Real Time, High performance BOT detection and protection

Related tags

Miscellaneous ironfox
Overview

                            REAL-TIME BOT PROTECTION CHALLENGE

IronFox

https://innovera.ir

IronFox is a real-time and high performance bot protection, that using Nginx as a reverse proxy. With a stateless approach for request processing, simple architect and anomaly detection it is possible for IronFox to handle millions session/second in distributed mode with zero latency.

  • Core
    • Anomaly Detection
      • server side analyzing
      • client side browser fingerprinting
    • AI based protection
      • detection based on Neutral Networks
      • enhancement and detection score based on Fuzzy Logic
  • Management
    • basic web dashboard
    • enhancement
  • Documents
    • Wiki

release: 0.1.0

Setup and configuration

the latest version of IronFox has been successfully tested on Ubuntu Server 20.04.3 LTS

run ./install.sh with root privilege, the install process automatically download and install all dependencies and services in your machine

Introduction

With technology development and complexity of cyberattack strategies, the traditional technologies and current security methods are not able to perform all lines of defence in preventing cyberattacks. The first-generation firewalls and intrusion detection systems (IDS) used to meet the security requirements of all kinds of businesses. The second generation of security products and solutions including Web Application Firewalls (WAF) also have played an acceptable role in cyberspace for a while.

Securing e-commerce, web applications and mobile applications are crucial and even though the second and third generation of security techniques (IDS, IDP, NGF) have been developed, bot and botnet attacks such as Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks are still concerning as challenges in cyberspace and online businesses security.

According to published reports, botnet attacks or more generally botnet exploitation have caused irreparable damages for e-commerce and information exchange spaces. The new generation of bots is intelligent attacks which their detection and identification are of great importance and complication. Various solutions and articles have been proposed and published to confront bots and botnets. For instance, tracking the master (source of attacks) and deactivating the slaves (bots) are two proposed methodologies when tackling DoS and DDoS attacks.

Nonetheless, these methods are laborious or in most cases almost impossible to perform.IronFox is a high-performance bot protection with sagacity in identifying and blocking the bots existing in layers of web applications (7th layer), and capability of using new approaches to employ operational services and executive environments in an in-line form. This article is going to have a look at the content of bots, their structure and attack and introduce the suggested solutions to oppose them.

What Is a Bot?

A bot is a software application that is designed to fulfil various purposes and perform different tasks. For example, crawler ( as a bots) help search engines to browse the web and index information from websites. Bots can be both legitimate, such as search engines crawler (e.g., Google), and malicious, like the crawlers which exploit broken authentication or access control of a weak web application or an online service. These malicious crawlers steal data from the server and make server source and services inaccessible by generating web traffic and putting pressure on the server. They also have many other nefarious capabilities, such as automatic testing and exploiting one vulnerability for a thousand destinations.

Depending on its goal, a bot’s structure could be simple or complicated and intelligent. Currently, business development has left no choice but to accept bot prevalence and to find solutions for their recognition and classification. For example, search engine crawlers cannot be excluded from indexing websites, using techniques such as Captcha. On the other hand, permitting destructive bots to remain active may lead to a severe decline in the quality of online services and possibly render those services inaccessible for users. Therefore, to prevent and block corrupt attacks, solutions must be proposed to recognize and segregate harmless and malicious bots.

Bots and Botnet Attacks

Bots run and execute large-scale attacks, such as:

1- Scanning vulnerability and performing malicious codes to exploit vulnerable services (e.g., WordPress vulnerable module).
2- Crawling and theft of data: bots automatically crawl and steal data much faster than a human user.
3- Generating demands and launching Denial of Service (DoS) attacks: by performing DoS and Distributed Denial of Service (DDoS) attacks, botnets can waste a server’s resources, services and make them unreachable for users. For instance, making traffic or fake requests by bots can easily slow the process down in trading systems, which depend greatly on time, until they become completely unavailable for the legitimate human users.
4- Cheating: for example, in online polls, or similar systems, bots can act as a genuine user and automatically go through the entire process, from registration to voting. To design and develop such bots, having access to libraries or frameworks - such as Selenium – and writing a few lines of codes would be adequate.
5- Identity theft and faking: bots can simply operate as a real person and create fake identities. 
6- Performing repetitive patterns: bots can be automated to run repetitive scripts continuously. They can easily abuse the API used by a standard mobile application.
7- and sort of attacks are considerible.

