Temasek Review writes to SPH CEO Alan Chan to seek further clarifications
November 8th, 2009 | 
Author: [Read our latest rebuttal to Mr Geoffrey Pereira's second article on 13 November 2009 here]
Mr Alan Chan
Chief Executive Officer
Singapore Press Holdings
Dear Mr Alan Chan,
RE: ARTICLE BY STRAITS TIMES JOURNALIST MR GEOFFREY PEREIRA ON 6 NOVEMBER 2009
We refer to the article by Mr Geoffrey Pereira which was published on the Straits Times digital edition on 6 November 2009 at 11.40am titled “Attack on Temasek Review: Not SPH” (read article here)
Mr Pereira claimed that Temasek Review had accused SPH of launching an internet attack on its site in an article published on 2 November 2009. We beg to differ.
Nowhere in the article did we ever accuse SPH of attacking our site via a DDOS or otherwise.
Our correspondent who drafted the article was not familiar with IT matters. We apologize if our article has caused some misunderstanding and we have already clarified the matter in subsequent articles.
We have never intended to implicate SPH with the DDOS attack on our server which had occurred a day earlier and we are sorry for any distress caused.
Please allow us to outline the sequence of events to give you a more complete picture of what had happened exactly.
Our servers are hosted with RTG (Asia) Network in a China Data Centre. On 1 November 2009 at about 12.10am, our correspondent received a phone call from our system administrator informing him that our newly installed anti-DDOS firewall had detected a flurry of network communication requests coming from the same IP address – 203.116.232.234.
A snapshot of our server log provided by our system administrator showed the IP address “grabbing” content from our site. The IP address was traced back to SPH by our data center.
According to our system administrator, this is not ordinary browsing, but “grabbing”. The manner by which contents are being accessed is consistent with search robots or a web grabber – i.e. a website is archived so that a string search can be made.
Our correspondent was told by our system administrator that such “grabbing” can potentially hog our server’s resources, but in this instance, it didn’t because the software firewall on the server itself banned the offending IP address minutes into the action after the IP address exceeded 60 connects per minute, the threshold set by the system administrator.
Technically, if the server were to be not protected by firewall and had been configured poorly, a multiple of requests in excess of 60 connects per minute would have brought our server down.
We were very concerned about the incident because our server was down for 8 hours during the previous day due to a DDOS attack which explained why we made the fateful decision to make it public in the hope that SPH can provide us with some answers since the IP address was traced back to it.
In his article, Mr Pereira had admitted that SPH employees were found to be visiting TR during the time period when the “grabbing” incident was alleged to take place during the period from 10 pm (31 Oct) to 1am (1 Nov).
His revelations corroborated with the findings on our server log which showed an IP address from SPH accessing/grabbing our content.
We hope SPH is able to provide us information on the following:
1. The identity of the employee or bot who was “grabbing” content from TR during the stated time period.
2. Is he/she using a web grabber software to do so?
3. What are his/her motives for “grabbing” our site.
We would like to appeal for your kind understanding and patience that we were quite traumatized by the earlier DDOS attack which disrupted accessibility to our site for almost an entire day and it was an unfortunate coincidence that an IP address from SPH was caught “grabbing” content from our site a day later.
We just want to obtain an understanding of what happened exactly so that it will allay our anxieties and set our hearts at ease that such uninvited “grabbing” of content on our site from SPH will either not occur again or is a routine “operation” by SPH which will not have a detrimental impact on our server.
Thank you very much for your time and attention and we hope to hear a favorable reply from you soon.
EDITOR
TEMASEK REVIEW
Related articles:
>> Debunking Mr Geoffrey’s claims in his misleading article: “Attack on Temasek Review: not SPH
>> Attack on Temasek Review: not SPH
>> SPH IP caught grabbing “content” from Temasek Review
>> Debunking Mr Geoffrey’s claims on “IP spoofing”
Posted in Headlines
25 Responses to “Temasek Review writes to SPH CEO Alan Chan to seek further clarifications”
Loading ...
Alex Tan Allan Ooi AWARE Chee Soon Juan Chiam See Tong Claire Lee David Widjaja DBS Dr Allan Ooi Dr Silviu Ionescu Dr Vivian Balakrishnan Foyce Le Xuan highnote5 Hong Lim Park Jack Lin Xinli Jack Neo Jack Neo affair Jack Neo scandal Josie Lau Josie Lau Meng Lee Lee Kuan Yew Lehman brothers Lighthouse Evangelism MAS minibonds Miss Singapore World NTU stabbing PAP Pastor Rony Tan Ris Low Romanian diplomat in hit-and-run Rony Tan S-League silviu ionescu Singapore Singapore 2010 Youth Olympic Games Tan Kin Lian Thio Su Mien Tiger Woods affair Tong Kok Wai Top 8 Vivian Balakrishnan Wendy Chong Y O G Youth Olympic Games
WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.
