The phrase, “just because you’re paranoid doesn’t mean they aren’t after you”, was coined by Joseph Heller in his 1961 book, Catch-22. Alternatives are quoted in various places, sometimes substituting “out to get you” for “after you”.
I’m definitely paranoid when it comes to server security. I view log files daily, sometimes twice a day.
When I view the log files, I’m looking for things out of the ordinary. With the web server logs, I’m looking for attempts to get access to areas not intended for public viewing.
Recently, I discovered one or more people attempting to bypass the caching system I have in place. This is a custom caching system of my design. The only time it should be bypassed is when I’m logged in as the administrator or attempting to log in, when someone posts a comment, or when the caching script is running.
It should be obvious the caching script runs on the same server as the website, using the same IP address. The restrictions I have in place allow it to bypass the cache. Until I saw what was happening, I didn’t restrict the IP address itself. It took me a couple of hours to figure out how to keep IP address spoofing from having any effect on anything.
To a degree, anyway. But only until I figured out a way to prevent automated comment spam without it being complicated. I don’t use any special script and I don’t use any external service.
I use a simple cookie system. It completely defeats automated spam bots. More than one human spam attempt in a month is now a rare event.
What are those malicious hackers trying to exploit? Most of the time, I have no idea.
I used to block thousands of IP addresses ranges and single IP addresses. My list is now under 20. I now know how to block the vulnerability scans themselves. The secret is to block access to any directory on the server the public shouldn’t be able to reach.
Am I too paranoid about these things? I don’t think so. I have a motive for the things I do and it’s probably not readily apparent.
My website is small, really small compared to the big players out there. But I’m using the same CMS many of big players are using. I optimize everything in a way that the things I do will work for a website whether it has 500 pages or 50,000 pages.
I’m paranoid today so I don’t have to be paranoid in the future, when I may not have time to act as quickly as I should.