Intrusion Blocklist System
A free Intrusion Protection System (IPS) or Intrusion Detection System (IDS) for low-risk threats is included with all X4B services.
What protocols are protected?
The aim is to reduce exposure to a number of common internet threats. Currently these protocols/threats are supported:
Port | Protection | Action | Threat Lists |
---|---|---|---|
22 (ssh) | SSH Bruteforcing | Drop | IPs from Honeypots |
80 (http) | Forum/Blog Spam | Human Verify | SFS, Tor Exit Nodes |
443 (https) | Forum/Blog Spam | Human Verify | SFS, Tor Exit Nodes |
Can I be excluded from the system?
Please contact us if you wish to be excluded. SFS and Tor Exit node filtering can be controlled on the ACL page of the dashboard.
Are you sniffing my traffic to produce these lists?
No. We are not analysing traffic transferred over your filtered IP to produce blocklists. Blocklists which are not provided by external third parties are collected using external networks and honeypots.
Is this an IDS?
An Intrusion Detection System monitors a network, detecting malicious activity and blocking the bad attempts for a fixed period of time. In many ways this system provides similar functionlity, however instead of monitoring your protected ports Honeypots are distributed to remote and local servers, and mallicious IPs are collected to be applied in a blocklist on your service.
Is there any guarantee for this service?
At this time this is a best effort feature. As we dont intercept the traffic communicated between your IP and your backend it is not possible to offer 100% IPS/IDS coverage. This is not a substitute for good security practices (i.e strong passwords).
This will not protect against targetted attacks (i.e someone brute forcing you, and only you). For this an IP ban on your backend is better suited.
What about traffic direct to my backend?
As always we can only protect you against attacks directed at the filtered IP. If your service is available on your backends public IP you may wish to restrict communication to your own IP addresses, and the filtered addresses.