mod_security for protecting your blog
In light of the coverage that the Register's interview with a link spammer is getting, it's worth reviewing some of the host-level changes that can be made to protect against these attacks.
Foremost among the options is mod_security. You can follow the latest on this Apache module on the mod_security blog, which is powered by Movable Type and protected by mod_security. If you're new to the module, you can read over this useful introduction to mod_security.
For a more general look at how to protect yourself, you can take a look at Elise Bauer's tutorial as well as Ann Elisabeth's ongoing coverage of how spam is evolving.
If you want to implement mod_security yourself, a great way to get started is Noel Jackson's mod_security rule generator, especially if you pair it with Peter Wood's blacklist_to_modsec, which lets you hook up Jay Allen's Blacklist to your mod_security rules. (This is also a handy way to cut back on referrer spam.)
Finally, you'll want to add in another contribution from a Six Aparter, Brad Choate's DSBL plugin. We've been using similar DSBL blocking on TypePad with great results.
Comments