This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive)
You can use this module by including "iosec.php" to any PHP file which wants to be protected.
You can test module here: http://www.iosec.org/test.php (demo)
Watch the Proof of Concept video: http://goo.gl/dSiAL
Hakin9 IT Security Magazine Article about IOSEC http://goo.gl/aQM4Di (different format -> http://goo.gl/JKMUPN)
IJNSA Article at http://goo.gl/LLxRdX
WP Plugin Page http://goo.gl/nF5nD
- Iptables Auto Ban Bash Script Included
- Token Access via Implicit Deny
- Reverse Proxy Support
- reCAPTCHA Support
IOSEC is used by over 15.000 sites in 2013!
Do you want more features? Check for third party addons http://sf.net/projects/iosecaddons
- This is a unique project and it is the world's first web application flood guard script.
- At web application (scripting) level you can,
- - Block proxies. (only via HTTP header)
- - Detect flooding IP addresses.
- - Slow down or restrict access for automated tools (HTTP flood, brute force tools, vulnerability scanners, etc.)
- - Save your server & backend infrastructure resources (database, cpu, ram, etc.) under an attack.
- - Restrict access permanently or temporarily for listed IP addresses in "banlist" file.
- - Notify yourself via email alerts when attacks begin.
- - Implicit deny for DoS/DDoS attacks
- - Integrate it with CloudFlare, Firewall, Iptables, etc.
- - Reduce attack surface at OSI Layer 7.
- In 2 months, more than 1000 downloads now, thank you.
- Don't forget to read articles about IOSEC (links above) to learn what it does precisely.
Follow HTTP Anti Flood/DoS Security Module
Rate This ProjectLogin To Rate This Project
this might sound silly but how do i implement this on my machine? can i use it to protect an apache server? yer? HOW??!! if its possible to send me reply by emailing firstname.lastname@example.org plz
nice security tool for preventing and detecting bad-guys.
10 seconds is too short, given the well-known Captcha problems. Otherwise good.
small and efficient and gets the job done.