The web for me is a hobby where standards and best practices are daily bread. Security is a concern that everybody must be aware of its details for IT in general, and the web in particular, to be a safer place. My life, on the other hand, is that of a regular Lebanese citizen where politics and social issues are discussed on a daily basis. I hope you enjoy reading my blog and make sure to drop me a comment about any topic you find interesting.
Is Spamming a Security Breach?
Printable Versionvictor | 23 January, 2006 11:22
I tried answering some of them but it turned out that a lot of typing and explanation is required so I figured out that the best thing to do would be to post the anwer in here as an article.
The question to answer is the following:
How To Avoid Blog Spamming?
Read more for the answer.
In Denial of Service attacks, a system is usually busy serving bogus requests sent by attacking hosts. In the case of Spam, this becomes a problem if all the disk space on the website is filled up with spam and, thus, no more comments are being accepted.
In the case that I faced lately, the website was not full yet (luckily) since my space is almost unlimited here. Thus, the main concern was not about whether this was a security breach or not (since it failed filling up the space) but was whether these spamming comments were annoying to visitors or not.
Spamming IS Annoying to Users
Spam is not a security breach. It is simply an annoying action done on public systems by kiddos.
You avoid spam to maintain your visitors, not to avoid security breaches.
If DoS occurs, then spam might be considered as a security breach. In that case, PUBLIC systems must be taken private to prevent spam (such as Email Spamming). In my case, I would like to keep my blog a public system (this is called a business constraint) to maintain a secure anonymous system.
This creates a two-weight balance between anonymity and trust. Thus, I will have to balance between spam and normal visitors.
Action taken? Visual Code Confirmation
The reasoning is that spammers use tools to attack websites. Tools fail visual code confirmation. Thus, tools are stopped.
Spam Tools vs. Human Being Spammers
The question now becomes: what if human beings attack the comments section?
In this case, the visual code countermeasure fails.
Another countermeasure becomes required here and that is to train the system to identify spam and block spammers. This feature is already built in but was time-consuming in the earlier case due to the large amount of spam messages that was recevied. The ones that appeared on the website were approx. 30% of the real messages that were received.
Now that human intervention is requried, the effectivity rate becomes bigger and the IP Blocking feature becomes more effective ;)
If they all fail, the only solution will be private blogging and this is exactly what I don't want to achieve.
How Long Will This Last?
The real challenge now becomes whether the spam identification and IP-Blocking countermeasures will last long before someone comes up with an attack that succeeds at both levels. My answer is normally to wait and see. Needing a solution is at the basis of all Inventions. We will wait and see and, when these countermeasures start failing, I will worry about getting something new. Meanwhile, I don't see any reason for this headache ;) This is a personal blog afterall and I don't see aliens flying towards it yet with pretty advanced security attacks :) If you ever see one, please let me know and I will make sure to solve it. Meanwhile, I will be working on a private version of this blog just in case it took me a long time to come up with a solution.
Security |
Next | 
Previous |
Comments (0) | 
Trackbacks (0)
- The Future of Web Programming
- Unix vs Windows
- Emerald Who's Who is a Scam
- RSS: A Spam Killer!
- Israel: More Powerful than the UN!
Comments
Menu
Search
Calendar
| « | February 2012 | » | ||||
|---|---|---|---|---|---|---|
| Mo | Tu | We | Th | Fr | Sa | Su |
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | ||||
Who am I?
I am experienced in Internet technologies, Web Services and Online Interactive solutions. I am very interested in challenges related to web services engineering especially complex and hybrid online solutions (Intranet, Extranet, e-Commerce, etc.) and algorithms (search engines, security, etc.)
I am experienced in security as well. My expertise is mainly in network and Internet security. I am also experienced in the fields of cryptography, security assessment techniques, security design (policies, profiles, architectures, etc.) as well as security auditing and ethical hacking.
I am a Linux fan (by nature :). Period.
Poll
Recently...
- The New Facebook Sneak Peaks
- NASA Satellite to Crash Back to Earth this September
- Google Desparate for Gmail?
- Shortcuts to Official Exam Results on www.schoolnet.edu.lb
- 10 Dirty Little Secrets You Should Know About Working in IT
- Turkish Airport Smoking Terrace
- 10-10-10 10:10: TEN DIGITAL CHEERS!
- Alfa Statement Roaming Charges
- Google Analytics vs Log File Based Statistics
- Ziad Baroud Spamming?
- A Couple of Amazing Tricks!
- A New Speed Radar That You Cannot Fool!
- Standard Chartered Email & Website Phishing
- Huge Lighters Security Alert
- Few Blog Updates to Share
- NetDesignPlus in Kuwait
- Hidden Fees with Malev Hungarian Airlines Online Booking System
- IEEE High Availability Database Workshop
- Halloween 2009
- One-Million Dolar Picture