Project SECURITY – Website Security, Anti-Spam & Firewall

🚀 Overview

Project SECURITY is an all-in-one website security suite designed to protect PHP-based sites and apps with an application-level firewall, anti-spam defenses, bot/attack mitigation, and real-time monitoring. It’s ideal for agencies, hosting providers, and developers who need a lightweight, server-friendly shield against common web threats without rebuilding core security logic.

Real-world relevance (Experience): Built around the day-to-day threats seen on production sites—brute force, credential stuffing, comment/contact-form spam, suspicious crawlers, and exploits targeting outdated plugins or frameworks.

Target users: Web agencies, DevOps teams, sysadmins, freelancers managing client sites, and learners studying secure PHP architectures.

✨ Key Features

• Application Firewall (WAF) – Filters malicious payloads (SQLi/XSS patterns), blocks bad IP ranges, and throttles abusive requests.
• Anti-Spam Engine – Honeypots, rate limiting, keyword/IP reputation checks for forms, comments, and sign-ups.
• Brute-Force Protection – Login attempt limits, cooldowns, optional 2FA hooks, and admin URL shielding.
• IP/Country Bans & Allowlists – CIDR/IP rules, country-based rules, temporary and permanent blocks.
• Bot & Crawler Control – Challenge pages, user-agent validation, referrer checks, and anti-scraping measures.
• File Integrity & Monitoring – Hash checks, change alerts, and quarantine workflow (optional).
• Notifications & Logs – Email alerts, daily summaries, searchable event logs, and export.
• Dashboards & Reports – Real-time charts for blocked requests, top attack vectors, and geolocation heatmaps.
• Performance-Safe – Caching of rules, minimal overhead, and compatibility with opcode caches/CDNs.
• Localization – Multi-language UI strings and RTL support.
• Developer-Friendly – Extensible rules, hooks, and clear configuration files.

Effectiveness depends on correct configuration, server stack, and keeping your software up to date.

⚙️ Technical Stack

• Language & Runtime: PHP 7.4–8.x, Composer (optional), JSON/INI/YAML configs.
• Web Server: Apache or Nginx with PHP-FPM; compatible with shared/VPS/dedicated hosting.
• Database: MySQL/MariaDB (for logging and settings) or file-based storage (lite modes).
• Security Layers: IP reputation lists, regex filters, rate limiting, CSRF tokens, and form honeypots.
• Infrastructure: Works alongside CDN/WAFs (e.g., Cloudflare) and server-level firewalls (UFW/CSF).
• Recommended Server Spec: 1–2 vCPU, 1–2 GB RAM, TLS enabled, log rotation configured.

🧩 Installation Guide

1. Upload Files: Copy the project-security folder to your web root or a protected subdirectory.
2. Create Database: Create a MySQL/MariaDB database and user; record credentials.
3. Configure Env: Duplicate .env.example → .env; set DB credentials, admin email, and site URL.
4. Run Installer: Visit the installer URL (or CLI script) to generate tables and admin account.
5. Integrate Firewall: Include the bootstrap snippet in your site’s index.php (or framework entry) before routing executes.
6. Harden & Test: Enable rate limits, add allowlist for your IP, verify form spam checks, and review logs.

📦 Deliverables

• Full source code of Project SECURITY (PHP) with configuration files.
• SQL migrations/schema and seed data (if applicable).
• Admin panel for rules, logs, and reports.
• Integration snippets for popular PHP setups (vanilla, Laravel/CodeIgniter hooks where applicable).
• Documentation (setup, security tips, and troubleshooting).

📱 Supported Platforms

• Web Stacks: PHP-based websites and applications.
• Servers: Linux (Ubuntu/Debian/CentOS) and Windows Server with Apache/Nginx.
• CDN/WAF: Compatible with reverse proxies and popular CDNs (configure real IP headers).

🧠 Notes

• License: Distributed under the GPL for lawful learning, testing, and redistribution.
• Customization Tips: Tune rate limits per route, maintain allowlists for APIs/webhooks, enable strict mode on admin areas, and schedule log pruning.
• SEO Assurance: No front-end bloat; semantic HTML in admin views, cache-friendly assets, and proper status codes on challenge/deny pages.
• Experience: Practices mirror what we deploy on live client sites—layered security, least privilege, and observability first.

👨‍💻 Original Developer Credit

Please support the original author and obtain official licenses, updates, and support from the source marketplace:
CodeCanyon – Original Author’s Listing.

🔒 Disclaimer

This is a GPL redistribution prepared for educational and archival purposes on GPL resource sites. We are not the original developer and provide no warranty or official support. Security outcomes depend on proper configuration and maintenance. For commercial deployments, dedicated support, and guaranteed updates, purchase a valid license from the original developer. All trademarks and product names are the property of their respective owners.