Abuse towards this website

This page documents abusive behaviour towards this Web site.

23 & 25 February 2007

This is a copy of abuse originally documented on Wikipedia,[1] from two IP addresses (71.57.90.96 and 216.125.49.252).

ScienceApologist Off-wiki personal attacks

Further to our ArbCom outcome and remedies and Off-wiki personal attacks, I note the following:

  • I run the Web site plasma-universe.com. *My server logs note various visits by IP address 71.57.90.96 and 216.125.49.252 (Wikipedia contributors) whose timing coincide with the actions from two users named “Asshole” (on 23 Feb | Log (359K) ) and “Anon” (on 25 Feb | Log (285K)). Yesterday (11 Mar) I also received over 400 emails (example available on request) sourced from IP address 71.57.90.96, and another contributor to the plasma-universe.com web site received numerous emails,[2]
  • Both IP addresses 71.57.90.96 and 216.125.49.252 resolve to ILLINOIS, and an email I received from someone at “Harold Washington College” in Illinois, also shows the IP address of 216.125.49.252.
  • WP:NPA on “personal attacks notes that “Wikipedia acknowledges that it cannot regulate behavior in media not under the control of the Wikimedia Foundation, but personal attacks elsewhere may create doubt as to whether an editor’s on-wiki actions are being conducted in good faith.”
  • The evidence suggests that User ScienceApologist will be shown to also operate 71.57.90.96 and 216.125.49.252, and he is responsible for the vandalism and spamming of users on plasma-universe.com. Will an Admin check the IP addresses and username? —Iantresman 11:51, 12 March 2007 (UTC)

