# Questions About the Legitimacy of the Lieberman Website Takedown

I'm taking some interest in the [story of Joe Lieberman's "hacked"
website][1]. According to the Lieberman campaign, their website and
email has been offline for about 18 hours now. They are also
claiming that this is a DoS (Denial of Service) attack, and
[suggesting Ned Lamont supporters'][2] involvement (Update: [Now
denied][3]). (Note: More updates below).

A few extra pieces of info you can glean from public databases,
apart from what is in the linked post:

1) The hosting provider for joe2006.com (myhostcamp.com) has a /30
IP block assigned to them, meaning only two usable IP addresses, one
of which is www.joe2006.com (69.56.129.130).

2) A hosting provider that has only a /30 assigned to them is not vy
big - most likely, they are using virtual hosting on one or two
servers to provide websites for all their clients.

3) The assigned range of IP addresses, 69.56.129.128/30, is part of
a much bigger range assigned to theplanet.com - a large hosting
provider and hosting reseller.

4) www.myhostcamp.com - the website of the hosting provider - is
offline as well, also redirecting to a 'suspended' page. This is the
biggest clue to what happened. Given the above, it looks like a
small-time web hosting provider was overwhelmed on election eve/day
by traffic to one of their hosted websites, namely joe2006.com. The
hosting provider's (myhostcamp.com) bandwidth allocation was
exceeded, causing the end provider (theplanet.com) to shut them
down. Until some money is forthcoming from myhostcamp.com to
theplanet.com, the site won't be back up (at least under the
original hosting provider).

We can't know for sure this is what happened, the facts just seem to
point in that direction. It is certainly possible that a DoS attack
took place last night/this AM, but has since stopped. It would only
have needed to run for long enough to exhaust myhostcamp's monthly
bandwidth quota. Contrary to what others are saying, the Lieberman
camp could probably still make updates to the site, since most
hosting providers will use some sort of policy routing or QoS
(quality-of-service) to restrict web bandwidth only. This would also
explain why echo-requests (ICMP pings) sent the the IP address of
www.joe2006.com have an RTT of 10ms or so - very fast in Internet
terms. There must be very little traffic to that domain right now -
only web traffic is being redirected to the suspended pages.

A few things are odd about all this:

1) Given that Senator Lieberman's website associated email have been
offline for over 18 hours, on the eve of a contentious election, why
has the Lieberman camp allowed this to continue? As the link above
suggests, a competent sysadmin could get them back online with
another provider in an hour or so.

2) Why is the website being handled by such a small operation, and
why were no contingency plans put into place in a race that has had
national interest? I'd say they got some very bad advice from their
hosting provider/Internet consultant.

3) Email for joe2006.com is down because the email is handled by the
same server as the web traffic - not something usually done with
larger domains, precisely because it's a single point of failure for
the domain. Again, it would be very simple to redirect mail to
another server temporarily. Why wasn't this done?

Now, we have to be careful not to blame the victim - if joe2006.com
was DoS'd, there is simply no excuse, and those responsible should
pay. If not, the Lieberman campaign got some very bad hosting and
capacity planning advice from their Internet consultant, and should
not be pointing their collective fingers anywhere but at
themselves.

UPDATES: An [update from DailyKos][4], from someone who did even
more digging...and [here][5].

[1]: https://web.archive.org/web/20070306215552/http://www.mydd.com/story/2006/8/8/15236/66395
[2]: https://web.archive.org/web/20070711141503/http://www.tpmmuckraker.com/archives/001292.php
[3]: https://web.archive.org/web/20081007133910/http://www.tpmmuckraker.com/archives/001300.php
[4]: http://www.dailykos.com/story/2006/8/8/144119/5628
[5]: http://www.dailykos.com/storyonly/2006/8/8/153827/3493
.