This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive)
You can use this module by including "iosec.php" to any PHP file which wants to be protected.
You can test module here: http://www.iosec.org/test.php (demo)
Watch the Proof of Concept video: http://goo.gl/dSiAL
Hakin9 IT Security Magazine Article about IOSEC http://goo.gl/aQM4Di (different format -> http://goo.gl/JKMUPN)
IJNSA Article at http://goo.gl/LLxRdX
WP Plugin Page http://goo.gl/nF5nD
CHANGES v.1.8.2
- Iptables Auto Ban Bash Script Included
- Token Access via Implicit Deny
- Reverse Proxy Support
- reCAPTCHA Support
IOSEC is used by over 15.000 sites in 2013!
Do you want more features? Check for third party addons http://sf.net/projects/iosecaddons
Gökhan Muharremoğlu
Feature
- This is a unique project and it is the world's first web application flood guard script.
- At web application (scripting) level you can,
- - Block proxies. (only via HTTP header)
- - Detect flooding IP addresses.
- - Slow down or restrict access for automated tools (HTTP flood, brute force tools, vulnerability scanners, etc.)
- - Save your server & backend infrastructure resources (database, cpu, ram, etc.) under an attack.
- - Restrict access permanently or temporarily for listed IP addresses in "banlist" file.
- - Notify yourself via email alerts when attacks begin.
- - Implicit deny for DoS/DDoS attacks
- - Integrate it with CloudFlare, Firewall, Iptables, etc.
- - Reduce attack surface at OSI Layer 7.
- In 2 months, more than 1000 downloads now, thank you.
- Don't forget to read articles about IOSEC (links above) to learn what it does precisely.
Addons for IOSEC - DoS HTTP Security
IOSEC PHP HTTP FLOOD PROTECTION ADDONS
IOSEC is a php component that allows you to simply block unwanted access to your webpage. if a bad crawler uses to much of your servers resources iosec can block that.
IOSec Enhanced Websites:
http://www.loginseite.com/
https://www.buzzerstar.com/
https://w.........
Domain Analyzer Security Tool
Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way....
Phplogin
phpLogin is a free, open source PHP library designed to give your site secure user account functionality with little or no modification to your existing scripts. phpLogin uses its own database and handles everything from user registration to logins!...
iSpy Camera Security Software
iSpy uses your USB webcams, IP cams, capture cards, desktops and microphones to detect and record movement or sound and provides security, surveillance, monitoring and alerting services. Media is recorded directly to H264 mp4 files or AVI files. iSpy can stream live and recorded video over the local.........
OWASP Mutillidae II
OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on th.........
bWAPP
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application.
bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. Wh.........
Mpge
Mpge is a wrapper of meterpreter (msfconsole, msfpayload and msfencode) of Metasploit Framework directly integrated with Mac OS X Snow Leopard 10.6.8 and with OS X Mavericks 10.9. With Mpge is possible make trojan horse files for Microsoft Windows, Linux and Mac OS X 10.3 Panther, OS X 10.4 Tiger, O.........
Scrollout F1
• Designed for Linux and Windows email system administrators, Scrollout F1 is an easy to use, already adjusted email firewall (gateway) offering free anti-spam and anti-virus protection aiming to secure existing email servers, old or new, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Send.........
Anti-Spam SMTP Proxy Server
The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other fi.........
pH7 Social Dating CMS - pH7CMS
pH7CMS is a Professional, Free and Open Source PHP Social Dating Software primarily designed for Web Developers and Webmasters.
This Social Dating App/Site Builder is fully coded in object-oriented PHP (OOP) with the MVC pattern (Model-View-Controller). It is low resource intensive, extremely power.........
