The world is an interesting place. And that’s being kind. Think of all the spyware, viruses, pop-up ads, malware, trojan horses, and zombie PCs that Windows users put up with. They think that’s the norm. As Mac users, we know that life is better. It’s sunny and mild. Mostly.
Behind the scenes of running a Mac web site on Mac servers, life is much more dark. There’s volumes of spam hitting the Mac’s mail servers. There’s thousands of break in attempts. Daily.
There’s people with an ax to grind, products to sell, agendas to flaunt, and nearly everyone has something to say (not always worth hearing).
Sound like fun? Like it or not, most Mac web sites are here because of our love for Apple and the Mac. Not many are getting rich. All of us are getting an education on the slimy side of tech life. On the dark side, the Mac is just another target.
As easy and safe and secure and comfortable as Mac OS X is at the desktop level, it’s a much different world for Mac servers.
I’ve heard it said that the only secure server is one that’s unplugged, turned off. There’s truth to that. Maybe, “uplugged” and destroyed, smashed to a pulp would be a bit more secure. But only a bit.
The problem, of course, isn’t Mac’s implementation of security techniques. There’s the firewall, Unix permissions, and all the other techno mumbo jumbo that help make a Mac or a Mac server more secure than Windows counterparts.
The problem, of course, is people.
Most system administrators will tell you that web servers and mail servers are hit with a constant barrage of break in attempts, denial of service attacks, and so much spam your hair could catch on fire just looking at the daily server and mail logs.
Most users of Mac OS X don’t know about such things. Those who manage web and mail servers (and others) know about the dark side and work constantly to avoid a server compromise (break in).
As trouble free as Mac OS X is on your desktop or laptop Mac, Mac servers require more effort to set up, more effort to maintain, and much more effort to secure, and keep secure.
As an example, we use Mac OS X Panther Server to handle email for a number of domains and many users. Email accounts that had been around the longest (some for many years) attract the most spam, sometimes hundreds of messages daily.
While Apple’s Junk Mail filter works well at the desktop level, the spam still hit the email servers by the trainload, many of them spewed forth by “zombie” Windows machines whose owners don’t even know that their PCs are actually spam mail servers.
Mac OS X Server uses Postfix and Cyrus to handle email. Postfix has some excellent filters to block connections from zombie Windows mail servers. In fact, once the filters were implemented, spam to our users dropped by an order of magnitude. For every 100 spam messages a user received each day, now they get 10 or less.
Did I mention the “people” problem? People, hackers, script-kiddies, and techno folks with waaaaaay too much time on their hands are constantly inventing new ways to try to break in to computers, even Mac servers.
“Spammers assume everyone wants to read about their sex links, viagara links, mortgage links, and other drug related links.”On a recent weekend, one of our Mac servers was hit with a barrage of remote login attempts. These are not manual attempts by some pimple-faced high schooler cranking away on the keyboard.
These attempts are automated, search out IP addresses, then begin to probe for open ports, or other weaknesses.
On this particular Saturday, two of our servers received nearly six hours of constant attempts from a site at a university in Sweden (we traced the IP address and notified the school’s technical administrators). The login attempts starting with users whose names started with “a” then, “b” and so on, all the way through the alphabet.
I didn’t know there were that many names available. Tens of thousands.
Our site uses a Feedback form, an Email-To-A-Friend form, and allows for Comments on most articles. Feedback messages, of course, come straight to us.
When you use the Email-To-A-Friend form, an article and link is sent to your friend’s email address. That also means an unscrupulous reader could “spam” someone by entering an email address and a different message (than the article). The resulting “spam” would appear as if it came from someone else, though our IP address would be visible.
Of course, we keep track of such messages and flag both the user’s IP address and their own email address and put them in a “banned user” list. All that extra effort is required because someone doesn’t want to play by the rules.
Spam doesn’t show up in just your email inbox. It also shows up in our Comments section. Spammers don’t care that the article is about how to use a web page editor. They assume everyone wants to read about their sex links, viagara links, mortgage links, and other drug related links. So they post the spam in Comments sections, too.
“Maybe I could get some nude photos of me and sell them as desktop images and wallpaper. I’m blonde, leggy, and single. What would be a good price?”Of course, we keep track of such messages and flag both the user’s IP address, etc., and put them in the “banned user” list. See? I’m repeating myself.
Many sites require a “membership” or “registration” before posting Comments or entering Forums. We may implement such measures if the spam gets out of hand. That won’t fully prevent spam, but it will cut down the amount of spam that shows up.
Some of our readers have voiced concern about the requirement to enter an email address before posting a Comment. Others don’t want their email address posted on a web site for fear that automated email address “harvesters” will find the address and add it to a spam list.
That concern we can understand. So, the email address you enter gets “scrambled” in code so automated harvesters can’t read it, though another reader could write it down and send you a message.
Running a Mac web site (and many others) using Mac OS X Server is no picnic, though it’s probably much easier than trying to maintain Windows desktops in a large corporation. I’d hate to have to do that every day, though the job security would seem decent.
Some of our readers don’t like what we write about or how we write it. Some do. Everyone’s entitled to an opinion, of course. We provide the site because we like Apple, we use Macs, and we make a living with Mac technology. We don’t do Windows.
To make money on a Mac web site requires tens of thousands of unique visitors each day. And lots of content. Five or 10 new articles daily. And ads. Lots of ads. And contests. And Forums. It’s a full time job to make money on a Mac web site.
Someone suggested we put up a PayPal account and take donations. That’s a thought but seems a bit like begging to me.
Maybe I could get some nude photos of me and sell them as desktop images and wallpaper. I’m blonde, leggy, and single. What would be a good price?