Documentation / Resources
So, I've gotten a number of configuration and other questions about RDOS in the past few days. These have been simple questions about how to allow posts with > 4 hrefs in them to how to defend against obscene attacks.
Every time I get an email asking for help on these issues, I just reply with:
RTFM! noob!
Just kidding. ReverseDOS is actually documented fairly well. I think everyone that uses RDOS is familiar with the Installation Instructions and Quick Start Config Instructions, but there are also the following resources:
Configuration Docs - Full 'docs' on configuration - including defaults, descriptions, and notes about what the point/objective of the option/setting is.
XML Encoding Tool - Nothing special, just makes xml-encoding nasty regexes that much easier.
Upgrade Instructions - Covers how to upgrade from 1.x versions of ReverseDOS to 2.x versions (Note, these are upgrade instructions for ReverseDOS, not .NET Frameworks/etc).
Spam Storms
Spammers, bless their little hearts, look like they may be getting through on some sites merely by overloading them. ReverseDOS Refresher: RDOS works by detecting spam by matching it against your filters. In a default installation, once it sees a spam request, it latches on to it - for 20 seconds. (Remember, we want to HURT spammers, make it so that coming to your site is something they don't enjoy - and meanwhile (while they're being held) they aren't spamming elsewhere - on your site, or on someone else's site.) So... if spambots attack your site, and there are say... 5 bots, that would be 5 threads holding for 20 seconds each. Spiffy. But if they hit you with say... 25 bots, then basically ALL of your site's threads would be tied up. That would likely hurt the spammers - but REAL users wouldn't actually be able to get to your site - they'd effectively get the same result as if your site was suffering from a Denial of Service Attack.
Obviously, a spam filter that takes down your own site is a BAaaaad idea. One that I accounted for - in two ways. The first way is the concurrencyLimit setting in the ReverseDOS.config. This simple setting specifies the number of simultaneous spammers you want 'hooked' at any given time. The default is 6. ASP.NET sites typically deploy 25 threads (per processor) for each site. So setting the concurrencyLimit too high can have negative consequences - but you can experiment with bumping that up if you start to see spam making it's way through DESPITE your filters. (i.e. if you've got a filter against 'poker' and all of a sudden you see some comments/referrers/etc with poker in them, it's because RDOS was already holding the specified number of bots in its clutches and a subsequent spam request came through. In this case, if we've already exceeded the threshold, RDOS lets it through by default - I don't want to take people's sites down).
If playing with the concurrencyLimit helps, but doesn't stop spam altogether, then there's an additional setting you can tweak: lagTime. The lagTime setting specifies (in milliseconds) how long you want ReverseDOS to hold on to spammy-requests. (I've currently got mine set to 60000 (60 seconds) and for giggles and kicks I'll occasionally go look at my logs - I'm holding spam bots for... 60 seconds the majority of the time.) You can always set this value down to something like... 5000 (5 seconds) which would mean the spammy-requests would be held for less time.. that might work. OR, you can just set it to 0. If it's set to 0, then ReverseDOS doesn't bother checking the value set in the concurrencyLimit. It doesn't stall the requesting client. It just returns an immediate 403, terminates the request, and returns the thread back to the pool to handles subsequent requests.
So, if you're getting hammered with oodles of spam bots, you can try to tune RDOS if you'd like (I'd suggest it - I've found that spammers largely leave my entire site alone - I think they think the site is flakey/non-responsive so they don't bother with it - that's where YOU want to be obviously). Or, if you just want spam blocked, without worrying about slowing down your site, just set the lagTime to 0, and move on with your life.
ReverseDOS 3.0
I'll be posting on this one in a few days. 3.0 is still a ways out, but I'll be announcing functionality here soon. (Main areas of focus will be: 1) clean up config hydration (just use serialization), 2) add ability to pull in external filters i.e. from a central repository, 3) Binaries for ASP.NET 2.0 (code will branch here...2.0 binaries will use generics/etc and 1.x binaries will stay compatible with 1.x framework), and 4) some sort of simple logging, perhaps). Further additions will be a separate tool/web page you can use to modify your ReverseDOS.config - instead of having to modify the .config file by hand, and then FTP/upload it to your server. (Think RDOS Command Console or something similar.)
Otherwise...
I want
ReverseDOS to work for you. If you've got questions or concerns, feel
free to contact me. I've obviously got to pay the bills, but I'll make it a point to get back to you as soon as I can.