The average Linux VPS receives its first attack within minutes of going online. Defensia detects and blocks them automatically — SSH brute force, web exploits, scanners, and more.
Install in 30 seconds →sshd: Failed password for root from 185.220.101.7 port 43992
sshd: Invalid user admin from 45.83.64.11 port 55120
nginx: 103.145.13.90 "GET /wp-login.php HTTP/1.1" 404
nginx: 91.108.4.30 "POST /../../../etc/passwd HTTP/1.1" 400
sshd: Failed password for ubuntu from 45.83.64.11 port 22180
… thousands more today
Defensia monitors multiple attack surfaces simultaneously, with no configuration.
15 detection patterns covering failed passwords, invalid users, pre-auth scanning, PAM failures, and kex negotiation drops.
SQL injection, XSS, path traversal, RCE, web shells, shellshock, SSRF, and 8 more OWASP attack types from nginx/Apache logs.
Detects automated scanners (Shodan, Masscan, nmap) probing your services. Blacklists them before they find an open port.
70+ bot fingerprints. Per-policy: allow legitimate bots (Googlebot), log gray-area crawlers, block malicious scanners.
Decoy endpoints that only attackers visit. Any request to /backup.zip, /.git, /phpmyadmin triggers immediate high-score ban.
Dedicated detection for wp-login.php brute force, xmlrpc.php abuse, and plugin vulnerability probing.
A lightweight Go agent runs on your server, reads logs in real time, and applies firewall rules automatically.
# Architecture
auth.log + nginx/access.log + docker logs
│ Auto-detected. No config files.
▼
Watcher goroutines
│ Detect patterns in real time
▼
Scoring engine → each attack adds points to IP score
│ Score ≥ 80 → block 1h · Score ≥ 100 → blacklist 24h
▼
ipset add defensia-bans <IP> → firewall blocks instantly
│ 65,000+ concurrent bans with ipset
▼
POST /api/agent/bans → dashboard + all your other servers
Free tier covers the essentials. Pro adds deeper security intelligence.
15 detection patterns. Blocks within seconds of attack start.
OWASP attack detection from nginx/Apache logs. Zero config.
Live event feed, charts, ban timeline, all servers in one view.
Detects vulnerable packages and matches against CISA KEV catalog.
Block entire countries at the firewall level. Per-server policy.
0–100 security score. SSH, firewall, web headers, file permissions.
Requires: iptables + systemd + root access. Recommended: ipset.
One command. Under 30 seconds. Free for one server.
No credit card required.