Another Hack Shuts Ex-Reporter’s Political Website
by Ken Stone
Times of San Diego
Updated at 5 p.m. Dec. 8, 2016
A week after declaring victory over hackers, former Union-Tribune reporter Joe Gandelman said his political website was down for four hours Wednesday under what he called an “absolutely brutal attack.”
His web-hosting service, Synthesis, said: “We have also identified that themoderatevoice.com was under a brute-force attack with 8,962 attempts to obtain access to your website’s dashboard. There were four IP addresses responsible for this attack and we have already blocked them all in your server.”
Where normally his site gets 9,000 “requests” a day, about 70,000 came Wednesday, “which may have led to the downtime you experienced,” a Synthesis representative told Gandelman’s webmaster.
On top of that, “now someone tried to hack my Twitter account,” Gandelman said in a Facebook post. “Someone tries to change my email address on ebay and someone tries to get into my Twitter account. Is there a pattern here?”
Gandelman said he has copied contents of his site, so “if something goes wrong, I can just restore things back.”
The professional ventriloquist kept his sense of humor, however — blaming one of his dummies:
A former San Diego journalist says his political website featuring anti-Trump cartoons and commentary was shut down recently by a massive denial-of-service attack — but now is secure.
Joe Gandelman of Rancho Peñasquitos, a Union-Tribune reporter from 1982 to 1990, has operated The Moderate Voice since 2003. He’s a professional ventriloquist — but not amused by his site being brought down 38 times in three weeks, according to his webmaster.
“Last year, we had one hack attack that almost killed us — it came from China,” Gandelman said.
But Tyrone Steels, his site administrator, said he’s learned that a “surprising number” of attacks are originating in the United States.
On Sunday, Steels said, The Moderate Voice received two days’ worth of malevolent traffic every second for 30 minutes.
On Wednesday, his 67th birthday, Gandelman said he spent time posting delayed material from his blogging contributors, ages 22-70. (The site had been down eight hours at one stretch, he said.)
The attacks happen “like clockwork” every election year, Gandelman said, going back to about 2008. Last year’s attacks did “major damage” to the site, which includes syndicated left-leaning columnists such as Eugene Robinson and E.J. Dionne of The Washington Post.
He said he can’t be sure why his site is targeted.
“All we know is that I’ve almost been able to predict when this is going to be happening,” Gandelman said. “I told Tyrone [once this year]: It can happen any day.”
Steels, who works out of South Carolina, told Times of San Diego that the attacks were directly aimed at themoderatevoice.com — and not its host company, Synthesis of Boulder, Colorado.
“Our site logs have shown 14,000+ attempts to access the administrative page with many different password combinations,” Steels said via email. “This is typical of attacks like this, which is why it’s best practice to use strong passwords and complicated login names.”
He said Synthesis has been “fantastic in bringing the site back up and recommending solutions to streamline the site. … The attacks aren’t the result of poor tech on their end. The hackers haven’t cracked the site due to Synthesis’ platform. We’ve been brought down, but not cracked.”
Steels said presidential and midterm elections elicit large attacks from within the United States, “like clockwork.”
And, yes, I shared this but it's for real. Some folks are trying awfully hard to bring down my website: https://t.co/jH4HGw2ApY
— Joe Gandelman (@JoeGandelman) December 1, 2016
“We’ve also received email from various ‘people’ saying they are going to bring the site down due to a post they disagree with,” he said. “And shortly after, the attack starts.”
Steels, who has worked with Gandelman for 12 years, says a site redesign was required to fend off further attacks.
“We had design elements that made it easier for the site to be hacked,” he said. “Not just brought down. We redesigned the site to eliminate those elements that allowed a bit too much interaction with parts of the site.”
He called the site secure now, “but the DDoS attacks are still there. CloudFlare’s technology is doing a good job [at] severely limiting the size and scope of them now. But we can manage DDoS more than hacking, which could give hackers the power to delete the whole site or turn it into a tool to hack other sites.”
Steels calls The Moderate Voice a large site with thousands of posts — but its traffic has been modest in recent years.
“We used to get up to 20,000 and once even 25,000 page views a day during the time when blogs were big,” Gandelman said. “When the pope died some years ago, I spent almost eight hours doing a huge roundup and we got 125,000 hits that day.”
Now the daily traffic is around 9,000 views a day, he said.
In a post this week describing the attacks, Editor-in-Chief Gandelman said the origins can’t be precisely pinpointed.
“These attacks have come from various quarters,” he said. “One was traced to the home town of a prominent blogger (no proof he or his followers were involved.) The 2015 attack came in massive waves. One was traced coming from China — but that did not mean it originated there (it could have been people hired to do it or set up to look like it came from China).
“The second, most brutal, unrelenting wave in 2015 reportedly came from various points within the U.S., an attack that decimated the previous design and site to where it had to be redesigned for security purposes.”
Gandelman again tried to answer why such a small site has come under repeated attack.
“Perhaps it’s because the posts are extensively indexed,” he said. “Google News carries many TMV posts. TMV posts are all over social media. Over the years, four TMV writers were invited to appear or do phone interviews with MSNBC, CNN, BBC, CBC and NPR. Some posts are syndicated and run as embeds on other sites.”
Supported by donations and some advertising, Gandelman’s site will again seek contributions.
“One reader from Canada who recently donated to our account was very upset when I told her what’s going on and she’s sending another check,” he said. “Bottom line is that right now [Steels] has imposed strict security on the site and is trying to trace where the attacks are coming from.”
Before his U-T stint, Gandelman worked in the early 1980s at the Wichita Eagle Beacon — after freelancing in India for the Chicago Daily News. He also wrote for the Christian Science Monitor — despite being Jewish.
“TMV has always been a rollercoaster of up and down in terms of hits with writers being burned out on politics and blogging and competition from social media,” he said. “However, the huge sudden drop on Oct. 8 and what has happened the past few weeks is not the usual trajectory at all.”
Ironically, he said he intends to largely distance himself from politics in 2017 to work on two book projects “and write mostly on arts and entertainment on TMV.”
On his birthday, he complained: “I will spend a LARGE PART of my day today putting up content. I could care less about hits right now. I’m extremely angry and intend to make sure there’s lots of content on the site today.”
Gandelman also uses his old U-T job as content for his traveling comedy show.
“When I first did my show professionally, I said: ‘I used to work for the San Diego Union,’ and someone shouted out: ‘You used to work for dummies. Now they work for you!’ Got a huge laugh, and I use that in my show.”
More serious, Steels said: “The Moderate Voice is still trucking along and working with other victims of DDoS attacks to share information and tactics to handle. We will endure and keep the ship afloat.”
This article is reprinted from The Times of San Diego which, along with The Moderate Voice, is a member of the San Diego Online News Association.