Web Application Penetration Testing Prevention

I see most of the people here are focused on the how to’s of Pen Testing and not so much on prevention. As a programmer my main focus is preventing websites and web apps from attacks. I joined this site to help my knowledge on prevention. I see a lot of you rely on staying hidden for testing. I also see that most of you are just learning. I have developed a system that will prevent most attacks from accruing in the first place as the system prevents access to most VPN services including Tor, as well as other factors. I was hoping to see if I could post a link to a sample wordpress site and allow testing, but before I do I wanted to first see if the admins will allow it, and next see if anyone was interested. I am Not trying to sell anything to any one, and this is not a paying job, just a chance for some of you to have a real world testing ground.
Thanks GSG.

1 Like

Hello, yes, this is usually the case as it is more of an exiting approach, i myself started out in the blue team so i know what you mean. That is a fantastic project, please get in touch with us so that we can setup a demo for the users. We would love to hear more about the project and its workings.

Hello @GSG! Very nice project.I cannot wait until you submit it :blush: .
I will definitely check it out!

Well after much work the test site is now up. Before you begin there are serval thing you must know about this system.

1 GEO Blocking has been disabled, however if enabled you can block Countries, States, Cities and Postal Codes

2 ISP Blocking is Enabled 486 ISP’s are blocked; you may not be able to ever get to the site.

3 VPN IP Block is enabled 1,173,480 IP address are blocked.

4 Tor Block is enabled 6,120 Tor Exit Nodes.

5 1,013 Web Bot’s are blocked.

The site is a new install of Wordpress version 5.3.2, using Twenty SeventeenVersion: 2.2 Theme, only 1 plugin is installed WPS Hide Login Version

I guess you will need t find the login page on you own.

Site address https://rsys.kvwebsolutions.com/

Let me know what you think.


Is this a CTF kind of thing? :thinking:

Any feedback from anyone that has tried to get in?
As of this time 511 Total Visits Blocked, 137 Tor Browser Visitors, and 2 Allowed Visits

Hello, i have been testing the service and site for a few days now. I will leave my feedback here when i have completed the process.

Thanks for the heads up, I have been seeing more traffic on the site the last few days.

To make it a little easier I have disabled ISP blocking. What this means is any ISP or Company can now access the site. I will soon included a flag, if you find the flag you be redirected to a different site that will enable you to clam victory and will shut down this test site.

Asia Pacific IP’s have been blocked, I setup my own proxy server and then try to vist the site but I get 401 unauthorised error, Could you enable Asia Pacific access?

Asia Pacific should now have access

I have ended the testing at this point but I want to thank everyone that has tried.
Here are the totals
1,091 Allowed Visits, 1,012 one person all hits within 30 minutes.
1,398 Visits Blocked.
136 BOTS.
144 Tor Browser Visitors.
For more details you can download a CSV file here.
Any feedback is welcome and if you wold like more information on how the system works I wold be glad to give you a demo of the back end, and if you wold like to protect your site just let me know.

1 Like

I did not find any serious threats. Good Job! @GSG

Thank you @MoNsTeR, I will tell you all just what you were trying to get past, Global Site Guard, this is a new product to help prevent hacking. for all that worked hard to get past it, PM me your email, and I will give you 1 year free service to protect your website. I have many more tips and tricks tor all of you for soon


Hey man.I think I bypassed it :wink:
I sent you dm.

not a chance. your flood of hits just made me block your ip.