home links tools blog about
home

« Zoinks! | Main | IIS and 403 - Oh My!!! (ReverseDOS update) »

July 15, 2005

ReverseDOS 2.1 Live

I made a few last-minute changes to the 2.0 code base, and 2.1 is now live (i.e. there was no 2.0 release). So, I'm happy to introduce the re-fanged, and easier to manage: ReverseDOS 2.1!

2.1 is a considerable improvement over 1.2, and should be a lot easier to maintian... but I've seen the future, and the future is ReverseDOS 3.0. (Then I'm done with it <g>).

As cool as 2.1 is, there are some BIG things about it that bother me. Consider the following entries in the web.config for stopping stuff with 'poker' in it:

<add type="commentspam" pattern="poker" />
<add type="referrerspam" pattern="poker" />

See, two entries, one to stop referrer/trackback spam, the other to stop comment spam. Ideally, you'd just create a list of CRAP, and anything in that list would be blocked, right

That's the first thing driving me to create a version 3.0. The second thing driving me to it is that I was fortunate enough to have Scott Hanselman take a look at version 2.0. I had asked him some questions via his blog about how DasBlog implemented trackbacks (in relation to ReverseDOS). He was cool enough to be interested in ReverseDOS, and took an exclusive look at the 2.0 Source. The cool thing: he actually looked at the source. Raised a few flags with things that I was doing, and gave me some pointers -- overall he gave me excellent feedback. (Seriously, the guy is awesome. Not only does he have an insane grasp of technology, but he's total capable of trying to bring people up to his level.)

One thing he also pointed out: the MT_BlackList. Apparently DasBlog just loads that in daily, and then checks posts against anything in that list. (That sounds like the list of crap i was talking about up above.) That's one thing I've been painfully aware of with ReverseDOS: the framework/idea is fine, but keeping up with adding definitions all the time is less than exciting.

So, here are some thoughts about the main changes that will be released in 3.0 (since it's well past my bedtime).

     
  • I'm removing everything from the web.config. There's really no need for   anything to be in there, and it's not worth reloading your app each time you   tweak a filter.  
  • There will be a reverseDOS.config file. In it you can specify global   settings, as well as settings for filter locations that you want to   download/use. That will let you 'subscribe' to the MT_Blacklist (click here to see the   list), and specify info about how often you want it updated. I'll also add the   ability to 'subscribe' to other urls/locations as well.  
  • Loading these external resources will take place on an async thread.   Meaning that it will lazy load when your site starts up, and when the   resources are refreshing requests will be served on the 'old' info until the   new info is downloaded/processed.  
  • The reverseDOS.config will also have a spot for you to enter your own list   of 'blocked' crap. Together, your list, along with the lists you subscribe to   will just create one HUGE list of crap to ban.  
  • Along those lines, I'll be completely changing the way I filter. Right now   I run through an array/list of existing filters, and for each one, check what   it specifies... something like: check the referrer, check the post body (oh,   there isn't one, ok, move on), check the querystring, check this, check that.   It all HUMS along because the framework is fast, but there are lots of issues   with this approach. So with 3.0 I'll just grab the POST body if there is one,   the referrer, the ip address, the url & querystring, etc and concat them   all into one big string. Then compare that string against the ball of crap you   don't want on your site. (THAT MAY prove to be too much to process, if so I'll   figure out a way to adjust it - which should be simple: don't check certian   things if the referrer is your own site etc (unless it's a post in which case   the 'hit' will be tolerable, etc)).  
  • Then I'll also look at providing a way to add entries to your   reverseDOS.config without opening it up and uploading it... (since a few   people have requested that).  
  • Some other stuff.. but minor compared to all of this.  
  • But ReverseDOS will still keep it's teeth -- it's signature.

Posted on July 15, 2005 |

Comments

Jamie Thingelstad

I installed 2.1 on my websites and it worked fine initially, but two problems made me remove it. 1) If I tried to create a post on my blog (.Text 0.95) that contained more hyperlinks than the number specified in the config, it would deny me with a 403. 2) For some unknown reason, my website started returning 403 to requests for the front page from a standard, generic browser simply doing a request from my laptop.

Posted by: Jamie Thingelstad | July 17, 2005 at 06:09 PM

Michael K. Campbell

Jamie, Thanks for the feedback about 2.1. I too have bumped into the posting issue and will be releasing a fix this week. (I'm going to allow users to create/config a list of trusted ip addresses.) As a temporary fix you can just increase the matchCount for urls to something like 10 -- or just comment that filter out. If you have ANY information on that other problem (log files, etc. ) please forward it on to me so I can evaluate it. I did extensive testing prior to release and also have ReverseDOS 2.1 working perfectly on my site (a different environment than my testing environment) where it has served up over a few thousand pages with no problems.

Posted by: Michael K. Campbell | July 17, 2005 at 06:48 PM

The comments to this entry are closed.