Recently I came to realize the real threat spammers pose to the Internet community. After trying for two days (30 hours) to find out why a web application, that was up to recently flawless, was not responding on a non deterministic basis, I discovered (the hard way) that it had been exploited by spammers, in order to send their emails. Sending thousands of emails each day the spammers have actually accomplished a DOS (Denial of service) attack on it.
So what’s the lessons learned here…
a) Design your web applications having security always (I don’t know if I’m emphasizing “always” enough) in mind. Don’t rely on software or third party infrastructure to secure your application.
b) Provide only the required by the spec. set of services to the users as it is more than certain that they will be targeted by malicious users.
c) Don’t rely on third party components to be secure. Test them you’re self before using them in your application.
d) ALWAYS enable logging for your web applications.
e) When an application you built fails for reasons you can’t figure out, check the web server’s logs. The information you’ll get might help you find the problem even faster than debugging (if that’s even possible).
I could go on and on with advice, but I think I got the most important ones. Hope this helps the next guy that will fall into similar kind of problem…P.S. Now that I mentioned spam, I’m starting to get really annoyed with the number of spam I receive each day. It’s not only the waste of my time (My Outlook spam filter actually saves me from having to go through the trouble of handling spam) but of bandwidth as well. I’m thinking of removing my email address from my site. Does anyone have any suggestions?