Tuesday, June 19, 2007

Web Security Upgrade

One of the features that the OCF is rolling out this summer is increased web server security for our users and their web applications. We've added some tools that'll monitor web traffic and intercept many common types of attacks, giving our users an extra level of protection from newly discovered vulnerabilities.

Most importantly, though, these tools will help protect our users from comment spam (unsolicited commercial postings). The OCF web server receives more than one million requests every day, and a growing number of these requests are attempts by automated programs to post spam on our users' blogs, galleries, and web sites. Besides leaving distasteful messages, these programs also place a great burden upon our infrastructure, slowing down our services.

We've currently enabled an aggressive set of filters to catch most attacks and spam, and we will continue to add filters as new attacks are discovered. As with any automated monitoring system, though, there will always be the possibility for incorrectly tagged requests. If you're having problems with your web site, please let us know.

Also, please keep in mind that these security systems are designed to help us help you. We encourage OCF users to keep their web applications up-to-date, as bugs and security holes are being fixed every day, and it's impossible for us to protect every single application that our diverse user base employs. We also highly encourage users to install plugins to reduce the flow of spam via captchas or other methods.