How it works

  • Requirements to run AIPA


  • Must have...

    • PHP >= 5.4, CLI,  func: system(), exec(), passthru()
    • libxml in PHP
    • netstat, grep, screen in bash
    • Apache 2.xx
    • root access


    Nice to have...

    • ModSecurity

     

  • UnZip aipa.zip package, configure 1settings.php and run bash daemon


    root@YourServer:~/AIPA_home_dir/AIPA_1.0.7# ./aipa.run start
     

     

  • AIPA checks IP reputation on  AbuseIPdb.com, calculates propability of violation and bans if necessary.

    Package provides several .php files, however you should run only bash script that process all the work. AIPA is very efficient. Always first greps local database, and after that (of course if its necessary) looks for IP at AbuseIPdb.com, BlockList.de and MyIP.ms local database. There are many variables You can set, to make AIPA more precise or more efficient, eg.:

    • record "time to live" (how long abuse ip should be stored in database),
    • ports to be scanned, (e.g. 80 and 443),
    • minimum connections count from the same IP to allow AIPA request this IP in any activity,
    • minimum rate that is required to ban,
    • ATOM power, variable that calculates strength of IP violations.
    • silent mode - to show on screen all activity...

     

  • After malicious IP is detected, AIPA reload Apache restrict file, test Apache configuration and if everything is OK restart Apache gracefully.