home links tools blog about
home

« ASP.NET Cached Singleton | Main | Shout out to Andrew Connell »

November 04, 2005

ReverseDOS 2.9 Released

By popular demand: ReverseDOS now provides a way to allow specified directories to be ignored. This means that instead of only being able to trust specific IPs as non-spammer addresses, you can now tell ReverseDOS to skip scanning when requests or posts are directed against specified directories.

So your /blog/admin/ directory (for example) can now be 'trusted' as safe by ReverseDOS. (Of course, your site likely requires people to login to be able to access that directory - so using 'trusted' directories can now make posting new content to your site easier - no worries about burning yourself on the default rule that blocks anything with greater than urls in the body of the post.)

Here's what's been added to the configuration instructions to help explain how the functionality can be leveraged, as well as a describe a few things about how the directory can't be spoofed: 

ReverseDOS 2.9 also introduces the ability to 'trust' entire directories on your site. Logically you'll want these to be directories that require authentication - such as /admin/ or /posts/ directories and the likes. To trust a directory, just specify another anti-pattern in the <trustedAddresses> node using the <directory> element as follows:

<trustedAddresses>
<directory pattern="/blog/admin/" />
</trustedAddresses>		 

While isRegex is a viable option for trusted directories (the default is false), you'll probably find that you get better results by just specifying the desired directory as a simple string/pattern match - making sure to be as specific as possible.

A note on how trusted directories are located: As the name indicates, only directories can be trusted at this point. So if you set up a trusted directory with the pattern "admin" the following would be true:
- /blog/admin/doSomething.aspx?somevalue=viagra :: trusted (despite viagra in the url)
- /admin/ :: trusted (obviously)
- /publicArea/photos/index.aspx?sneakySpammer=admin :: not trusted - even though admin is in the url, it's NOT a directory - and therefore can't be spoofed.
- /somepage/admin.aspx :: trusted - woops. (Nobody's perfect - and if you want to make sure that your pattern only matches a directory, just use "/admin/" etc.)

So, download and use it now. If you're upgrading from 2.8, you'll just need to drop in the new assemblies - otherwise, just follow the simple installation instructions and you'll be up and running within just a few minutes.

Posted on November 04, 2005 |

Comments

Ayende Rahien

The one thing that I really want is to be able to subscribe to some black list that would //kill// a lot of the spam traffic without me being involved.
I get 100s of referals a day that hits my site just thinking that they would get a referal link.
And I really don't have the paitaince to put them all in. Especially as they keep changing.

Posted by: Ayende Rahien | November 05, 2005 at 02:08 AM

Michael K. Campbell

Yeah, at one point in time I was going to hook ReverseDOS into the MT Blacklist - but it looks like the blacklist has effectively stopped being maintained/offered.

I've thought about starting my own - but I'm not sure i can commit to maintaining such a beast...

Posted by: Michael K. Campbell | November 05, 2005 at 08:05 AM

Brian

Awesome, thanks Mike! This is one feature I was waiting for!

Implementing a black list of some kind -- although cool -- is not a trivial task. One possible idea is to have an option to pull a spammer.config from a location -- kind of like a virus definition file that gets updated every 30 days or so. Likely overkill for the purpose, as nothing will be a 100% solution. It's nice to just take chinks out of spammers and it does this quite well.

Posted by: Brian | November 05, 2005 at 02:02 PM

The comments to this entry are closed.