Anipaleja/nginx-defender
GitHub
Releases5
Frequency2 months 1 week
Last Release
Stars79
A lightweight, real time log monitoring tool designed to detect and block IP addresses exhibiting abusive behavior such as brute force attacks, excessive requests, or suspicious patterns. Automatically integrates with your server’s firewall (iptables or ufw) to block offenders and protect web services without relying on external services.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.5 MEDIUM | — | ||
nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml contain default credentials (default_password: "change_me_please", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. The issue is addressed in v1.5.0 and later. | |||