Starting to sound like a broken recorder or CHEEEEE
I dun understand what good will this witch hunt does for your website. Just bcos someone is employed in a government ministry, statutory board or GLC doesn’t imply that he or she is necessarily pro-PAP and may well be a loyal reader of your site. Aren’t you scaring away those loyal readers employed in these organisations from visiting your site during office hours?
Since you have established that the person concerned is not up to any mischief, what right do you have to force SPH to reveal the identity of that person?
you addressed the CEO by name.
i’m sure your editor has a name too, no?
It’s weird that on the same day, you have a write-up telling SPH to get to the bottom of the content grabbing incident, and another contribution from a SPH insider. If the SPH insider hasn’t visited your site, how would he know about TR and why would he contribute a write-up to TR?
Its is normal for media company to grab articles or ’steal’ articles from another media company, but deny it completely when caught? Duh….
TR’s articles is in PUBLIC DOMAIN, hence any Tom Dick and Harry can read them. HOWEVER, grabbing the entire site is out of the question and ‘abnormal’, don’t you all agree?
TR explicitly gave ALL READERS permission to real ANY articles on their site but NOT download their ENTIRE SITE! Lets reverse the role and picture TR downloading Shitty Times ENTIRE SITE?
Anyway, a serious allegations was made against TR and I think fitting that TR should demand an explanation and clarification on that aspect.
Admin’s article is tame in comparison with the SPH journalist’s response and even took pains to explain TR’s position and the chain of events, I wouldn’t do that if I had drafted the same.
Its goes to show that TR has taken the courtesy to exhibit professionalism and courtesy to a rival company and for that, SPH owes TR a reply.
Did I not download/grab this article into my computer when i visited this webpage? Am I now being accused of “stealing” this article from TR?
Anyway, SPH does have a search engine called Rednano. Maybe it is the web spider of Rednano at work. Does TR forbid search engines from indexing ur site?
@fearandignorance, normal browsing won’t trigger any alarm bells but a mass grabbing in excess of 100/s will. So if you are merely browsing TR normally, there is nothing to worry about. You won’t get banned by the firewall.
RedNano is owned and operated by SPH, that is TRUE. However, it is run by a divison of SPH, namely SPH SEARCH PTE LTD in Toa Payoh. Their servers (ie: rednano) is located at Expan Internet Data Centre, which uses the IP range 202.176.192.0 – 202.176.223.255.
You mentioned TR forbidding search engines from accessing its site, that is not true. TR is listed on major search engines around the worls, particularly google and yahoo news.
Besides a search engine’s bot and spiders have different rate of connect, nothing identical to the one captured by TR’s logs.
Here’s some information on RedNano for your information.
RedNano is allocated the IP 202.176.218.20, as can be seen from http://www.domaintools.com/reverse-ip/?hostname=202.176.218.20
From the server logs and admin’s postings, the IP address doing the grabbing was 203.116.231.234, which belongs to STARHUB, worlds apart, if you ask me. http://whois.domaintools.com/203.116.231.234
So logic dictates that whatever or whoever doing the crawling or grabbing (whether legal or illegal not being an issue) is CERTAINLY NOT RedNano. Maybe SPH also has BlackNano or WhiteNano?
What if i download many articles from TR for further offline reading but at a reduced rate? Will it raise any alarm bell? What exactly is the TR admin consider with: the excessive connection attempts (but it is not responsible for the site downtime) or the so called “stealing” of content (but “stealing” of one article is still stealing).
Must the indexing (where the web spider is located) be performed at the same site as where the search website is located?
to “spy on Sun, 8th Nov 2009 11:52 am “,
SPH insider can access TR from non-work place and not from office-SPH. It is so simple to know that. There are other sites that talk this incident.
I think I should rephrase my 2nd question.
Why it is not possible that the web crawling is performed at a different network from that of the web server of the Rednano website since web crawling is inherently bandwidth intensive and may disrupt access to the search webpage if they are performed in the same network?
For example, Googlebot’s IP addresses are 209.85.225.99,
74.125.47.99 and 74.125.127.99 and are different from the Google search website’s IP address (216.239.61.104).
yay, finally, TR has tried to clearly articulate what happened and what it wants. After all those wild headline titles that were so misleading. Certainly, TR has a tabloid-oriented editor, worthy of generating reads and advertising revenue.
