home links tools blog about

angrypets reverse dos


ReverseDOS lies to Spammers

ReverseDOS stops comment and referrer spam.

Face it, spam attacks are sickening. Within a matter of seconds your site gets inundated with garbage about anatomy-enhancing drugs, home-loans, and poker sites. ReverseDOS fixes all that, by lying to spammers. It does it by making it easy to detect spam, and then making it look like your site is being hammered by too much traffic, or suffering from a DOS attack.

Meanwhile, non-spammers are able to visit your site without a hitch. To the spammers it looks like your server is getting pummeled, and then finally collapses in a heap -- too inundated to know how to send out the proper HTTP Response Code.

Yet grandma is able to cruise your photo-gallery without any problems. With ReverseDOS, clients that don't play nice don't get to see content that grandma can. Visitors either play nice, or they are denied access (think of it as a Reverse Denial of Service).

What's more, while the spammers are tied up on your site waiting for Response Headers/Codes, they're not spamming on your site, or elsewhere. ReverseDOS doesn't just make your site better, it benefits the community.

How does ReverseDOS work?

ReverseDOS is a very simple HttpModule that checks various parts of incoming requests against a list of crap that you don't want pushed on to your site. If ReverseDOS detects a match, it attempts to stall the requesting client for a number of seconds (specified in a .config file). During this loop, which uses virtually no server resources - and only a tiny smidgen of bandwidth, ReverseDOS checks every .3 seconds to see if the client is still connected. If the spammer disconnects, good riddance. If the spammer sticks around, they're finally rewarded with the Response Headers - containing an HTTP 403 - Access Denied Response Code. (Awwwhh tooo bad...)

And some spammer's bots are dumb enough to wait around. I've been able to trap them for over 20 seconds on my site - repeatedly.

The source code is freely available and can be grabbed from the downloads page if you want to know more. (It's less than 700 lines of code.)

But I already have an anti-spam solution...  

If you already stop comment spam with the use of things like CAPTCHAs, database scrubbing (to remove comments after they've been posted, but before they're displayed), or moderation consider the following:

CAPTCHAs: Scheming comment spammers have already cracked CAPTCHAs. Even worse, porn addicted humans are frequently employed as 'sentient' spam bots, meaning that before long the only thing that CAPTCHAs will prevent are posts from legitimate visitors who want to comment since CAPTCHAs will have to become increasingly complex to prevent spammers.

Database scrubbing : If you've already established a list of bad sites, ip addresses, terms, etc. you can easily translate that accumulated knowledge into ReverseDOS filters. Why let comment spammers actually post info to your database where it fragments your tables and burns all of those extra CPU cycles? Stop spam before it gets to your database.

Moderating: If you moderate your comments, which is the only sure way to prevent comment spam, you can still use ReverseDOS to pre-filter what you have to moderate. This will let you spend LESS time moderating, and because moderating won't be such a chore, you'll do it more often -- keeping your blog more lively.

What about Referrer Spam? 

The good news is that many (probably most) referrer spammers actually watch for HTTP Response codes. If they keep seeing HTTP 403 - Access Denied responses when they try to spam your site, they'll either give up (thinking your site is broken), or realize that you are on to them, and leave you alone. Of course, they may try to get tricky somehow to skirt your filters, but they can't get too tricky with an http referrer -- you can just ban entire domains (or their IP address should they try to be even more 'sneaky').

Within a matter of just days I was able to see over a 99.75% drop in referrer spam to my site, and the few remaining bogus referrals that made it to my site didn't get displayed in the list of my referrers anymore. I'm now, effectively, referrer spam free.

Stop Waiting.

Take back the web today. Download ReverseDOS now. It's 100% free, easy to set up and install. The source code is also available, and there are simple to follow instructions that will help you get ReverseDOS up and running within 20 minutes.