IP blocking software
 

Hi all, I'm looking for good IP blocking software. Any recommendations?

If you're unsure with exactly what I'm asking, it's this...
If a user is sitting on your login page and trying various user/pass combinations, I'm looking for software that will block his IP after X amount of failed login attempts.

I'm familiar with Pennywize, but I heard they're more suited for smaller sites & have trouble when your site gets too big (both in amount of content & number of members).

Any help is appreciated.

Hi Jeff!

Try this one.

It's cheap and it works.

Fro

There's a few on freshmeat.net if you have access to
root on the system and are not scared of a little perl
modification.

Take note that the perl solutions will only work with a
system that is taking 4-5k per hour though.

4-5k of what?

this will work for sure:


http://www.proxypass.com

Laszlo

hit me up on ICQ if you wish: 153529369

Perl scripts are only good for a limited amount of traffic, and will slow down your server. Try iprotect, it's an apache plugin written in C, about $500..

I believe I've heard of "iprotect". I'm familiar with a couple of sites using it and from what I hear, it's eradic for them. Sometimes it works perfect and other times it's a nightmare.

I figured Perl Scripts (like Pennywize) was good for smaller sites, but wouldn't hold up on a larger site.

proxypass.com looks great. Anybody using it or know of anybody using it? PxG, do you or anybody you know of use it? I would be interested to hear how it's working out for anybody.

I beg to differ. You must be running a 486 machine in order to see a significant load from a Perl script on a 5,000 users/hr site. That's ony 80 users per second. Set up your Apache with MM for memory management and make it start with 200+ instances initially. Also, check into fast-cgi or mod_perl. Or, even better, PHP with APC and MM.

Go with the best.

http://www.stopthathacker.com

Used by many of the big guys, and a ton of the mid size guys. Will handle all the traffic you can send to it.

It's not cheap. But it works!

Hugs,
Danielle

Thanks Danielle, the testimonials page is what sold me, no question about it! :)

I'll look into what they have to offer.

perlcoders sucks ass

Dear JeffreyG,
check out the technical FAQ about the http://www.proxypass.com It explains how it can also protect you from proxy based attacks, unlike most of the others:

http://www.proxypass.com/docs/proxypass_tech_faq.pdf


:thumbsup

Laszlo

I have used every program mentioned above.
ProxyPass works better than all of them.

Its just like Iprotect with an admin and the ability to stop
proxy attacks. The difference is it stops the proxies from attacking you - it doesnt just block them.

With ProxyPass if someone tried to hack you it will see the request is coming from an open proxy and simply not respond.

With other software the proxy is temporarily blocked after the hacker gets "x" amount of user/pass guesses. The hacker uses a list of 20,000 proxies and gets 5 guesses ( hack attempts ) on each proxy. Thats 100,000 hacks attempts the hacker can run on you every single day after his proxies are unblocked. Whats the fucking point of even bothering to block them ? They still get to run a password list against your server and they come back every day to do it again.

By switching to ProxyPass my server load is way down too.
If you use Iprotect then let me tell ya.. these hackers are not stupid. They knew Iprotect was only blocking for 3 days so they posted passwords accordingly. When I installed ProxyPass it blocked all those passwords indefinetly and my bandwidth went right down.

It was also very nice to watch these hacks slowly go away from my server and go on to easier prey. At first they were attacking me in waves every hour on the hour. Then they started hitting me from 60k-80k open proxies in huge bursts. After about a week they just stopped entirely.

Very nice, thank you.
We've already begun looking into Proxypass. It seems perfect.

Do you guys know if proxypass has the ability to prevent download suck programs, such as Gozilla, etc...?
I'm also looking for good software that does that, so if Proxypass does, it would be even better.

You can stop those with a simple line in htaccess...
One of the other GFY webmasters posted this link a little while ago. ( cheers to the poster )

http://www.sponsorpost.com/resources...ard/index.html

Thats for free .. may need to be changed for different OS's but Im sure your host can handle it. Im sure one or two of those type programs will spoof a URL but if its stops most of them thats good enough.

eblastics,
if you have additional Qs about the PxPass, icq-me:
153529369

:winkwink: