make things happen, follow the white rabbit

Giano, about

DTB's primary defense, firewall + fail-to-IP-ban

Giano, about

Postby LordCrimson on Fri Mar 29, 2019 8:18 am

Months ago we experimented a lot of cyber attacks and attempts to put the server down. Giano was then developed (by TheHalloween and Madame) and used to protect the web server.

It's our primary defense and it does really reduce attempts to crash & spam the server!
Mystères of the invisible, Loa are intermediaries between Bondye the Supreme Creator, who is distant from the world—and humanity.

show post TAG


less 60% bad events

Postby LordCrimson on Fri Mar 29, 2019 8:19 am

Code: Select all
DTB # lssize /log/httpd/*.log
      178 Mbyte /var/log/httpd/access.log
      172 Mbyte /var/log/httpd/err.log

Without Giano

Code: Select all
DTB # lssize /log/httpd/*.log
      141 Mbyte /var/log/httpd/access.log
       75 Mbyte /var/log/httpd/err.log

With Giano

Logs have been observed for six months. It's working :say-sticazzi:
Mystères of the invisible, Loa are intermediaries between Bondye the Supreme Creator, who is distant from the world—and humanity.

show post TAG


How does it work?

Postby LordCrimson on Fri Mar 29, 2019 8:23 am

Giano is basically a firewall with agents connected to four different layers of the network stack
  • at the TCP/IP layer, rejecting malformed/malicious TCP/IP packets
  • at the HTTP layer, rejecting malformed/malicious HTTP requests
  • at the Application layer, rejecting malicious signs, too many password failures, seeking for exploits, etc
  • at the Contest layer, rejecting text containing offensive words

Each agent is a "fail-to-ban" callback that reports the offending IPs to the firewall adding them to the block-list.

Each time you failed a password attempt, the agent like agent-ftpd or agento-sshd generates a event, which is monitored by Giano, it reads those events to find out who is offending and for what, and then react appropriately.

Giano usually reacts by IP-banning. The most people uses dynamic IP, so a permanent ban can block legit users if the ISP rotated the address of a bot to a legit user. This might be a problem. Anyway, generally, this has demonstrated being able to reduce the rate of attacks, to block spambots, as well as able to reduce incorrect authentications attempts.

However, it cannot eliminate the risk that weak authentication presents.
Mystères of the invisible, Loa are intermediaries between Bondye the Supreme Creator, who is distant from the world—and humanity.

show post TAG


The New MessageWall Agent

Postby LordCrimson on Fri Apr 12, 2019 11:41 am

Choose from several patterns on comments form, this new piece of code adds banned words - to automatically stop submitting bad comments.
Mystères of the invisible, Loa are intermediaries between Bondye the Supreme Creator, who is distant from the world—and humanity.

show post TAG


Suppa Power?

Postby madame on Sun Apr 14, 2019 12:00 pm



I have just noticed the new feature in the panel reserved for operators.
And ... it seems I do have new "suppa" powers
:rofl: :rofl:
youse guys have got to turn your world around. chinese stuff is deadly and crap.

show post TAG


Yeah, Suppaman protects this website

Postby TheHalloween on Mon May 06, 2019 1:09 pm




show post TAG



Return to Giano

cron