home links tools blog about

reverse dos example


How ReverseDOS Responds

When ReverseDOS detects what it deems to be spam (based on how you configure it), it's default response is to put the thread handling the request to sleep for 20 seconds. During that 20 seconds the thread checks ever .3 seconds to see if the client is still connected. If the client disconnects any time during this lag period, the request is terminated and the thread returns to the pool. If the client is still connected at the end of that period, then an HTTP 403 Access Denied Header/Response Code is issued from your server, and the request is still terminated - no spam.

Why force a lag before Returning the Response Code?

Hopefully it should be obvious that if you stall spam bots (or porno-addicted humans acting as spam-bots), you're slowing the amount of damage that they can do. Spammers just watch for response headers, and spam sites with a flurry of bits. If something interferes with that, at the very least spammers will have to reprogram their bots. But the beauty is, some sites will always just be a bit slow to respond... and spammers won't be able to just bail if their spam request isn't immediately satisfied. Instead they'll build in some sort of timeout (probably just a few seconds). Even assuming a 2 second timeout, that's two seconds where the spambot isn't spamming - it's tied up and there's now less spam in the world.

But I don't want to lag them. Can't we just all get along?

Whatever, you big pussy. Spammers suck, they need to be punished. BUT, if you don't want to, fine, I understand. (I just have to put on a tough-guy persona because this is ANGRYpets.com). If you don't want stall spam requests, or don't want to force them to wait 20 seconds, you can just set a simple configuration setting in the ReverseDOS.config that specifies how many milliseconds to wait -- if you set it to 0, there is no lag. See... done deal.

Can spammers use this lag to actually DOS my site?

If you're worried about 80 roughly simultaneous spambot threads taking your site to its knees because 80 threads are busy sleeping, worry no further. Only a set number of threads can concurrently 'dish out' stalling 'attacks.' And yeah, you can specify the number of threads allowed in the ReverseDOS.config.

ReverseDOS Simulation

If you'd like to see how ReverseDOS responds (and just looks like the site is buried) you can try to hit my site with spam. Just put something like ?spam=poker in the querystring on any of my pages. Since I've got filters set up to watch for poker in the querystring, your request will be snagged (unless another thread is already busy handling a REAL spammer), and lagged. If you're too lazy to alter the querystring yourself, just click here (where I've done it for you). Of course, if you click that link, you'll be able to keep reading this page . Your browser will do nothing, but your throbber will keep throbbing... letting you know that your browser is still waiting on the server... after about a minute your request will just be denied. To your browser it will just look like the site is being pummeled. (Meanwhile the site is totally functional).