Rexiology::Past

Second-Level-Shelter from spammers: AngryPets' ReverseDOS...

[via Chris Frazier's blog] AngryPets' ReverseDOS...

it's been too busy recently therefore I seldom had time to read those blogs I subscribed. after I deployed ISAPI_Rewrite today, taking a breathe and watching TV tonight at home, I had a quick peek from those blogs. and happened to see Chris's blog about Michael K Campbell's ReverseDOS tool, another nice, free, opensourced and useful tool for blocking spammers which is made in .NET platform.

and just like Michael said in the tool homepage, setting up ReverseDOS is really quick, configuration is also easy if you are familiar with ASP.NET system. it only took me about 20 minutes to get it running in my blog.

basically it's an http module approach of spam filter upon ASP.NET platform. uses http handler to filter requests to block spammers. there is comparison of various spam-blocking-approach in ReverseDOS tool site which I think is very descriptive:

• If your site displays a list, or lists, of sites that are referring to your site, then you're a target for spammers -- and you're most likely scrubbing bad referrers out of your database before you present them to legitimate visitors. But why let these scumbag referrer spammers get as far as your database? Why not use all of your cool filtering logic to greet these requests right as they come in? ReverseDOS lets you specify simple phrases, as well as regular expressions as filter patterns for all referrals to your site. If you see a referrer that you don't like, the request stops there -- no wasted cycles to log the request to a database, and no wasted cycles to satisfy a request that was never intended to be seen. The referrer spammer is simply denied access to your site.
• The good news is that many (probably most) referrer spammers actually watch for HTTP Response codes. If they keep seeing HTTP 403 - Access denied errors when they try to spam your site, they'll either give up (thinking your site is broken), or realize that you are on to them, and leave you alone. Of course, they may try to get tricky somehow to skirt your filters, but they can't get too tricky with an http referrer -- you can just ban entire domains (and a simple regex will let you ban all ip address referrers).
• If you don't display referrers on your site, but DO use an analytics package to see who is referring to your site, these spam referrer requests are still logged. However, it highly probable that these referrals to your site will be listed with the 'errors' on the site instead of with legitimate referrers.

as for the last point, what I just deployed ISAPI_Rewrite that operated in the lower level (Web Server Level) will prevent from those spam being writing into web log files. thus that's what I felt about ReverseDOS as the second shelter in application level for defending those spammers.

although just found hours ago that ISAPI_Rewrite seems stopped function sometimes and still let those spam pass through web server and write into web logs, I guess it would be that I used redirect to direct spam to the spam site, rather just forbid them. I've changed back to forbidden approach to see if this makes ISAPI_Rewrite stable on behave.

[Updated]

• just found that even though ISAPI_Rewrite blocks requests and given a 404 or 403, this action will still be recorded into web log files. so it's not that ISAPI_Rewrite sometimes not functioning, and therefore there will still be those spam site records in the referer statistics that's generated by tools but will notice in Error statistics that those spam site requests are all be error by 404 or 403, just like what Michael said in his tool site. maybe I do need another tools to just erase those spammer's log entries before I launch the log report tools. wondering if there are better ways to do it...

[Updated: final working version here]

I felt safer to have 2 levels of protection from those spammers, thus I've also turned on trackback and pingback features of .Text to see if those 2 tools can successfully prevent those features from being spamming again.

Chris got 8 days from being spamming after installed ReverseDOS, I'll see if I can get lucky just like him. 

thanks Chris for the information, as well as Michael for the nice work!