When writing code, any code, you have always have to wary of the enemy. Sometimes the enemy is bugs in your code. And we all know what havoc that can cause, but they are usually benign. Usually.

When the code in question is running a website, your enemy is the legions of crackers (they are commonly misidentified as hackers) that are trying to deface popular sites, or high ranking business sites. Over the past few weeks, Russian crackers have been trying to deface the site of my best client. At least they appear to be Russian. They have attacked literally every single piece of code that accepts variables. Every one of them. So far, we are winning. Even to the tune that their last attempt happened a week ago.

I have no false feelings of joy and success that we won this round. They will be back. Back with better tactics, new exploits to search for, new ways of bringing pain. For the wild legions of crackers have moved on to easier prey. The last few years have told me only one thing is certain. That they will be back sooner, rather than later.

Like any General watching his attackers retreat in defeat, my feelings are how can we improve our defenses for the next attack. An attack that will be stronger, faster, more cunning, aiming to not be noticed as soon, how to beat us. While we plan for the next encounter, I am setting my alarms to be notified earlier. They had hammered us with 1 million unsuccessful attempts before it hit our radar. That is 20 times too much for failed attempts. Too low and we get false positives, but 1 million makes me nervous. We will react faster next time. And we are reviewing 100% of the code base to hopefully ensure we have all the gates shut.