Library Web Chic

In the last couple weeks, we’ve been having some problems with blog comment and trackback spam with the UH Libraries blogs. I wasn’t sure exactly how to deal with this and because I don’t control the network I didn’t want to start blocking IP addresses (this is something I’d have to ask someone else to do). So I used my tried and true problem solving methodology; asks someone who I know has dealt with the problem before how to fix it. In this case I asked Blake Carver at LISHost. One tool that he recommended is an Apache module called mod_security.

Mod_security is a nice little Apache module that allows you to setup rules to control what types of requests your web server will receive and not receive. This is very helpful because you can tell it to look at POST requests for certain words and not allow POSTS with these words to be passed through.

You might be wondering why you would want to use mod_security when most blogging software like Movable Type and Wordpress has built-in spam catching capabilities. Well one reason is that traffic from spam can overload your server. Another is that using something like mod_security will keep the number of spam messages that users have to deal with at a minimum.

I’m still getting the hang of configuring mod_security properly, but once I’ve gotten it setup correctly it will keep our spam to a minimum. I do want to point out that mod_security generates large log files for requests that it feels are “bad”. You have to deal with these log files otherwise they will grow to an unmanageable size. I’d advise you cull them regularly and use them to determine IP addresses you want your network admin to block from accessing your servers.

Tools like mod_security are invaluable in fighting the war against blog spam but as someone who runs a blog server you need to realize that for every trick the you put in place block spam the spammers will look for a new way to submit spam. It is a constant battle and you need to be vigilant.