Dawn of Malaysia political cyberwar : How to make your content available
ETA 1 day to the Bersih campaign : A 10,000 people march from Dataran Merdeka to Istana Negara to submit a memorandum to the Agung for a fair election. Before the day, a cyberwar just spark out : Bersih website has been defaced, and now under heavy Denial of services (DoS) attack WITHIN Malaysia internet segments.
The good news is, since the attack is WITHIN Malaysia internet segments, the firewall will leave all connection outside Malaysia intact. So you may access Bersih website through open proxy. The bad news is, Bersih webmaster seems inexperience about DoS attack, no mirror site are setup to counter such attack.
Actually, attack on popular Malaysia social-political website are not new. However, it is never reported on mainstream newspaper. For example, Malaysia social-politics blog veteran site such as Jeffooi Blog, Raja Petra Malaysia Today and the online Malaysia news site Malaysiakini, face DoS attack on bombastic topics from time to time.
Alas, though these volunteer/NGO website does not has the luxury of corrupted government that spending hundred millions of public money maintaining outdated and unsecure website , but all has take extra step to secure their website to ensure availability of the contents.
Take JeffOoi blog as example, although it is host locally, combining the power of a firewall and blog RSS feed engine, when a localised(within Malaysia) DoS attack hit the site, the firewall will lock out or delay all attack, but allow connection NOT from Malaysia to pass through. For skillful person who know how to use open proxy, access the site is just a few step away. For people who take the convenient way, subscribe the blog site through Google Reader save all the hassles. On the other hand, Malaysia-today relies on the foreign hosting ISP to rectify/block the attack. And RPK didn’t build an RSS feed to his blog Corridor of power but his report has a RSS newsfeed.
Here is a list of method that make a site content available during DoS , including some pros and cons notes.
- <a href="“>Mirror site. It is a general technique used by reader to served to others, especially when a site being slashdotted. In the past, the content creator will find a free hosting space to hold the content. Today, you can register any free blog hoster such as Google blogspot or wordpress to host your mirror content. A simple mirror page is easy to setup. But full duplication are complicate to setup.
- Firewall : The first line of defense,blah blah blah. Like the F1 race, this is resources games – time, human resources and money. Better firewall would delay or block the attack for good. Nasty firewall admin has the choice to launched DoS counter attack.
- Registration and CAPTCHA. This will reduce comment spam attack.
- RSS feed. This required a bit of works from the reader. Best for people with feed reader. After widespread of standardisation on RSS link, putting a blog in the feed reader is just a 3 step work : i. Enable add subscription ii. Key in the RSS enabled blog/website name iii. Save it. And the reader will pool and even cache the site information for you from time to time.
- SMS alert. Subscription base, provided by contents provider. Malaysiakini are charging RM5 per month for some brief news message.
On the episode of BERSIH website defaced and possible denial of services, it seems only in Malaysia, dissidents voices are likely bring out of services by you-know-where-they-come-from than no-body-bother-to-visit-dormant-content-government-website. It is on urgency that site that didn’t do it to employ at least 3 tactics stated above in order to keep their content available to the mass.