Posted by Kate Phizackerley on 15:38

At the weekend I had my first flood of spam. One of my blogs was averaging a spam comment every hour. That's not totally desperate but it was intrusive as I was getting an email every time because I review all comments.

Since it could get worse, pre-emptive action seemed sensible. There are standard tools I could have implemented but I chose not too. Standard tools fall into two groups: those which inconvenience regular readers (eg Captchas) and those which spammers have learned, or are learning to circumvent. The concept of drug-resistant bacteria is well understood but equally security measures lose their efficacy as criminals learn about them. Criminals learned to disconnect burglar alarms and to forge passports. Airport security is a constant battle between authorities and terrorists.

Standard tools and measures have their place in raising the bar to protect against amateurs but they may be less effective against professionals.

I do, of course have one layer of standard defence against spam in place. Rather than add another standard tool, I chose to bespoke a defence. Since then, no spam has got through. My log suggests the spam flood itself is over, but my new tool is still logging attacks it has prevented. By policy I'm not going to describe how it works. I don't pretend it's foolproof. It's very effectiveness lies in its novelty. That's the key to security - some of the measures should be unknown and unusual.



Admin Control Panel