Info
| Version: | 1.2.5 |
| Author(s): | Omar AL Zabir |
| Last Update: | Monday, July 11, 2016 |
| .NET Fiddle: | Create the first Fiddle |
| Project Url: | https://github.com/oazabir/HackerSpray |
| NuGet Url: | https://www.nuget.org/packages/HackerSpray |
Install
Install-Package HackerSpray
dotnet add package HackerSpray
paket add HackerSpray
HackerSpray Download (Unzip the "nupkg" after downloading)
Dependencies
- StackExchange.Redis(>= 1.1.603)
- redis-64(>= 3.0.501)
Tags
.NET Core version also available.
Features:
* Protect login, registration, password reset pages against brute force and DOS attacks.
* Block users from performing any action too many times.
* Prevent too many hits from any IP or IP Range.
* Blacklist/Whitelist specific IP, IP range, username, URLs, transactions for a period.
An example scenario is a Bank Login page, where brute force password attempts on user accounts and DOS attack on Login page are a regular event.
Using this library, you can protect login page from brute force attacks, blocking too many usernames from certain IPs,
or too many hits from a range of IP trying to do DOS attack,
or even simple 3 invalid login attempts per username, per 15 mins.
This high performance, very lightweight library protects you from hitting the database too many times on pages and APIs that are prone to attacks, thus lowering web server and database CPU, increasing the scalability of the overall application.
Example code:
var result = await Hacker.DefendAsync("/Account/LogOn", Request.UserHostAddress);
if (result == Hacker.Result.TooManyHitsFromOrigin)
await Hacker.BlacklistOriginAsync(Request.UserHostAddress, TimeSpan.FromMinutes(10));
else if (result == Hacker.Result.TooManyHitsOnKey)
await Hacker.BlacklistKeyAsync("/Account/LogOn", TimeSpan.FromMinutes(10));
.
.
.
Hacker.DefendAsync("/Account/PasswordReset", Request.UserHostAddress, TimeSpan.FromMinutes(5), 100);
Hacker.DefendAsync("Username" + username, Request.UserHostAddress);
Hacker.DefendAsync("Comment", Request.UserHostAddress);.