In 2020, my blog, curi.us, was DDoSed for the first time around 45 hours after I sent Dennis Hackethal an email he didn't like. DDoSing is a crime involving breaking websites by sending malicious information to them over the internet.
Based on the timing, I suspected that the DDoS was retaliation for my upcoming blog post about Hackethal's book plagiarizing me. I'd emailed Hackethal a draft. I was DDoSed shortly before I published that post. I asked Hackethal for information, and he did have information which would have been helpful, but he didn't respond.
I only intended to call Hackethal a suspect. I found out four years later that he felt like I called him a criminal and that he was very upset. But he ignored my offer to change what I said and he didn't provide specifics. A year later, when he attacked me on his blog, the attacks included enough details for me to clarify that I wasn't calling him a criminal. In response, he attacked me more and even accused me of lying about taking anything down or making edits, which is weird since I did and it's easy to check.
In 2024, Hackethal told me:
For clarity: my denial of all criminal allegations means I did not DoS your website, nor do I know anyone who did.
As far as I can tell, he wants me to consider him a non-suspect because, four years later, he said he didn't do it. Also, if he doesn't know who did it, then why is he confident that the perpetrator isn't someone he knows (like Andy B, who left hundreds of harassing comments on my blog)?
Hackethal commented further in Feb 2025:
I wasn’t obligated to help him [Elliot Temple] investigate crimes.
I said that people should judge Hackethal negatively if he won't cooperate with my DDoS investigation. He says that me complaining about his silence was me coercively mistreating him.
If someone committed a crime while trying to defend or help me, I'd want to investigate and find out who did it so I could ban them from my community. I'd also make a statement asking people not to do that. Hackethal didn't seem to want to know who did it, nor did he make a statement asking his audience not to do it (and it actually happened a few more times; it wasn't just a one-time problem).
It wouldn’t have made any sense for me to do it anyway – even if one were to take his site down, he would just repair it and publish the post later, only with additional fervor, or post it somewhere else with better defenses in the meantime.
Yeah. I also didn't think DDoSing my blog made sense. I presumed the perpetrator was emotionally upset, not a criminal mastermind. Hackethal later said he was, and still is, extremely emotionally upset about my blog.
Temple himself reached out to several people with his plagiarism complaint about me
Hackethal seems to be saying that maybe one of his associates, who I contacted about the plagiarism issue (e.g. David Deutsch), DDoSed me. But Hackethal also says no one he knows did it. Also, Hackethal says that if they did talk about the plagiarism dispute with anyone then "they would never have done so with malicious intent – they’re good people".
Further, Temple already had a history of publishing disparaging blog posts about people.
Maybe the timing was a coincidence. It could have been someone I criticized in the past.
An associate of mine had told me months prior that TheRat had shown him “how to see” Temple’s Discord logs.
In the logs, I shared that I had an upcoming blog post accusing Hackethal's book of plagiarism.
Hackethal acknowledges that TheRat is one of the identities I linked to Andy B, who cyberstalked and harassed me. Hackethal knew that Andy B, after being banned from my Discord server on multiple identities, was stalking me via Justin's Discord archives. Hackethal knew that I considered Andy B a suspect for DDoSing me. But he didn't share this evidence until 2025 (when he started publicly attacking me; he didn't send me this information). I would have liked to know back in 2020 how much I was being stalked, by who, and by what methods.
I think Hackethal would say that he was under no legal obligation to help in any way when someone he was having ongoing conversations with was committing crimes against me (whether Andy B DDoSed or not, he committed other crimes). I'm not a lawyer and I don't know what was said in Hackethal's conversations with Andy B. Even if it's legal, I do think friendly chats with criminals can encourage them.
Who could have DDoSed besides Hackethal or Andy B? Hackethal proposes a different theory:
anyone could have read the chat log
Justin's archives of my Discord server weren't password protected. Anyone could have found them, read them, and been mad about my upcoming blog post accusing Hackethal of plagiarism.
Around seven months later, one of the anonymous comments on Hackethal's blog proposed another theory:
Maybe Elliot put malicious code on his own site to frame innocent visitors. Wouldn’t surprise me atp [at this point]. Or he’s just an incompetent coder
This comment was inspired by Hackethal's theory that my website instructs visitors' web browsers to send thousands of requests per hour while they have one of my pages open.
