How to Protect Your Website from Layer 7 and large scale DDoS attacks and many other exploits for free 2022
The internet is now more sophisticated than ever before and so are the new tools attackers are using to try to compromise your web site and services.
Crowdsec has a nice free opensource solution that works great and has a smart intelligence system helping making the decisions.
This works with IPtables, PHP level, and many other Bounder Services can also be deployed.
CrowdSec is a free, open-source and collaborative IPS.
Analyze behaviors, respond to attacks & share signals across the community.
Check our CTI console to monitor your alert data and find out more about your attackers.
01 Parse logsAcquire data from any source (syslog, cloudtrails, SIEM, etc.)
02 Set up your own intrusion detection systemApply behavior scenarios to identify cyberthreats
03 Automate your securityDefine the type of remediation you want to apply and where
04 Leverage the community’s IP blocklistShare and benefit from a crowdsourced and curated cyber threat intelligence system
The open-source and participative IPS
CrowdSec is designed to run seamlessly on virtual machines, bare-metal servers, containers or to be called directly from your code with our API.
Our strength comes from our cybersecurity community that is burning cybercriminals’ anonymity. By sharing IP addresses that aggressed you, you help us curate and redistribute a qualified IP blocklist to protect everyone.
Stateless & Decoupled
By decoupling detection (agent) and remediation (bouncer), CrowdSec doesn’t interrupt your data streams nor creates any single point of failure. It can fit any serverless, cloud-based, VM or bare-metal context in one (agent) to one (bouncer), one to many, many to one, and many to many typologies.
Written in Golang, CrowdSec is 60x faster than tools like Fail2ban and can parse massive amounts of logs in no time. Agents can read log files, SIEM events, through a network socket and can be used in high throughput networks. For CPU & RAM-constrained assets, bouncers can just make very light API calls.
Dashboards are great steering tools. CrowdSec is instrumented with Metabase & Prometheus to help you make smarter investments of both time & money and better defend yourself. Compliance reporting like PCI-DSS, ISO, GDPR are also on our roadmap.
Multilayer & IPV6 ready
No matter if your servers or attackers are using IPV4 or IPV6 addresses, CrowdSec will do the job. This next-gen HIDS has been designed to not only deal with IPs but also with user sessions and more business-oriented layers.
Ease of use
CrowdSec is designed and developed by former pentesters, SecOps & DevOps, to be a fire-and-forget, easy-to-deploy, automate, configure and maintain software. This is what CrowdSec is about: bringing security to the largest number.
Sharing is caring but privacy matters even more. We collect the very strict minimum in order to be GDPR compliant. Hence, we never export your logs and the only data sent for curation are a timestamp, the aggressive IP, and the scenario used in the attack.
Cybercriminals constantly collaborate together, on a world scale. Each IP they control are anonymity tokens to hide their hacktivities. Our only chance is to stand as a crowd and act in a coordinated way, as they do. When you, Sysadmins, Devops & Secops join forces, you outnumber them and can burn their IPs one by one, crippling this precious anonymity.
1.9M rogue IPs detected
4.9k stars on GitHub
False positive & Poisoning resilient
Minimum necessary remediation
3-day probing mechanism (auto-deban)
Consensus involving range qualification
Tailor-made lists to avoid broadcasting all IPs blindy
Install the Agent
Debian/Ubuntu$ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
$ sudo apt-get install crowdsec
RHEL/CentOS/Amazon Linux$ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash
$ sudo yum install crowdsec
Debian (Official)$ sudo apt-get install crowdsec
Docker$ docker run -d -v acquis.yaml:/etc/crowdsec/acquis.yaml -e COLLECTIONS=”crowdsecurity/sshd” -v /var/log/auth.log:/var/log/auth.log -v /path/mycustom.log:/var/log/mycustom.log –name crowdsec crowdsecurity/crowdsec
FreeBSD$ pkg install crowdsec
Tarball$ wget -qO – https://github.com/crowdsecurity/crowdsec/releases/latest/download/crowdsec-release.tgz | tar zxvf –
$ cd crowdsec-v* && sudo ./wizard.sh -i
Install a Bouncer
Firewall: Debian/Ubuntu$ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
$ sudo apt install crowdsec-firewall-bouncer-iptables
Firewall: RHEL/CentOS/Amazon Linux$ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash
$ sudo yum install crowdsec-firewall-bouncer-iptables
Custom: Debian/Ubuntu$ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
$ sudo apt install crowdsec-custom-bouncer
Custom: RHEL/CentOS/Amazon Linux$ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash
$ sudo yum install crowdsec-custom-bouncer
Nginx: Debian/Ubuntu$ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
$ sudo apt install crowdsec-nginx-bouncer