Beware: the anonym Internet is full of spam

image1651-348x194_thumb.png

 

Spam isn’t a new subject but I didn’t new till now that also very own created applications could be infected in no time.

In my free time I run the website KnowYourStack. The website was online for some time now and in the meantime I didn’t have the time for up keeping and further development since I’ve moved to another country.

Fail early – fail often

According to this slogan I’ve brought the page online in a case of youth foolishness. Also I’ve planned to test the anonym participation – Idea: No registration – no border to act on the site.

Result: Spam

It didn’t take long for the spam bots to invade the site with spam:

image1652

After the system is completely based on my own code I wondered about the enormous number of spam (4 to 5 entries every day).

Bruteforce FTW

I’m sure that these boots aren’t configured especially for my website so that’s what I assume:

Spam Boots are scrawling through the internet and as soon as they find a form they fill it and send it in. If you didn’t integrate some security mechanism like a little math task or a captcha you are going to be an advertisement target. It was interesting to recognize that the more spam I had the more I got. To be honest I have a little respect of these little devils that developed this.

Lesson learned: Self-made Apps could be a spam magnet too

Without a protection like Captcha and so on it is an easy task for spam bots.

Lesson learned: Anonym only with moderation

Anonym entries have their value but it is necessary to have some kind of moderation.

Lesson learned: Integrate some Mini-Administrations-Functions

I didn’t thought about this subject at all. At the beginning I had to remove the first spam entries via RavenDB Management Studio. It’s possible but laborious. My advice for you: It’s useful to integrate some administration functions from the beginning – even a not-anonym user could share some improper content.

P.S: I’ve pulled the emergency brake. KnowYourStack Reimagined Zwinkerndes Smiley

image

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

About the author

Written by

Learn more about our team.

Comment on this post

Recent Posts

  • image1929-570x143_thumb.png
    Create and validate own Json-Web-Tokens (JWTs)

    If you are interested in web authentication you probably have heard about JSON Web tokens (JWT). What is a JWT? Maybe I’m not using the correct security termination but however: JWTs are used to exchange claims between two systems. For example: You want to log on to a service (like Facebook, Twitter, etc.) and want […]

  • Micro-Optimization: how to shrink or „embed“ pictures

      I’m currently working on the “CodeInside Dashboard” and since the page structure isn’t that difficult it should be possible to fulfill all of Google Pagespeed or Yahoos YSlow recommendations. One of the rules was to optimize the 4 PNGs that are embedded on the page.   Before – without optimization: Below you can see […]

  • image1979-570x194.png
    Move to Windows Azure – VMs, Word Press Migration, DNS changes

    Since mid January this blogs runs on a WordPress installation in an Azure VM. Because I always thought that the subject is quite complicated this blogpost offers a view behind the scenes. Why this move? So far this blog (both German and English Version) runs on a hoster somewhere in Germany. The main problem with this […]

  • Windows Azure Active Directory – CRUD for users and groups

      Windows Azure Active Directory? If you are not informed about the subject I recommend you to have a look on this Azure Info site. Which resources are there? The Azure AD contains the following entities: - Users - Groups - Contacts - Roles Access to the directory or on the “directory graph” Although the […]

  • Introduction into SignalR 2.0 & Azure Website Websockets

      SignalR is an Open Source Framework for Real Time WebApps. The main problem with Real-Time in the web is the canal between Browser and Server. If you never had to deal with SignalR and this problem before here is a brief introduction:   The problem Traditionally the browser initiates the request to the server […]

Support us