Project Information
ZenFirewall is a personal project that detects all common attacks on my web servers and collects the attackers’ IP addresses to create a list of IPs that we can be used in in the firewall of any server.
The client is developed in bash and checks the web server logs for:
- Attacks on xmlrpc.php
- Attempts to access sensitive system files
- Access attempts without user-agent or referer
- SQL injection attacks
- SYNFLOOD attacks
This list can be used with any firewall that allows adding blocklists, my preferred firewall for servers is CSF , but it can be integrated into any firewall.
It can also be used to block IP addresses directly from Nginx or Apache . Please note that the list may contain a large number of IPs, which could increase memory usage in Nginx or Apache.