realcorvus

realcorvus

Paraxial.io - Bot prevention for Elixir/Phoenix apps

Hi Elixir Forum,

I’ve been working on Paraxial.io for a while now, and am excited to announce the beta is officially live! Here’s the announcement post.

If you currently use reCaptcha or a CDN based bot defense (Cloudflare, Akamai, etc.), you’re familiar with the problems bots cause. I’ve seen bypasses of both these systems via:

  1. Outsourced/automated captcha solving.
  2. Hosts leaking their IP address, leading to the CDN protection being completely bypassed.

The key features of Paraxial.io are:

  1. You install the agent through your mix file.
  2. You can define a rule like, “If an IP sends > 10 logins in 10 seconds, ban it”. Unlike a CDN based approach, this cannot be bypassed due to a host IP leak.
  3. If an attacker is using a cloud server (AWS, GCP, etc.) for a large pool of IPs (see Bypassing IP Based Blocking with AWS API Gateway), the Paraxial.io agent can be configured to block cloud provider IPs.
  4. You control the data you want to send to the Paraxial.io backend, unlike a CDN where all your data has to pass through a third party server.
  5. A nice dashboard showing allowed and blocked requests.

The price for a personal account is $27 per month, where your site has less than 10,000 good events per month. If you sign up for the beta and provide feedback, I’m happy to drop that to $9. Business pricing scales with the number of requests.

To get access, email support@paraxial.io and I’ll add your email to the approved users list.

I hope this is posted under the correct category, I can move it if it violates a forum rule. Thank you!

Most Liked

realcorvus

realcorvus

Hello Elixir forum, it has been 2 years since Paraxial.io first went live, and I would like to thank you all for the incredible feedback and support you have shown. The goal of Paraxial.io is to help developers secure their work, and today I’m very excited to announce a free non-commercial tier: Paraxial.io is Free for Elixir Developers

You can sign up now, no credit card required, and use most of the available features to improve the security of your side project, academic work, or just learn more about appsec. The free tier limits:

  1. Maximum of 2 Sites.
  2. You cannot invite users to a Site.
  3. HTTP traffic cannot be ingested by the backend.
  4. Limit of 30 scans per site, per month.
14
Post #8
realcorvus

realcorvus

Hi Elixir Forum,

Paraxial.io 2.0 recently launched, here’s the announcement blog post - Introducing Paraxial.io 2.0

And a video overview of the features:

The original launch was just over a year ago, and focused on stopping bot attacks. This release helps you ensure the Elixir application you deploy cannot be hacked. For example, the sites overview page gives a list of your current sites, if they are exposed to the internet, and a summary of vulnerabilities.

There are a number of security metrics relevant to Elixir applications, including:

  • Active vulnerabilities
  • Dependency versions
  • Recent exploitation attempts
  • HTTP traffic
  • Rules for restricting bot attacks

The new Overview page for each site displays the most relevant information on one screen.

A common barrier to using security tools in Elixir is the high number of initial findings. Paraxial.io is able to prioritize findings by severity, and provide details on how to fix the issue.

The mix task is fully compatible with your CI/CD pipeline, because it runs as normal Elixir code. For example, you can configure a Github action to check each new pull request for security problems.

If no issues are found the build is successful.

The feedback and support from the community has been really fantastic, and this release incorporates so many things learned over the last several months. Thank you all for the support, I’m so grateful to be working in Elixir, and hope this release will encourage further adoption of the language.

realcorvus

realcorvus

Hi everyone, just a brief update, the beta is no longer invite only! I’ve published a step-by-step guide to installing Paraxial via mix here - Getting started with Paraxial.io, Free Tier — Paraxial v2.10.0

To create an account, just visit - https://app.paraxial.io/users/register - and sign up. The agent is hosted on Hex, and installation only takes a few minutes.

Where Next?

Popular in Discussions Top

jswny
I would like to better understand what the advantages/disadvantages of umbrella applications are compared to structuring your app as as s...
New
cvkmohan
The upcoming Phoenix 1.6 release looks very interesting. Became a habit to watch the commits - and - what they are bringing in. phx.gen...
New
Fl4m3Ph03n1x
Background A few days ago I was listening to The future of Elixir from Elixir Talks, with Dave Thomas (@pragdave ) and Brian Mitchell. I...
New
New
Nvim
Elixir appears to be a superior language to Python. I don’t see any advantage of Python over Elixir. Are there any?
New
arpan
Hello everyone :wave: Today I am very excited to announce a project that I have been working on for almost 3 months now. The project is...
New
CharlesO
Erlang :list.nth simple, but 1 - based nth(1, [H|_]) -> H; nth(N, [_|T]) when N > 1 -> nth(N - 1, T). Elixir Enum.at … coo...
New
und0ck3d
Hello everyone! A few days ago I’ve created a topic here about how people were creating CMSs with Elixir and Phoenix. I’ve been studying...
New
chulkilee
Here are the list of HTTP client libraries/wrappers, and some thoughts on HTTP client in general. I’d like to hear from others how they w...
New
opsb
We’re considering our architecture from a viewpoint of scaling our traffic heavily over the next 6 months. Our current deployment is runn...
New

Other popular topics Top

marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
jononomo
I am trying to figure out how Mix knows whether the environment is test, dev, or prod – where is this set? Thanks.
New
chrismccord
Phoenix 1.4.0 released Phoenix 1.4 is out! This release ships with exciting new features, most notably with HTTP2 support, improved deve...
688 30877 112
New
aesmail
Hello guys, I have finally made it. I created an admin interface for a framework. It’s been on my todo list for years and with the curre...
New
stefanluptak
Hello everybody, usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
vonH
When I run the Plug and I recompile I wind up having to use Ctrl C to quit iex and start again. Witht the help of rlwrap I can use the cu...
New
Qqwy
Original source of discussion: This topic on the Pragmatic Programmers’ Functional Web Development with Elixir, OTP, and Phoenix forum. ...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New
Brian
What is the proper way to load a module from a file in to IEX? In the python world, doing something like this pretty standard: from ....
New
AstonJ
We’ve put together this wiki for Phoenix LiveView - please feel free to add any info you feel is worth including. What is Phoenix LiveV...
New

We're in Beta

About us Mission Statement