Beyond this list, there are many other operations that bots can execute.

Structure of Bots

In general, (Application Layer) bots can be divided into four groups:

* First-generation bots: these bots have fairly easy structures and they can run simple automatic patterns. They don’t have any understanding of the web’s basic contents like Cookies and Sessions and they are not difficult to detect and block. A simple script which calls the web content or an API with the GET/ POST method could be referred to as a first-generation bot.
* Second-generation bots: their structure is like the bots from the first generation but slightly more developed. They are not capable of rendering or running javascript codes and a stack of them is not like a complete browser. To distinguish and block the bots from the second generation, javascript tests, such as setting cookies, are sufficient. Tools like Scrapy are an example of second-generation bots.
* Third-generation bots: these kinds are comparatively more challenging to prevent against. They, like bots developed in PhantomJs and Selenium frameworks, can perform the demands step by step and execute challenges which are used to tackle the bots from the first and second generations. However, they have a slower run-time compared to the first and second-generation bots. Recognizing and blocking the third-generation bots could be achieved by executing challenging tests like Captcha.
* Fourth-generation bots: these bots can mimic the actions of a genuine browser. Examples of this generation of bots are Headless browser  (such as headless Chromium), and to confront them using complex techniques based on artificial intelligence would be effective.

Bot Challenges and Their Current Confrontation Methods

Without a doubt, firewalls and intrusion detection systems are known as some of the most important components in terms of defending and blocking cyberattacks. The aforementioned systems monitor attacks based on their patterns and the behaviour of their demands. Therefore, they don’t have an actual understanding of the sources of attacks and can’t distinguish whether the demand is made by a real user or a robot. In some cases, examination and recognition of bots by these systems is successful. Nevertheless, they are not able to find the source of demands and block the attacks when facing bots from the third and fourth generations because these bots can find a way around these systems. In security architecture, finding, identifying and blocking the bots existing in 7th layer once posing in the network topology, are steps before the layer of security tools such as web application firewalls (e.g., WAF) or servers/online services and after network equipment presented in 3/4th layer. In such architecture only requests from authentic users will be sent to the next services and layers and the requests made by bots will be monitored and completely blocked. Bot attacks and their distributed form have the capacity of taking the security appliances, like web application firewalls and attack detections, out of the orbit.

Moreover, they can cause race condition or an extreme QoS deduction in the above-mentioned system's functionality by creating numerous requests. It is necessary to trace and distinguish the requests from actual users and traffics and only the ones from users must be sent to the next layers and process chain. IronFox is a bot identification and blocking system with high processability which is capable of agent-less identification the source of requests and dividing them into the ones sent from legitimate users and the ones from robots.

Also, it only sends the user’s requests towards the 7th layer security equipment and Back-End services.The notable point is that the mission of the 7th layer security techniques is not different from IronFox system. However, the aforementioned techniques are not able to confront complex bot attacks, analyse the source of the attack and the requests.

Moreover, security equipment could have a severe decline in performance or could get bypassed or false positive.

Commercial and Open-Source Solutions

DataDome is one of the contenders and pioneers of technology companies in France which works in the field of bot detection and blocking. This company recommends intelligence-based methods and offers bot protection services. Other well-known companies such as Cloudflare and Imperva are also offering services like CDN and e-commerce protection. Besides, F5 products provide the required modules for bot recognition and confrontation and protection of the server’s API. Cookie-test which has been designed and developed as a practical module for Nginx is an open-source solution. It evaluates and blocks invalid requests by creating JavaScript challenge and setting Cookies on the user's browser.

These methods are very easy to be dumped by the first-generation bots. By dumping the first request headers (only once), decoding and setting Cookies, the attacker can resend the same number of requests towards the server (e.g., CSRF attacks including initialized request headers and Cookie’s information). Since the valid information is sent to the server next time, such techniques can be easily bypassed. To recognize and reject the malicious bots, security systems are employing techniques such as inspecting the agent, IP address or database of attacks pattern. These strategies can be dumped effortlessly and have no complexity for attackers. IronFox using sort of techniques with minimal latency for bot detections for real word and online business protections, based on server side analysing and client side fingerprinting.

