The above graph represents the number of hits that have been turned down by my host (TextDrive) through ModSecurity, before they hit my site in the last 7 days. Those hits are mainly link spams of three sorts: comments, TrackBacks and referrer spam (the latter seems to be the most prominent, comment spam counted for 336 hits and only 6 TB spams in the past 7 days). I'm quite please to report that in the past two months, only 9 comment spams and 2 TrackBack spams, all posted manually, have found their way to this blog, only to be removed in less than 10 minutes and granted a place in my host mod_security rules to the benefit of thousands of other hosted sites in the farm. I'm quite confident that all of the automated spams have failed their target.
As far as I can see, the biggest pain of automated spam is its scale, currently equivalent to DoS attacks. But automation is also its main weakness because it makes things easier to screen for patterns and block those attacks as soon as it starts hitting one site (and you can setup honeypots as automated traps). By sharing the same rules among a web farm, you protect all sites hosted there. Take this one level up and by sharing rules amongst hosts in real time, the internet community could make the game significantly harder (and costlier) for spammers. This will eventually be done by the agile hosts out there. It's still an arms race, but why would the spammers always have the biggest weapons?
Leave a comment