Hackethal said he noticed his own browser sending thousands of requests per hour to my blog in May 2025, but he didn't investigate or take steps to stop sending those requests. Sending thousands of requests is the main part of DoSing a website, so he shouldn't have ignored the problem. DoS stands for denial of service. In 2025, he didn't send enough requests to deny service (I didn't notice my website go down), so those requests weren't a DoS. A DDoS means the requests are distributed (come from multiple computers), but he didn't mention these requests being distributed, and a non-distributed DoS is still a crime.
In September 2025, Hackethal decided to publicly blame me for the thousands of requests he's been knowingly sending to my site. I guess it didn't occur to him that it could be his own fault and that the same thing isn't happening for other people who visit my website. He's a software developer who should have the technical skill to investigate what's going on with these requests and stop sending them.
Maybe Hackethal is sending thousands of requests to every website he visits. Maybe he got angry and set up DoS tools in 2020 but didn't go through with it (someone else DDoSed me), but he didn't fully remove the DoS tools from his computer and they accidentally activated in 2025.Maybe his computer started glitching out in 2025, just on my blog, and that's completely unrelated to the DoSing. Maybe there's a bug with my website code that affects Hackethal even though I (and others) can't reproduce it. Since he won't cooperate in my investigation or provide details about the requests, I don't know what happened.
Since admitting to sending thousands of requests to my website is such a weird thing for Hackethal to have posted, especially when he's touchy about the topic of DoSes, here's a screenshot:
That's not the only weird thing:
Last I checked, Elliot banned Justin from his forum a while back, but Justin still checks it every few days like a rejected puppy. (You can see the ‘last seen’ timestamp or whatever it’s called on Justin’s profile.)
My forum doesn't share members' login frequencies. It shows the single most recent login time, not their history. To identify behavior patterns, you have to check their latest login timestamp repeatedly and record or remember that information. To know that someone logs in every few days, you have to check on them at least every few days yourself.
I changed my forum settings to try to block Hackethal from stalking members. After I made the change, later the same day, someone accessed my forum over 1,000 times. Hackethal also reported my change publicly:
Temple has since blocked the public from viewing user profiles on his forum:
And he shared a screenshot of himself trying unsuccessfully to view Justin's profile.
Here are the user profile views per week for my forum:
They go up a lot in 2024 shortly before Hackethal's lawyers contacted me. They stay elevated, go up more in early 2025 shortly before Hackethal blogged about me, and drop off after I restricted access.
Hackethal talked about sending thousands of requests to my blog in May 2025. Reviewing the logs, I found an IP address that he may have used to send 13,389 requests with automated tools in under a day (which is rude but I think it's legal because it didn't crash the website or deny service). I suspect he uses many IP addresses, and I found evidence connecting this IP to others, but let's look at just this one IP. Here are the request counts from that IP address by hour and by URL:
| Date | Hour (UTC) | Request Count |
|---|---|---|
| 09/May/2025 | 18:00 | 467 |
| 09/May/2025 | 19:00 | 964 |
| 09/May/2025 | 20:00 | 522 |
| 09/May/2025 | 21:00 | 787 |
| 09/May/2025 | 22:00 | 714 |
| 09/May/2025 | 23:00 | 749 |
| 10/May/2025 | 00:00 | 706 |
| 10/May/2025 | 01:00 | 580 |
| 10/May/2025 | 02:00 | 851 |
| 10/May/2025 | 03:00 | 939 |
| 10/May/2025 | 04:00 | 669 |
| 10/May/2025 | 05:00 | 708 |
| 10/May/2025 | 06:00 | 837 |
| 10/May/2025 | 07:00 | 677 |
| 10/May/2025 | 08:00 | 698 |
| 10/May/2025 | 09:00 | 567 |
| 10/May/2025 | 10:00 | 1003 |
| 10/May/2025 | 11:00 | 556 |
| 10/May/2025 | 12:00 | 395 |
| Total Requests (18 consecutive hours) | 13389 | |
| Request Path | Request Count |
|---|---|
| /2126-open-discussion?comments=50 | 714 |
| /2126-open-discussion-2018/stylesheets/structure.css?1684948536%27 | 476 |
| /2126-open-discussion-2018/stylesheets/sidebar.css?1684948536%27 | 476 |
| /2126-open-discussion-2018/stylesheets/reset.css?1684948536%27 | 476 |
| /2126-open-discussion-2018/stylesheets/mobile.css?1684948536%27 | 476 |
| /2126-open-discussion-2018/stylesheets/markdown.css?1684948536%27 | 476 |
| /2126-open-discussion-2018/stylesheets/dialogs.css?1684948536%27 | 476 |
| /2126-open-discussion-2018/stylesheets/curi.css?1684948536%27 | 476 |
| /2126-open-discussion-2018/stylesheets/blog.css?1684948536%27 | 476 |
