CrowdSec Engine

Crowdsec's community network allows CrowdSec security engines and third party integrations to share signals about attackers and getting access in exchange to a curated blocklist. 

This extension provides the means to easily share core attack signals and extra signals from 3rd party security plugins and retrieve CrowdSec's community blocklist as well as the ability to remediate against local attacks and blocklist's IPs.

Note that the only information shared with the network is about the attacker: Attacker IP, Name of attack, Timestamp.

You also have the ability to enroll into CrowdSec's console to get access to personnal dashboards, CTI and extra blocklist features.

Enrolling into the console is optional and not required for this extension to run.

Account and Pricing

Creating an account is not required and this extension is free of charge.
However, for a more advanced usage, you can create an account on the Crowdsec's console.

The CrowdSec Engine

The CrowdSec Engine for Magento 2 has been designed to share threat signal and benefit from the CrowdSec's community blocklist.

1. Threat sharing
   This extension comes with protection against user enumeration and site scanning: core Magento events allow us to detect this behaviour through a simple burst detection function included in the extension. Third party security extensions also have the possibility to share signals about malicious behaviour they detect and by doing that allow their users to benefit CrowdSec's network curration system and blocklist.
   
2. Benifit from community blocklist
   CrowdSec's community blocklist is kept up to date and currated by an advanced expert system allowing to avoid false positives and poisoning. This blocklist is periodically retrieved by this extension and kept you safe from tens of thousands of proven malicious actors.  The remediation against those IP is in the for of a ban wall, customizable within the settings.

In-Depth Malicious Behavior Detection

This extension offers two core features for detecting malicious behavior based on events directly from Magento 2:

1. Detecting and Blocking User Enumeration:
   This involves identifying and blocking attempts to discover the usernames or user information on the site.  Such attempts are often the first step in brute force attacks or other targeted hacking attempts. By recognizing and thwarting these efforts, the extension provides a crucial layer of security that safeguards user privacy and site integrity.
2. Detecting Wide Site Scans:
   The extension is also capable of detecting large-scale site scans, which cybercriminals often perform to find vulnerabilities in the site's structure. Recognizing and blocking these scans helps protect the site from potential breaches, ensuring that critical data remains secure.

Sharing Malicious Behavior for Enhanced Security

This extension allows to share the malicious behavior they detect with CrowdSec's network. The community-driven approach means that any attack detected on one part of the network can be swiftly communicated to others. 

This proactive collaboration not only ensures better site protection but also leverages the collective power of the hundreds of thousands of watchers in CrowdSec's network.

By pooling resources and intelligence, online retailers can be assured that they are benefiting from the most up-to-date and comprehensive security information. 

Advanced Visualization through Voluntary Enrollment

An additional benefit of this extension is the option to enroll in CrowdSec's console for advanced visualization of the attacks being reported. 

This voluntary enrollment allows users to gain deeper insights into the nature of the attacks, the patterns involved, and the source of potential threats.

The visualization tools provide a more detailed understanding of the security landscape, empowering site administrators to make informed decisions and tailor their security protocols accordingly. 

By joining this platform, users can leverage CrowdSec's cutting-edge technology and vast network to stay ahead of the ever-evolving threat landscape.

Features

• Improved security
• Easy to configure
• Enable/Disable suspicious behavior detection
• Enable/Disable access blocking for banned IP
• Support File system, Redis and Memcached cache
• Support IPv4 and IPv6 Crowdsec's decisions
• Enable/Disable log file
• Source code is not encrypted