HostDeny.com is currently under development by Jason Rogers at www.RogersIT.net. A seasoned system administrator with an extensive security background. When beginning of the development, I started off by banning IP addresses using scripts that would add entries within the hosts.deny file. I noticed that once the host.deny file would get a large number of entries. Applications started to slow, especially apache. Basically anything with a remote connection, the hosts.deny file would effect response times with large number of entries.
I then began working with system routes within my scripts instead of using the hosts.deny. I noticed that with over 50,000 route entries, no remote port establishments were delayed as they were when using hosts.deny or iptables. I also wanted something that would protect all aspects of a server, not just apache, mail, ssh, etc… So all my scripts began to come together and HostDeny.com was finally in development.
There are many of programs and scripts that do somewhat of what HostDeny does, but generally only protects one aspect of a server. Again, response times was a major factor of the HostDeny.com development.
So how does it work?
The first run of HostDeny.com on a server, you are fully protected. The HostDeny binary will receive IP’s found to be malicious from our central database and imported into system routes. These IPs are IP addresses that were found to be brute forcing a server, scraping websites, hijacking mail systems, proxy sites, VPN, well the list goes on. Though the just of it, they are bad IP addresses. Once these IP are received from our system, you are fully protected and the IP addresses will fail to make any type of connection to your server. What makes HostDeny so unique is that another server running HostDeny could have already found a bad IP address and imported it into our database. So a bad IP will never have a chance to even perform one malicious attempt to your server since the IP has already been found to be bad.