After two years of development, the first release of the Messor project is available, developing free, independent and decentralized software to secure networks and transparently collect data on attacks and scans. The project developers launched the Messor.Network network and published a plugin for the OpenCart3 e-commerce platform. The plugin code is written in PHP and distributed under the Apache 2.0 license. A module for nginx/apache2 (C++), a plugin for Magento (php) and a plugin for Wordress (php) are under development.
The project provides a bundle of IPS, Honeypot and a hybrid P2P client that implements scanning protection, regardless of the purpose, be it exploitation of vulnerabilities, bots, search engines or other applications. The main difference between Messor and other IPS is its network structure. Connected sites form a single P2P-Messor-Network, each member of which collects data on intruders, sends information to other network members and receives daily database updates. Each member of the Messor network is responsible for distributing an up-to-date database to other network members and sending the collected data about attacks to the central servers of the network.
The database contains:
- A list of ip-addresses that the network has recognized as dangerous, which means that attacks have been repeatedly recorded from them in recent times;
- Lists of ip-addresses of various bots;
- Regular expressions for detecting attacks based on UserAgent/GET/POST/COOKIE data;
- Regular expressions to detect bots;
- A list of honeypots to define scans.
Source: opennet.ru