Crowdsec
App in the BluixApps catalog
What it is
CrowdSec is a collaborative IPS (Intrusion Prevention System) — analyzes logs, detects attacks (SSH brute-force, web attacks, scanners), shares attack data across the CrowdSec community for collective defense. Modern Fail2Ban replacement with community threat intelligence.
For self-hosters running internet-facing services, CrowdSec adds a collective immunity layer beyond static IP blocking.
What it's for
- Intrusion prevention — automatic blocking of attackers
- SSH brute-force protection — block scanners attacking SSH
- Web attack prevention — block SQL injection, XSS attempts
- Community threat intel — benefit from blocked IPs across CrowdSec network
- Decoupled detection + remediation — separate analyzers from blockers
Who it's for
- Self-hosters running internet-facing services
- SysAdmins managing public servers
- DevOps teams hardening production infrastructure
- Security-conscious users wanting community defense
- Hosting providers protecting customer servers
Why teams pick CrowdSec over alternatives
- MIT license — fully open
- Community threat intel — share + receive attack data
- Modern architecture — log parsing + scenario detection
- Decoupled bouncers — block at firewall, nginx, Cloudflare, etc.
- Active development — backed by CrowdSec company
- Scenarios collection — pre-built detection logic
Integrations
- Log sources — journald, files, syslog, custom
- Bouncers — iptables, nftables, nginx, Caddy, Traefik, Cloudflare
- Notification — email, Slack, custom webhooks
- API — REST + LAPI for programmatic
- CTI feeds — pull community-curated blocklists
- Threat intel — push your detections to community (opt-in)
- Dashboards — Grafana + Prometheus integration
Notable users & community
- 9k+ GitHub stars
- Active community on Discord
- Backed by CrowdSec (FR) with commercial enterprise
- Featured in modern Fail2Ban-alternative guides
- Strong release cadence
Tips & operations
- Bouncer choice matters — match bouncer to your firewall
- Tune scenarios — false positives possible; tune for your apps
- Enroll for community CTI — opt-in to share + receive intel
- Monitor decisions — review what's being blocked
- Backup config + decisions — your active blocks
- Persistent volume — database + config
What we ship in BluixApps
- Docker compose: CrowdSec + persistent data volume
- Pinned
crowdsecurity/crowdsec:v1.6(release-tagged) - API key auto-generated for bouncers
- Default scenarios (SSH, web, scanners) enabled
- Persistent volume for config + database
- Bouncer integration documented for nginx + iptables
- Backup hook covers config + decisions DB
Get this app — pick a BluixApps plan
Same catalog. Scaling tenant isolation, white-label and support tier.
| Tier | Tenants | Catalog | Support | White-label | Monthly | |
|---|---|---|---|---|---|---|
| Stacks | 1 | 19 curated stacks | Standard | — | $19/mo | DetailDeploy |
| Starter | 10 | Full catalog | Standard | +$15–25/mo | $49/mo | DetailDeploy |
| Pro | 25 | Full catalog | Priority bugfix | +$15–25/mo | $149/mo | DetailDeploy |
| Growth | 100 | Full catalog | Priority bugfix | +$15–25/mo | $349/mo | DetailDeploy |
| Scale | 500 | Full catalog | 7-day window | +$15–25/mo | $799/mo | DetailDeploy |
| Enterprise | Unlimited | Full catalog | Priority 7-day | Bundled | $1,499/mo | DetailDeploy |