Recently I completed a complex scheme to allow page visitors to download free music, or alternately play (or download) music they’ve paid for. My implementation involves a stand-alone html file, which communicates with a PHP script using javascript and links, to complete or authorize all activities. Every action is logged. Now this is all my original music and I’m no super star, so I was hugely surprised to see my logs filled with people trying to hack my PHP script. Now to be fair, a great deal of my logs showing failed actions may be due to the visitor disabling cookies. Fine… visitors are explicitly warned that the page features won’t work if cookies are found disabled. I do this to screen out anyone setting up a robot or hacking script designed to keep trying, and the page needs encrypted cookies anyway to authorize song permissions. Multiple logged failures with timestamps less than a second apart further prove its not being caused by visitors clicking randomly.
Well the logs do show me the visitors IP, so up till now, I’ve been watching the logs for repeat offenders. Those IPs often trace to Romainia or other locations with doubtful “legitimate” interest in my site. So I then manually deny access to my whole site from those IPs by editing my .HTACCESS file. Now I’ve been thinking of going further by automating that process… recording obvious hack attempts in a database and automatically adding repeat offenders to my growing list of HTACCESS denials.
But now I’m thinking that maybe I’m wasting my time? Maybe I should simply start ignoring the obvious hack attempts, and not even log them. The site and the music authorization scheme have been working perfectly for months now, and if anyone has hacked into my protected directories to gain unauthorized access to files, its obvious they are **not
So what is the general consensus about what to do in cases like this? Should I allow hack attempts to continue unabated, and stop logging them at all? Or should I actively go to battle, by implementing automatic denial additions to my HTACCESS file as I described? The battle seems like a good idea because I’m not crazy about letting hackers waste bandwidth I’m paying for. But on the other hand, I know these things are like a nuclear arms race, and I’ve got a pile of other projects and pages to get to. So maybe as long as the script is blocking them all successfully, I should stop logging them all and ignore the nefarious activity?