| /2126-open-discussion-2018/stylesheets/banner.css?1684948536%27 | 476 |
| /2126-open-discussion-2018//www.facebook.com/help/?ref=href052%27 | 389 |
| /main.aspx?fi=157&doc_id=26161 | 238 |
| /main.aspx?fi=157&doc_id=26155 | 238 |
| /2126-open-discussion-2018/stylesheets/structure.css?1684948536 | 238 |
| /2126-open-discussion-2018/stylesheets/sidebar.css?1684948536 | 238 |
| /2126-open-discussion-2018/stylesheets/reset.css?1684948536 | 238 |
| /2126-open-discussion-2018/stylesheets/mobile.css?1684948536 | 238 |
| /2126-open-discussion-2018/stylesheets/markdown.css?1684948536 | 238 |
| /2126-open-discussion-2018/stylesheets/dialogs.css?1684948536 | 238 |
| /2126-open-discussion-2018/stylesheets/curi.css?1684948536 | 238 |
| /2126-open-discussion-2018/stylesheets/blog.css?1684948536 | 238 |
| /2126-open-discussion-2018/stylesheets/banner.css?1684948536 | 238 |
| /2126-open-discussion-2018/2126-open-discussion?comments=50 | 238 |
| /2126-open-discussion-2018/2126-open-discussion-2018?comments=50 | 238 |
| /2126-open-discussion-2018 | 238 |
| /2243-deplatforming-and-fraud/stylesheets/structure.css?1684948536%27 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/structure.css?1684948536 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/sidebar.css?1684948536%27 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/sidebar.css?1684948536 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/reset.css?1684948536%27 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/reset.css?1684948536 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/mobile.css?1684948536%27 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/mobile.css?1684948536 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/markdown.css?1684948536%27 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/markdown.css?1684948536 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/dialogs.css?1684948536%27 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/dialogs.css?1684948536 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/curi.css?1684948536%27 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/curi.css?1684948536 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/blog.css?1684948536%27 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/blog.css?1684948536 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/banner.css?1684948536%27 | 115 |
| /2243-deplatforming-and-fraud/stylesheets/banner.css?1684948536 | 115 |
| /2243-deplatforming-and-fraud | 115 |
| Total Requests | 10904 |
Many request paths in the table are broken. Sending hundreds of requests to the same URL, to repeatedly download the identical data, also seems like an error. There were another 2,485 broken requests. They were similar to each other, but each was slightly differently, so I left them out of the table. That makes the request totals between the two tables match. Overall, these requests suggest that someone was careless with the buggy code that they used to send over 13,000 automated requests to my blog in May 2025.
This IP address (64.23.154.143) is owned by Digital Ocean, a cloud server provider. After I already suspected this IP address was Hackethal's and did the analysis above, I also found that Hackethal hosts at least three of his websites on Digital Ocean. Digital Ocean is a popular provider which many people use, including me.
The reason I suspect this IP address was Hackethal's is because he claimed to have sent thousands of requests to my blog in May 2025. I looked for those requests and found this abnormal behavior. I specifically looked for someone loading the same page over and over, rather than scraping the whole site, since that seemed like the best fit for what Hackethal said. And these requests appear to fit well into the ongoing pattern of his behavior. He's made multiple comments about monitoring me, my websites and my community members.
The next month, in June 2025, I received 840,716 requests from the Scrapy user agent (used for Python scripts), compared to under 100 the previous month, the next month, and almost every month in general. That isn't part of the general traffic from scrapers and bots that I (and other websites) get every month. That's a lot of requests. Was that Hackethal?
Did Hackethal set up his computer or a cloud server to automatically access user profiles thousands of times and save the data? Did he monitor my forum members that way for around a year? Did he send over 13,000 requests to my website using automated tools in May 2025? Did he use Scrapy to send over 800,000 requests in June 2025? Could his potential use of automation tools in 2025 have anything to do with the 2020 DDoSes or with his own claim about sending thousands of requests per hour to my blog in 2025? I don't know and Hackethal isn't legally obligated to answer my questions.
Messages