Comments
  • sadly I still couldn't get it to run:

    sadly I still couldn't get it to run:

    sadly I still couldn't get it to run:

    ==========================================
please flow up below command:
please create a user and set password for it by:
bash 1- sudo su - postgres
psql 2- createuser --interactive --pwprompt
psql 3- create databses ironfox;
bash 4- sudo systemctl start innovera
setup done.
root@server:~/ironfox-0.1# sudo su - postgres
postgres@server:~$ createuser --interactive --pwprompt
Enter name of role to add: admin
Enter password for new role: admin
Enter it again: admin
Shall the new role be a superuser? (y/n) y
postgres@server:~$ createdb ironfox;
postgres@server:~$ sudo systemctl start innovera
[sudo] password for postgres: admin
Sorry, try again.
[sudo] password for postgres: admin
sudo: 1 incorrect password attempt

also:
root@server:~/ironfox-0.1# curl http://127.0.0.1:8080
curl: (7) Failed to connect to 127.0.0.1 port 8080: Connection refused

    I followed your tutorial accordingly still couldn't get it to run it says password for postgres is wrong even i type the exact same password "admin" thanks very much

    Originally posted by @rohybnol in https://github.com/khaleghsalehi/ironfox/issues/1#issuecomment-980707070

    opened by rohybnol 6
  • Whats after ./install.sh

    Whats after ./install.sh

    It completed and told me: Please create a user and set password for it by: bash 1- sudo su - postgres psql 2- createuser --interactive --pwprompt psql 3- create databses ironfox; bash 4- sudo systemctl start innovera setup done.

    All done properly altough I do not understand where I put my backed IP which is used for protection and how to make it work as when I go to my VPS wherw I installed your script on https://IP nothing happen, I am using the ubuntu version you recommended the only difference I did was to start the installer.sh using bash installer.sh instead of ./installer but that shouldn't be the issue? Thanks man!

    opened by rohybnol 5
  • explain module

    explain module

    Please explain about each module ?

    [nginx-http-footer-filter] [ngx_http_bot_protection_module] [ngx_http_captcha_module] [ngx_http_header_inspect] [ngx_http_vts] [ngx_input_validation_module] [replace-filter-nginx-module]

    opened by goldpower 0
  • piece of code!

    piece of code!

    hi The detection system adds a piece of code to the server response to prevent duplication and fraud and sends it to the client. What is that code snippet?

    opened by goldpower 0
  • bot detection !

    bot detection !

    These steps can be easily done by a bot !!! (step 1 to 4 )

    1- The first request is considered a valid and legal request. 2- In response to the first request, the encrypted token is given to the client (suppose something like JWT) 3- In the second request, the client must resend his/her identity along with the encrypted token 4- If they are the same, the request will be accepted and if they are not the same, the request will be rejected.

    opened by goldpower 1
Releases(v0.1)
Owner
Khalegh Salehi
Security professional & Open Source Developer.
Khalegh Salehi
GitHub
A real-time, direct and tightly-coupled LiDAR-Inertial SLAM for high velocities with spinning LiDARs

LIMO-Velo [Alpha] ?? [16 February 2022] ?? The project is on alpha stage, so be sure to open Issues and Discussions and give all the feedback you can!

Andreu Huguet 150 Dec 28, 2022
Bypasses for Windows kernel callbacks PatchGuard protection

kernel_callbacks Bypasses for Windows kernel callbacks PatchGuard protection https://www.godeye.club/2021/08/14/001-windows-notification-callbacks.htm

Kento Oki 36 Nov 26, 2022
Blumentals Program Protector v4.x anti protection toolkit

VeNoM A Blumentals Program Protector v4.x anti protection toolkit. Reverse engineering proof-of-concept code. Screenshot & demo venomdemo.mp4 Usage Th

Aleksandar 3 Jan 10, 2022
Blumentals Program Protector v4.x protection bypass.

cphookLoader64 A Blumentals Program Protector v4.x protection bypass implemented as a memory loader. Screenshot & demo cphookloader64demo.mp4 Overview

Aleksandar 4 Jan 23, 2022
An eventing framework for building high performance and high scalability systems in C.

