuesday, 29 September 2009 - 2:27 pm

    Just for fairness’ sake – bing.com also seem to have a fairly comprehensive cache of m2day, but the order of results isn’t as good as Google’s. You’ll have to use your “search fu”. I don’t know what’s going on with Yahoo! search, I couldn’t find a cache.

    M2day has no recent pages (since 2008?) at the Wayback Machine at archive.org – given the content of RPK’s site, I’d say that’s a serious omission.

You must be logged in to post a comment.