DeDos - Anti DOS for spam bots/scrapers/tors 2.00.07

his plugin is included in
i) Paid (unbranded) Tac Anti Spam Collection
This plugin is not included in the free Tac Anti Spam Collection



What this plugin does:

• lowers bandwidth & query resource usage from spam bots
• lowers bandwidth & query resource usage from scrappers
• lowers bandwidth & query resource usage from human simple DOS attacks (but humans are not what this add-on is targeting)
• avoids catching spiders/crawlers

Options

• Dynamically synchronise the .htaccess file, for a truly 0 query method of stopping bots from hammering
• JavaScript detection to remove users from the cache (avoiding false positives)
• Turn Off DeDos for logged in users.

This plugin primarily targets Spam Bots/Scrapers with high resource usage. When this plugin is used in combination with FoolBotHoneyPot, a large percentage of spam bots are detected and cached. Once cached, these spam bots then use limited sever resources.

FoolBotHoneyPot: Detects bots that attempt to register, and then caches them.
DeDos: Detects bots that attempt to quickly Login/Register/Scrape pages over and over and then caches them.

By default, the ACP options for DeDos are set up so that it should be very rare that humans will even see the warning page (if at all, unless they are malicious), but it will still catch spam bots that would have used significant resources.

- Please note, this is not a preventive measure for DDos attacks, Distributed Dos attacks (those from many thousands of IP addresses usually from botnets) should be prevent with hardware, not software.


Dos Attacks
Many spam bots, scrapers and some users will often hit your site many times within a small time range. When they do this, they can take up a significant amount of bandwidth (from downloading page content over and over) and can also hit your database with many queries and take up server resources (from hitting pages with a large number of queries over an over). Spam bots and scrapers do not cache pages, so each time they visit, the full content of the page is often downloaded.

- DeDos reduces the number of times this is possible, by default, if the user hits 6 pages or more within 7 seconds, a friendly user message is displayed to the user. This friendly message then counts down and redirects them to the original page. If they continue to hit more pages after seeing the message (bots will, humans shouldn't), by default if they hit 8 pages or more within seven seconds, they are locked out of the site and their IP is cached. From then onwards, that IP will only see a 401 Unauthorised page (and only take up 1 query instead of 15- 25 queries).

Friendly User Dos Message if the user hits 6 pages or more within 7 seconds: