Search Results for "detect it"

...A modern behavior detection system, written in Go. It stacks on Fail2ban's philosophy, but uses Grok patterns & YAML grammar to analyse logs, a modern decoupled approach (detect here, remedy there) for Cloud/Containers/VM based infrastructures. Once detected you can remedy threats with various bouncers (block, 403, Captchas, etc.) and blocked IPs are shared among all users to further improve their security. Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors.

lua-resty-waf is a web application firewall implemented in Lua for OpenResty/NGINX, designed to run inline at the edge with low overhead. It inspects requests and responses during NGINX phases, applying rule logic and anomaly scoring to detect patterns like SQL injection, cross-site scripting, and protocol abuse. Rules are organized into policies with configurable actions—block, log, or allow—and can leverage shared dictionaries for counters, rate limits, and caching decisions. Because it runs inside the NGINX event loop, it scales with the web tier and avoids the latency of external proxies. ...

IOSEC PHP HTTP FLOOD PROTECTION ADDONS IOSEC is a php component that allows you to simply block unwanted access to your webpage. if a bad crawler uses to much of your servers resources iosec can block that. IOSec Enhanced...

...However, a single user dos (or a small number of users working together) can effectively be thwarted if your pipe (internet connection) is large. Running on a short cycle (such as 1 minute), ddos_delfate ege can detect nefarious IP's that have bombarded a port with a tremendous number of connections (in a soho environment, 100 connections from a single IP that is not in your LAN constitutes a 'big red warning flag', but you can set this connection limit to your liking in the config file).

This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive) You can use this module by including "iosec.php" to any PHP file which wants to be protected. You can test module here: http://www.iosec.org/test.php (demo) Watch the Proof of Concept video:...

The iplock tool is a simple iptables extension that allows you to run iptables commands that otherwise require root access in order to block and unblock IP addresses in your firewall. This is particularly useful if you have a webserver such as Apache2 running a scripting language such as PHP without root permissions. When you detect that a user is likely a hacker (i.e. tries to access a folder named wp-admin on a non-Wordpress website) then you can use iplock <his-IP-address> to block him. The iptables commands are defined in the configuration file so you can really tweak your firewall to your liking.

Network tool for monitoring IPv4 activity. Iptraf, tcpdump, trafshow have not such ability. Gives sorted traffic load speed on each IP. Helps detect the channel overload and maybe sources of attacks. Requeres ULOG target of iptables.

A daemon to detect spammers trying to harvest email addresses by username guessing and temporarily DROP them with iptables firewall rules. The program also looks for and kills sendmail processes that have been stuck in "cmd read" mode for a long time.

Gardol monitors system log files to detect denial of service and other attacks and blocks attacking sites with Linux iptables. Attack detection rules may be programmed in Perl.

syndetector is a software which can detect and drop packet when a synflood attack is detected ! Based on a simple detection system (by the use of iptables and libipq) and on a simple use It is realy easy to setup this software.

Protect your Server/Network against spammers. fw_spam queries a DNS-based Spam Database to detect spam listed ip-addresses. It is a userspace daemon, wich gets the packets from the iptables QUEUE target. You can configure the dns server, the firewall

Security proxy to clean up all unallowed constructions from HTTP requests, detect intruders and filter outgoing HTTP traffic against leaking classified data.

Infect is a network traffic classification tool, that classifies TCP protocols. The classification is based on ML techniques. Scen: Train/Recognize arbitrary protocols (SSH, HTTPS..), Detect policy violations (e.g. tunnels)