I was informed about this notice from a third party who monitors this board. The first time I heard about Ian’s website was when Ian made mention of it at Talk:Plasma cosmology, but I thought that he was simply spamming for his website. Now it seems he is accusing me of unbecoming behavior and trying to sully my reputation at Wikipedia. I have some ideas who might be orchestrating this (I believe it is a student of mine), but I’m pretty upset that Ian would accuse me of this behavior without ever having asked me for assistance. I do use the two IPs in question to log into Wikipedia, but the accusations he is leveling against the ScienceApologist account are not connected with the person who logs into Wikipedia as such. —ScienceApologist 12:30, 12 March 2007 (UTC)
  • I can also corroborate, as I am the other party who received several messages for “password change request notification.” Appx 25-30 on plasma-universe.com and one from wikipedia.com. The one originating from wikipedia.com has been forwarded to wikipedia. Though at that time I didn’t have any information on who may have had access to anonymous IP 71.57.90.96 (noted as the originator of the illegitimate password change requests). I assume these were either designed to disrupt use of the system (despite measure in place that countered disruption by outside parties, so usability was not ACTUALLY compromised, thankfully), or as an [unsuccessful] attempt to hack my password on that forum or on wikipedia. I assume it was more of a “nuisance” than necessarily a hack attempt. I can’t say with certainty who originated the illegitimate password change requests, nor will I speculate. If ScienceApologist states the IP address is his (I’ll accept his statement), but has been in some manner compromised, I hope that further steps to limit such action in the future will be taken. If the machine is a shared machine, say at a university or other educational institution (or the IP is used by a proxy server shared between many users), etc. it may be difficult to track down an actual perpetrator. So, I won’t jump to conclusions as to intent, etc. I’ll just hope it doesn’t happen again. ;o] Anyway, nice chatting with all y’all again. Not quite sure how I got roped into the whole thing, aside from I’d left comments on Ian’s talk page on plasma-universe.com and signed it, and perhaps someone followed that link and spammed it too, though not to the same extent as they spammed Ian. Like I said, I can corroborate THAT it happend, but not much more than the IP address noted in the e-mails from here and thereabouts, and the number received. Hope everyone has a good day, aside from this little quibble. I bear no ill will, so long as I don’t get roped in any further. =o] Mgmirkin 03:12, 13 March 2007 (UTC)
  • I may also note that the anonymous user ID 71.57.90.96 and Ian have been having discussions on http://en.wikipedia.org/wiki/Talk:Plasma_cosmology in recent days, and possibly contentions elsewhere. As I recall from prior WP experiece, SA & Ian can occasionally be mutually antagonistic over contentious issues. I won’t comment on rightness or wrongness of either party, or speculate on whether these contentious issues may have spilled over into vandalism of Ian’s site by IP 71.57.90.96 (whether SA or someone else) and current spam issues today. Again, don’t really want to get involved much beyond that. Just noting for contextual purposes that both, as I recall (I don’t frequent WP much anymore, so I was surprised when I got roped into the spamming bit), have had prior conversations, some of which possibly leading up to today’s issue (or not). I hope all this gets resolved amicably, of course. Best of luck all. Mgmirkin 03:25, 13 March 2007 (UTC)
  • Admin comment. WP:NPA#Off-wiki_personal_attacks clearly states that wikipedia “cannot regulate behavior in [outside] media” and “an editor may not be directly penalized for off-wiki attacks”. So we can hardly punish these offences, especially since [3] denies involvement. The policy WP:NPA#Off-wiki_personal_attacks does allow off-wiki behaviour to be “taken as aggravating factors when any on-wiki policy violations are being considered”, but that is something for WP:RFAR, not WP:AE. I’d be interested to hear what other admins have to say. Bucketsofg 19:52, 12 March 2007 (UTC)
  • plasma-universe.com received another attack last night, this time through a proxy server. Unfortunately the uploading of many megabytes of images, and the double redirects put into place, not only crashed the site, but knocked out a number of my client’s Web sites too. As Admins may appreciate, this directly affects my business (I am a Web publisher), which I consider malicious.
  • I can corroborate this too. I was sent an additional appx 40 messages this morning around 6:00 am. I would still prefer to be kept out of this. However, the perpetrator appears to have their own agenda, and may not even know about this discussion, since it may not be ScienceApologist, but another party who has co-opted IP addresses (or these may be proxy addresses used by a proxy server service, and may be used intermittently by different users). Other IP addresses used included: 75.126.48.148, 85.195.119.22, 85.195.123.22, 85.195.123.25, 85.195.123.26, 85.195.123.29 (I note that their talk pages generally indicate that they may be “shared”/proxy/zombie IP’s). I don’t know whether these were by the same user (sock puppets), or by copycats (I believe I’ll remove a comment from Plasma Cosmology ^talk with details of the initial incident in order to curtail copycat issues). —The preceding unsigned comment was added by Mgmirkin (talkcontribs) 17:16, 13 March 2007 (UTC).
  • I acknowledge that Wikipedia has no jurisdiction over any individuals that may or may not be involved. I will be going over the incidents and my server logs more thoroughly for further clues. —Iantresman 12:58, 13 March 2007 (UTC)
Admin response. Your best recourse may be to contact the ISP of the individuals involved and/or your national law enforcement (since such attacks are illegal in most places). One way or the other, you should probably not bring such matters to this page (arbitration enforcement) since we only deal with enforcing existing arbitration rulings. Again, I’m interested in hearing comments from other arbitrators. Bucketsofg 13:47, 13 March 2007 (UTC)

  • Indeed, I wouldn’t involve ISPs and law enforcement here. Unfortunately the latter is difficult as I am based on the UK, and the culprit is using computers in Illinois (and proxies elsewhere). —Iantresman 14:38, 13 March 2007 (UTC)

13 March 2007

This is a copy of abuse originally documented on Wikipedia.

ScienceApologist Off-wiki personal attacks: Concluding evidence

Here is what I think is concluding evidence on the three cases of off-site vandalism and personal attacks of my Web site, plasma-universe.com.

