CrowdSec is a free, open-source and collaborative IPS. Analyze behaviors, respond to attacks & share signals across the community.

Please read our disclaimer

What is Crowdsec?

CrowdSec is a free, open-source, and collaborative IPS. Analyze behaviors, respond to attacks & share signals across the community.

Where did CrowdSec come from?

Thibault & Philippe, 2 of CrowdSec founders, used to work in high-security hosting, which was kind of a new field back in the 2010s. They designed a stack of protection that would also block IPs that made violations.

One day, one of their clients, a famous sports-oriented e-commerce shop, was under attack. It was not a real problem since it was protected by a robust stack, but the hacker used more than 3,000 IP addresses to try to aggress the website. At this exact moment came this idea that would be the genesis of CrowdSec.

“What if we share those IPs with our peers and colleagues in the industry? That would cripple this hacker’s operations even further, right?”

This was the starting point of a long journey, involving a lot of great minds in designing a lightweight product, Waze-like, that would not only block attacks but also share IPs with all its user community.

“Safer together” was born. The team started to gather around this idea that instead of being isolated sitting ducks, waiting to be picked one by one by the enemy, we could rather organize a sort of Internet neighborhood watch.


Feature List

  • Easy to Set up and Use - CrowdSec is easy to install, deploy and use regardless of your knowledge. You don't need to be a security master to enjoy its full capabilities.

  • Replayable - CrowdSec is able to process both live and old logs, which makes it false-positive resilient.

  • Observable - CrowdSec is instrumented with Metabase & Prometheus to generate out-of-the-box dashboards and monitor activity across your assets.

  • API-Driven - All components communicate via HTTP API, making it easy to cover complex setups.

  • Participative - You can share malevolent IP data with your fellow users, have each other's backs and outnumber hackers.

  • Open Source - CrowdSec is as open source and free as it can be through an MIT licence. No back doors. No shenanigans.

Detected Behaviours

  • Applicative DDoS

  • Drive-by download

  • Resource abuse

  • Credentials Brute-forcing

  • PHP-based Armageddon

  • Port scans

  • Web scans

  • Credentials stuffing

  • Bot scraping

  • Targeted attacks

Special Thanks

  • Momas for their input and guidance.

  • Our Discord community and our Community Leaders DiscDuck and Sycotix for their input and documentation.

Final Words

We hope you enjoyed this guide. It was conceptualized by Momas, written, and implemented by our Community Leader Hawks.

Support Us

Our work sometimes takes months to research and develop. If you want to help support us please consider:

Thank you for being part of our community!

Last updated