We'll create fresh WordPress site with IOSEC HTTP Anti Flood/DoS Security Gateway Module installed. You have 20 minutes to test the plugin after that site we'll be deleted.
This module provides security enhancements against (HTTP) Flood & Brute Force Attacks for WordPress.
Massive scanning tools (like vulnerability scanners), HTTP Flood tools can be blocked or detected by this module.
This module can be integrated with htaccess, any firewall, iptables or etc. via “banlist” file.
To see a quick test page follow this link: http://www.iosec.org/test.php for proof of concept.
Watch the proof of concept video: http://youtu.be/LzLY_SKLq9w
Note: Change the default configuration values before activating the plugin.
BENEFITS
CONS
Functions of files:
/wp-content/iosec_admin/
You should configure plugin by editing iosec.php file.
Connection Interval: This is second based interval for accepting another connection.
If you choose value 1 (1 second), another request in 1 second will be suspended by module. You can enter values like 0.1, 0.001, etc.
Max. Connection Count: This is the interval based maximum connection limit count for accepting another connection.
If you choose value 10 and your connection interval is 1 second. This means only 10 connections permitted in 1 second.
Suspended Process Timeout: When a connection interval rule finds a connection is not prohibited, this timeout value will be activated.
For example, if connection interval is 1 and this value is 30 then, second connection in 1 second will be suspended for 30 seconds.
Page Redirection: You redirect your detected users to another page after timeout page disappears.
Send Me Mail: Module can send you a mail when an IP address detected.
Block Proxies: You can identify and block proxies via http header.
Show Debug Info: Time and IP information will be displayed on suspension page when this option is activated.
Use Incremental Blocking: This option will increase time of suspension if attack is still happening.
For example, if C.I. is 1 and a second connection happens in 1 second this will be suspended for 30 seconds (above ex.).
If one connection in 10 seconds happens, this will increase suspension time when this option is activated.
Implicit Deny Timeout: If you want to block every request as default for a timeout period (seconds), set this value to greater than “0”. This is an emergency option for DDoS attacks etc.
Cached Requests: Monitoring data window size for last requests (for “ips” file size) (default is “150”).
Implicit Deny for banlist Timeout: If you want to block every recorded IP that is listed in the banlist as default and let the human users to view page for a timeout period (seconds), set this value to greater than “0” (default is “0”).
CHANGES v.1.8.1 – v.1.8.2
CHANGES v.1.5 – v.1.8
CHANGES v.1.3 – v.1.4
CHANGES v.1.2
CHANGES v.1.1
Gökhan Muharremoğlu
Information Security Specialist
You can reach me @
Twitter: https://twitter.com/iosec_org
[email protected]
[email protected]
https://sourceforge.net/projects/iosec/
http://www.iosec.org
http://www.linkedin.com/in/gokhanmuharremoglu