  • 216.125.49.252 is an IP address of “Harold Washington College”. ScienceApologist is quite correct that as a shared IP address, one of his students could use it.
  • 71.57.90.96 appears to be residential (home) IP address. Its times of use suggest out-of-college hours; My server log files (available on request) include the modified IP-address entry “c-71-57-90-96.hsd1.il.comcast.net”. I contacted the customer service department of Comcast.net who told me that “it looks like it belongs to a subscriber .. probably a home”[5]. This would make it very difficult to “compromise” this IP address as recorded on Wikipedia.
  • A student may plausibly have been responsible for the attacks using the shared IP address, 216.125.49.252, the likelihood that they would also have access to the home IP address 71.57.90.96 is slim. The student would require direct access to the home computer, or the installation of trojan software. We also have to assume that the student would have the motive, the will, the expertise and a streak of malicious ill-will again both myself and ScienceApologist. Or the student has authorised access to the home computer, but the owner does not notice.
  • ScienceApologist says he heard about plasma-universe.com after my mention of it on Talk:Plasma cosmology,[6] on 23 Feb 2007 at 20:08 UTC (14:08 CDT). My server log files shows a visit from the home IP 71.57.90.96 at 8:05 UTC (2:05 CDT), 12 hours earlier. It results from a Google search for: “redshift wikipedia” an article which ScienceApologist has been heavily involved.
  • While some of the vandalism was carried out through anonymous proxies such as Anonymouse.org and hidemyass.com, the most recent attack on 13 Mar at 03:08 UTC (10:08pm CDT+1 12 Mar) was preceded one minute earlier by a server log entry from “c-71-57-90-96.hsd1.il.comcast.net”, the home IP address.
  • Where the off-site Web site vandals left comments, it is interesting to compare some of them with previous comments by ScienceApologist
ScienceApologist “Asshole” / “Anon”
“Ian Tresman is a catastrophist who supports Velikovskian pseudoscience”[7] You should read Velikovsky.[8]
“Heliospheric current sheet .. it is the largest structure of the helioshpere, not of the entire Solar System.”[9] “Heliospheric current sheet .. is the biggest structure in the solar system.”[10]
“the ‘electric universe’ .. publish exclusively on the internet or vanity presses”[11] Redirect Vanity Publication[12]

“IEEE special editions on plasma cosmology are part of the obscure plasma cosmology circle. The usual suspects are only able to publish in an engineering journal”[13]

“The IEEE Nuclear and Plasma Sciences Society .. the only professional outfit willing to publish articles on the plasma universe.”[14]

“Ian Tresman’ .. Basic ignorance in the fields of astrophysics, physics, mathematics, and the natural sciences in general”[15] “Ian Tresman maintains pseudoskepticism towards the Big Bang, despite having never taken an actual class on the subject.”[16]
  • Conclusion. Scienceapologist’s IP address 71.57.90.96 appears to be a residential IP address associated with a home PC. The same IP address was also responsible for attacks on my server that has damaged my business. One attack appears to have come from the shared college IP address.–Iantresman 22:32, 14 March 2007 (UTC)
As I mentioned earlier, I have a student who works on research projects with me and I encouraged him to look into these controversies at Wikipedia (and yes, he shares my home internet connection with me through a proxy network as he cannot afford his own ISP but needed acceses to the internet to conduct research). He has personally admitted to me that he did vandalize Ian’s site and has made a few posts under both my IPs at Wikipedia. I have taken measures to prevent this sort of action in the future, but as far as I’m concerned this is a matter best left to private conversation. –[[17]] 00:18, 15 March 2007 (UTC)
Admin note There’s not much ScienceApologist can do about editing from the college, but certainly there shouldn’t be any further incidents coming from his residential IP address. It would be best for Ian and SA to work this out in private; there is no precedent for taking on-wiki action here. Any negative behavior on wikipedia coming from SA’s residential address after this has been brought to his attention would be another matter. Thatcher131 00:25, 15 March 2007 (UTC)

19 March 2007

  • At 1:19am – 2:15am (GMT), selected individuals receive a couple of hundred “new password requests”.