NOTE: THIS PROJECT HAS BEEN DEPRECATED AND IS NO LONGER ACTIVELY MAINTAINED As of 2019-03-08, this project will no longer be maintained and will be ar

Meta Archive 1.7k Dec 14, 2022
Updates the Wii's current system time with the real world time.

Fix Wii System Time This is a homebrew tool I made for the Wii a while ago. It updates the current system time with the real world time via worldtimea

Puzzle 2 Nov 9, 2022
It is a Simple Telegram Bot, which will listen to GitHub Webhook and inform via Telegram

GitHub-Webhook-Bot ?? Simple Telegram Bot, which will listen to GitHub Webhook and inform via Telegram Setting Up Config ✍ Go to src/helper.h ---> Her

GautamKumar 31 Sep 28, 2022
Optimized, fast and unsafe Uniswap sniping bot for buying new listings.

Optimized, fast and unsafe Uniswap sniping bot for buying new listings. Table of content How does it work? Pregeneration Used libraries Project struct

Sebastian Szczepański 159 Dec 21, 2022
A 3-D Printed Bot which can talk, cheer, dance and manage your day-to-day schedule.

cheerup A 3-D Printed Bot which can talk, cheer, dance and manage your day-to-day schedule. In childhood many of us have watched this show "SpongeBob

Aniket Dhole 4 Sep 5, 2021
alie, simplified Discord bot, that's it. As fast and stable as possible.

alie alie, simplified Discord bot, that's it. As fast and stable as possible. Requirements Linux-compatible OS (aka Linux distribution) A C compiler w

mecura 8 Nov 15, 2021
A D++ Discord Bot template for Visual Studio 2019 (x64 and x86)

D++ Windows Bot Template A D++ Discord Bot template for Visual Studio 2019 (x64 and x86, release and debug). The result of this tutorial. This templat

brainbox.cc 28 Dec 24, 2022
A Discord Bot to protect your server from spam, invitations, fake nitro ads and more written in C++

Antispambot An efficient Discord Bot to prevent spam written in C++. Tested on a large discord server and mitigates around 90% spam. Its well commente

Phil 9 Nov 5, 2022
An easy to build CO2 Monitor/Meter with Android and iOS App for real time visualization and charting of air data, data logger, a variety of communication options (BLE, WIFI, MQTT, ESP-Now) and many supported sensors.

CO2-Gadget An easy to build CO2 Monitor/Meter with cell phone App for real time visualization and charting of air data, datalogger, a variety of commu

Mariete 30 Dec 17, 2022
Stock market Telegram bot

Stonky Telegram Bot README Stonky is a Telegram bot that provides access to financial informations. It is backed by the publicly available Yahoo Finan

Salvatore Sanfilippo 208 Dec 22, 2022
🍌 C++ Telegram Bot API library

?? banana - thin wrapper over Telegram Bot API written in C++17. Key Features Simple API Single interface for both blocking, non-blocking and even cor

Alexander 30 Nov 22, 2022
A simple growtopia bot!

CPPBot By DrOreo002 Fixed by Lucy Usage It should be easy to build this, but apparently visual studio wouldn't allow you to. Because sometimes thing c

inf 9 Oct 20, 2021
Tetris bot

Lemon Tea Guildline versus tetris bot How to build Notices Lemon Tea makes use of standard library header <bit> available in C++20, so make sure your

null 5 Aug 18, 2022
A Bouncing Seal Discord Bot's Source Code.

A Bouncing Seal It's a fun bot with leveling and funny bouncing seal videos. Information Invite Support Server How to run locally You need DPP, follow

SirObsidian 4 Sep 10, 2021
Bot for participation to the Lux AI Challenge

Lux AI Challenge This repository is a cleaned version of the official LUX AI Challenge kit that can be found here: https://github.com/Lux-AI-Challenge

AB Normals 2 Dec 6, 2021