Notes on mod_security vs. spam

I set up mod_security, a web firewall for Apache, to deal with comment and trackback spam on my server. This isn’t a complete guide to mod_security, just the information I wish I had when I started.

I’m using mod_security because my server has lots of different blogging tools installed, and there’s no way to centrally protect them all. This won’t take care of all comment or trackback spam, but I’m hoping it will greatly reduce the amount we get. Also, I’m expecting mod_security to be faster than other tools since it stays in memory and doesn’t hit the database.

Continue reading “Notes on mod_security vs. spam”

Google’s comment spam problem

Comment spam is a problem, but it’s not my problem. I get hit with comment spam, sure, but I’m only to blame in the sense that I have a weblog. The comment spammers are to blame, but they’re not alone in culpability. The one character missing is the one people are first to defend and last to blame &emdash; Google.
Google built a hell of search engine with PageRank, and were rewarded with unbridled admiration and one of the world’s most liked brands. But PageRank isn’t perfect, and people have been gaming it for as long as its been around. Google actively tweaks their algorithm all the time to deal with spammers.
Originally spammers would post their own links in their own domains. While it would be annoying in search requests, that’s the only time you would encounter them. Google was able to combat that by avoiding junk sites, so the spammers moved on to adding links to weblogs.