11 April 2007

  • At 7:15pm (BST, 1:15pm CDT) The Web site email address is targeted by a mailbombing campaign, attempting to subscribe it to 85 mailings lists run by National Institute of Health, and at 7:21pm, another 166 e-newsletters from Jupitermedia.
  • Coincidentally(?) I note that User:ScienceApologist ends a session on Wikipedia at exactly 7:15pm

3 May 2007

  • At around 14:00 BST, received half a dozen subscription attempts to AMA newsletters.
  • At around 18:33 BST, receive attempt to log-in from an Anonymouse user.
  • At around 19:14-19:36 BST, receive attempt to log-in from an Anonymouse user as the old user Anon.

21 June 2007

IP address 216.125.49.252 (= guardian2.ccc.edu) Chicago City Colleges

  • At 15:01 CDT, IP address 216.125.49.252 edits the Wikipedia article on talk:ScienceApologist, removing some critical comments I had made.
  • At 15:01 CDT, receive the first of 60 spam emails (unsolicited newsletter sign-ups) which originate from IP address 216.125.49.252
  • At 15:03 CDT, the Web site log records a visit from “guardian2.ccc.edu” who looks specifically for my user account, and the Website email address.
  • At 15:25 CDT, IP address 216.125.49.252 edits the Wikipedia article on talk:ScienceApologist again, removing the comments again which someone else had restored.

Chicago City Colleges abuse

IP address “216.125.49.252” and domain “guardian2.ccc.edu” both resolve to Chicago City Colleges.

  • At 17:32:07 (GMT) the server log shows a post, and consequently must be from a registered user of this site
  • The time coincides with an edit at “17:32, 23 February 2007” from user “Asshole” (click for contribution to this site), which change the article from “this version” to the vandalized version

  • On 21 June 2007, between 21:03 – 21:06 (GMT +1), the server log notes a visit from “guardian2.ccc.edu”, including at 21:04, a look at this web site’s log-in page where the site email address is locate. A short time later (coincidentally?), I receive the first of 60 unsolicited newsletter sign-ups which include the originating IP address 216.125.49.252, examples (1) here, and (2) here and (3) here.

Notes

  • While there are only two example of abuse specifically from Chicago City Colleges here, user “Asshole” has vandalized other pages on this site from another IP address, 71.57.90.96 (summary log), previously.
  • User Asshole has also vandalized this site with usernames Anon and Anoo, which are quite extensive.

Ian Tresman 20:46, 19 August 2007 (BST)


Unsolicited spam

  • 7 Oct 2007 at 00:45 GMT (6 Oct 2007, 19:45 EST)
Received the first of over 50 items of spam email, all newsletter sign-ups. Some require confirmation and can be ignored, others send periodic reminders to confirm, others require manual intervention to unsubscribe their regular mail outs. Fortunately a number of these newsletter sign-up indicate the same source IP address: 128.59.169.46 (Copies of Emails) 8 Nov: Total unsolicited emails now received = 85. 9 Nov: Over 100 spams. 10 Nov. Over 170 spams. 12 Nov: Over 240 spams.

Server Logs

  • 7 Oct 2007 at 00:24 GMT (6 Oct 2007, 19:24 EST)
Looking through the server log reveals access from

ophelia.astro.columbia.edu – – [07/Oct/2007:00:24:02 +0100] (Log extract}
(Include access at 00:24:41 of the Contact page which includes the site email address)

Previous attacks

  • At least five previous attacks have been recorded, included more spam emails, and defacing of the Web site. see: Help:Abuse
  • One individual was the prime suspect, though they blamed a student for the cause.

Consequences

  • Defacing the Web site has resulted in:
  • The need to take the site off-line for a period of time
  • Restricted access to the site by the public
  • Several days restoration
  • Spam newsletter sign-ups have resulted in:
  • Manual filtering of incoming mail to distinguish spam from genuine emails
  • Time to unsubscribe all unwanted newsletters