Smart Server Defense
Powered by BlueIce3
Welcome to SmartServerDefense.com!
Leveraging AI to help your server defend itself from attacks.
Current AI Driven Active Block List
Active Block List
Check for News and Other Errata
Root mail re-cycling, apt-get errors, and more...
Getting Set Up Quickly
Quickly Setup BlueIce3 on Ubuntu
Base Installation Steps / Details
Configure BlueIce3 (Python, AI, MySQL)
Automate BlueIce3 (Cron, Firewall, Shell)
What is it?
BlueIce3 is a freely available suite of software designed to leverage Google's Tensor Flow
artificial intelligence tools to actively scan log files and adjust the server's firewall to block
attacks in almost real time.
How does it work?
BlueIce3 uses Tensor Flow, Apache log files, and a web site mapping to train a simple AI model to detect
when a certain IP address it attempting to hack your web site by constantly attacking and probing your URLs.
Via a cron job, BlueIce3 - once configured - will scan Apache web logs and update it's list of
bad IP addresses. The bad IP address list can then be used to configure a local firewall, provide security via AWS
security groups, or just be logged for future reference. Default setup on Ubuntu writes to hosts.deny with a list of
bad IP addresses.
What platforms are supported?
BlueIce3 is currently only supported on Ubuntu 16.04 LTS but can be installed on any Linux
environment that supports the necessary software packages.
Please see the documentation page for more detailed information.
What is BlueIce?
BlueIce2 is the name of the underlying python program that runs the TensorFlow logic necessary to detect attacking
IP addresses in Apache logs. There is also a set of utility functions contained in another python script called
BlueIce2Utils that can be used to manage the BlueIce2 software. Both of these pieces of software along with install scripts,
MySQL database and automation comprise the BlueIce3 software suite.
What does BlueIce3 have to do with Amazon AMIs?
A Smart Server Defense server setup includes secure SSH setup, secure MySQL (localhost) setup, automated updates for
Linux packages, and the BlueIce3 Smart Server Defense software.
Do I have to train the AI?
Yes and no. The initial software comes configured to run out of the box with some support for detecting hack attempts via Apache logs.
If you want to increase the level of implementation on your server you can configure the software to scan your website and use URLs
in the logic used to detect hack attempts. This will increase your accuracy above the low 90th percentile that the out-of-the-box experience
should give you.
Does Smart Server Defense support other software?
The current implementation is designed to trigger IP address blocks based on Apache log file signatures.
We want to expand this functionality to support scanning log files from other important services like
SSH or database logs.
What packages are included in BlueIce3?
The BlueIce3 software suite is designed to run on a fresh copy of Ubuntu Linux 16.04
LTS. The packages and configurations included with the server configuration are as follows.
- Java JDK
What services does BlueIce2 AI protect?
Currently the software is limited to working with Apache but is designed to be modular and
extendable such that new input files can be supported. This would allow BlueIce2 to plug into
many other IP based services.
- Daily package update check.
- Automatic BlueIce3 server defense.
- Non-standard SSH connection port.
- Non-standard MySQL connection port.
Copyright © 2018 Middlemind LLC. Victor G. Brusca