I manage the website for my school, which is built using Drupal. My background is mostly from the design side of things so I don't have a lot of knowledge about security issues. I have noticed from the logs that there have been an increasing number of attempts to post obscene spam messages on our guestbook page (now up to around 150 a day). I have Mollom protection enabled, which is working well at the moment, and also have to approve any posts before they are published. However, I am concerned that the attacks may become more serious. A few log entries refer to 'page not found' errors for pages that have never existed on the site - eg one recent one was for crossdomain.xml.
Should I be concerned? Is there any action I can take to protect the site and its contents? We have a lot of photos of school activities on the site, which is one of the most popular features with parents, but I am starting to feel a little uncomfortable about this if we are attracting attention from the darker side of the web.
I have changed the url of the guestbook, and may even take it down completely uf it will help to solve the problem as it is hardly ever used by legitimate visitors. Have also blocked the ip addresses of the spammers on the site and on the web host.
I wouldn't get too paranoid about 404's in the logs and crossdomain.xml which is usually a SWF object trying to access data out of its domain (or someone trying to gleam some info about your domains). Our web servers logs are chock-full of these errors and haven't seen any evidence yet of any breaches. Unfortunately there's not a lot you can do about it except keep your server and software up to date, it goes with having a bit of kit thats exposed to the outside world.
It's definately common! I run my own web servers privately and in production and I dont just get spam attempts but hack attempts etc - aslong as you stay up to date and have the right security in place on your servers you should be fine and I presume your using a Linux server ?
I wouldnt worry too much.
Also, if yu can (to make things easier) get your server to email you logs of security breaches, spam attacks - I find it easier to monitor whats going on.
The most important thing you can do is patch. If a security vulnerability is found in the application then it won't be long before people are trying to use it to break into vulnerable sites. If the components you use have a mailing list, subscribe so you get notified of new releases and can update asap.
The other most important thing you can do is backup :-)