Update: 29 Million Automatically Blocked IP Addresses

Michael Buckbee

20 Mar 2024

We're working hard to deliver on our promise of adding more automatic security features to Wafris so that you can worry less about monitoring your site, letting you get back to the shipping code, and worrying less about your site's security.

Roadmap Update

Last week, we announced the launch of our integrated Geoblocking service. In just seven days, sites, on average, are automatically stopping tens of thousands of unwanted requests.

These requests:

  1. Are just noise in your logs and eating compute
  2. Often, probes lead to more advanced attacks.

It's a large decrease in the surface area that threats can target.

IP Reputation Announcement

Machines rarely attack a single site - they launch attacks against thousands of sites simultaneously.

We track this attack behavior and maintain a continuously updated database of IP addresses known to participate in attacks.

Currently, the database contains roughly 29,171,087 IPs that identify:

  • Exploit bots
  • DDos Probes
  • Hijacked machines
  • VPNs used to obscure attacks
  • Known malicious web hosting companies
  • And many other classes of attack

Paid Wafris plans have this IP Reputation Ruleset applied to their inbound web requests. This automatically blocks a significant number of attacks without manual intervention.

If you're on a free plan, head to http://wafris.org/pricing to upgrade or feel free to book a time at https://app.harmonizely.com/expedited/wafris

ip-reputation.webp

Weekly Web Weirdness

This week, we're highlighting a resurgence in bots looking for Docker build artifacts. These can contain sensitive information like API keys, indications of how to gain further access or even potentially user data.

Spend a moment to verify whether your current deployment setup has any exposed build artifacts.

web-weirdness.webp

Want more web weirdness? Follow us on Twitter - https://twitter.com/wafrisorg or LinkedIn https://www.linkedin.com/company/wafris/

Contributor of the Week

This week, we want to thank Francis Lavoie for reviewing our Wafris Caddy client and suggesting some smart improvements.

Follow him at: https://twitter.com/_francislavoie

Do this next

We're on a mission to better secure every web app on internet. Here's some ways you can jump in:

1. Check out our Open Source Web Application Firewall

Wafris is the free open source WAF that you can use to understand and visualize the requests hitting your apps and then take steps to protect them. It's still in early development, but you can signup for the waitlist to get early access at wafris.org

2. Investigate IP addresses with our IP Lookup service

Bad bots and probes hit sites within minutes of being put on the Internet. Sort the good from the bad by identifying request IPs as coming from bots, Tor networks, VPNs, proxies and malware hosts at wafris.org/ip-lookup

3. Anything else?

If you have any questions or need help finding the right way to handle web app security issues, please let us know at: help@wafris.org