Beats me though why TR would try to take it out on SPH for a preceived attempt to webcrawl, a day after a DDOS attack. After all, if there was a DDOS, and there is data on what the requests were, isn’t it better to resolve that issue and figure out who the DDOS attacker was? Or isn’t the data available? Or did the TR IT team jump to a certain conclusion that the alleged SPH webcrawl was a follow up to the DDOS the day prior? And if the TR IT team has truly put in place anti-DDOS steps aka 60requests/min, etc, then why the fuss?
So what if any entity gets interested in TR? What if CIA or Al Queda identifies TR as a potential party for their agenda and wants to archive all TR’s content for research, etc? So what? Is TR making it a policy to try to track down all such webcrawls?
Sinkapore claims that webcrawls “steal” articles from websites. Plagiarism happens only when such content is used without attribution. And contrary to his view that grabbing a website is “out of the question and ‘abnormal’”, fair-minded people with a sense of what search engines do would see webcrawling as extremely common, normal, and morally neutral, and devoid of any special value. Except when damage is caused.
So the smoking gun is in TR’s hands – why would TR point to SPH and demand answers, unless TR claims damage? And why should SPH bother to dignify the request, unless damage is imputed? So what about the identity of the employee, or motive, is that significant that SPH CEO should respond? TR seems to be behaving as a rude, investigative reporter, that expects the world to pander to it, rather than a corporate entity that is robust in its IT management systems. Heh, to think that TR expects the world (and SPH) to ensure that the world’s actions comply with TR’s server limitations, and thereby give TR peace of mind.
TR needs a greater dose of humility in presenting scoops that build a case for a better world, yes, with changes in values, beliefs, government policy, rather than purely confrontational smokes and screens. As janetnt points to, TR sounds like CHEEEEE… Please do better.
Well done TR.
Let the whole singapore know about it.
The more awareness the better.
Educate the people.
IF , a big IF, SPH admits to wrong doing, would this not mean they can be sued to pay for damages?
So,….. get my point?
By the way, the new defence for grabbing is pathetic at its intended job.
Be more careful. dogbert is spot on in his comments.
Look at the time wasted spent in correcting the “misunderstanding” because you had reporter that didn’t understand IT. What abt the sub editor a and editor?
For my part, I tot (and still do) that the original article was accusing SPH or its staff of causing problems for TR’s servers by grabbibg content. Now I know that did not happen.
It was not until I read this that I understand what had happened.
So why the headlines of the original article and subsequent headlines?
As an ex-lawyer, I get the impression, reading this open letter, that SPH’s lawyers have written a letter to TR accusing it of defamation. And this letter is an attempt to settle the issue. ‘We would like to appeal for your kind understanding and patience that we were quite traumatized by the earlier DDOS attack which disrupted accessibility to our site for almost an entire day and it was an unfortunate coincidence that an IP address from SPH was caught “grabbing” content from our site a day later’
If they have written such a letter, readers shld be told, in the spirit of openness and transparency.
Ever tot the reporter is a subversive?
======
@dogbert, the user-agent of the server log DID NOT indicate that it was a browser, web accelerator or spider of any sort. Its was a Web Grabber, a software designed for the SOLE PURPOSE of ripping portions or an entire site.
The incident involved is NOT related to a DDoS. Lame explainations from the SPH and some readers suggesting browser accelerators, spiders, web crawler, whatnots have already been debunked techinically in other threads on the same matter, so I won’t repost them here but you can still read the other threads.
Sinkapore -> as A Tan described in his note, I likewise felt that TR’s original article was accusing SPH or something. It’d seem to me that that TR was using fighting words, and waving rulebooks at others.
And, again, you are using technically correct words in an emotive manner. When we say we “rip” a CD, we make a full copy of it. Technically correct. Copyright holders use “rip”, a word with negative connotations to try to imbue the action with morally negative undertones. Media users do know that there are proper and improper “rips” – eg, copying a licensed piece of music onto another player within the alloted number of copies permitted by license. It is not at all clear why this incident should be seen as improper, unless there is (potential) damage to TR.
A software to view and record every webpage on a site is a morally neutral item. Not significantly different in impact from a browser, web accelerator or spider in its net effect. TR has been the only one thus far to imbue ill motives to others, and only getting to this point after making a huge fuss about DDOS, and imputations of damage to its bandwidth. If SPH’s motives are that sinister and TR has evidence of it, serve a request nicely, without all the potential for defamation. What exactly is TR’s complaint? That SPH has breached TR’s T&C of accessing and copying its contents? Oops… maybe TR should take this occasion to embed such a clause into its T&C and whip it out in good order!
Let the relevant authorities investigate or an independent IT security company (probably non-Singaporean) investgate. All SPH has to do is allow access.
It is important for the truth to be out since we have draconian laws against cyberspace crime.
Alas, it will not happen because it is SPH. If it is you or I we are done for! Justice a la Shanmugam.
@dogbert, I don’t like to play word games. You can interprete ‘rip’ in anyway you want but a casual reader would understand what I had actually meant to say.
My postings are for normal readers to digest, not intended for Elites.
My comments are deleted. Oops……… So much for advocating free speech and open honest truth. And credos to all the past work bashing censorship.
@Sinkapore, you’re right. You fear any comments you make at msm site are censored. Their “face” is all too important. You know what, I share that same feeling. Here.
I’ve gone through the massive DDOS article. Like some commenters said, there can’t be any “under construction” site seen by any visitor. The visitor will just see a time-out.
No local downstream measures (eg your new firewall, which obviously won’t make any dent in the DDOS) can unplug the choke in your bandwidth caused by the massive DDOS. DDOS must be stop near the source at the upstream, which means your host provider may need help from partners across the internet. It’ll be super obvious if there’s DDOS.
You’re also more interested in the grabbing than the DDOS. Nobody needs to answer to grabbing, while DDOS has all to answer under the legal section you quoted. Isn’t that a very odd approach?
What’s my take? I really can’t help this. Someone made an big fuss over nothing ie grabbing. And the firewall is put in place to stop the grabbing, not DDOS. The “under construction” page is the interim site while the the firewall is being prepared.
Ok, point made. Please go ahead to delete this post. Face is all-important, I understand.
Hi rolleyes,
This has already been explained earlier somewhere. Please check out the facts before trying to act smart again.
The DDOS occurred on Friday morning till 10pm after which our system administrator decided to install an anti-DDOS firewall which explains the “under construction” page some netizens see subsequently.
All the information was given by our hosting company RTG Asia. Please feel free to check out the facts with them. We have nothing to hide. If there is anybody out there who can prove to us that our site is not under any DDOS attack, please go ahead and prove us wrong. Don’t hide behind the darkness and think we do not know about your background.
The strange thing is, we have dubious characters who claim that there wasn’t any DDOS attack and yet UNABLE to provide any evidence to prove us wrong.
So if it is not a DDOS attack, are you implying that our hosting company has lied to us?
We really have to question the motives of these people – why are they so keen to dispute our claims that our site is down by a DDOS attack? Furthermore, they don’t even dare to reveal their real identities or email us! What does it say about their credibility?
And whether we want to make a fuss out of grabbing is really none of your business.
This is our site and we have the right to know why SPH is grabbing our entire content. Can’t we even ask to find out what is happening? We do not have to seek your permission to do that and neither do we have to justify our actions to you.
Congrats TR, liked a pheonix arising from the ashes.
you have certainly stirred some interest with big brother.
@Admin, haha, you’ve got the wrong person. I’m not in the same league as whoever you’re thinking of. And it’s funny how you associate things like that. I’m just exercising my right to free speech. Does my free speech need to align with yours?
Please calm your nerves, don’t be paranoid. Not everyone in Temasek companies and Government offices are evil, ok? Anyway, Einstein says “1+1=2″. Your kid says “1+1=2″. Does that make a difference?
I figure there’re a few admins here? Hope a runaway “submit comment”-happy admin don’t bring down the whole house onto the rest.
Oh boy, if you insists there’s massive DDOS and still do nothing about it but just waste everyone’s time with a fuss over something else (or rather nothing), then go ahead please. The onus is not on me.
There can be feelings of bliss now, since the belief is that your new local firewall successfully defeated the alleged MASSIVE DDOS, thus allowing many lucky visitors through to your “Under Construction” page.
Well, you are the admin, not me. Don’t paint a sorry humble picture if the real one comes next time. We won’t get to see it.
Ok, just delete this free speech if you deem it’s too much.
Hi rolleyes,
You have to try harder. Who told you we did not do anything about it?
Didn’t you read our article which says that we have upgraded the server (again) and install another firewall after the DDOS attack?
As we say before, you can always contact our hosting company RTG Asia. What is stopping you?
If you don’t even dare to reveal your real identity, what gives you the right to debunk what our system administrator says when you can’t even provide any proof whatsoever?
admin
Why bother to even reply when all he is doingis to play like a broken old record.
He is challenging you to delete his post, why not obliged him? We all know who he is and what’s his agenda.
His sole purpose here is to spite TR, why bother to even approve his comments? Free Speech should not and does not apply in his situation, delete his god damned comments!