Real-time Analysis
Monitors Apache access logs as requests happen with multi-site support and auto-discovery of log files.
immution
JavaScript-free bot protection for LAMP stack
IN TESTING PHASE
An open-source solution to block malicious bots by analyzing server log files, without client-side JavaScript. No additional software required - only Python 3 and PHP 8 standard libraries.
NO JAVASCRIPT REQUIRED • NO EXTERNAL DEPENDENCIES
What is Immution?
Immution is an open-source software designed to protect LAMP (Linux, Apache, MySQL, PHP) stack websites from malicious bots and automated attacks. Unlike other solutions, Immution works entirely server-side by analyzing log files, requiring no JavaScript execution on the client side.
Zero Dependencies
Only requires Python 3 and PHP 8 standard libraries. No additional software installation needed.
Advanced Optimization
Features like sharded locks, write buffering, lazy writes, and bloom filters for maximum performance.
Memory-Mapped Ban Checks
PHP performs O(1) lookups against a memory-mapped banned IP table for ultra-fast blocking.
Performance Optimizations
Immution includes advanced optimizations that require no additional software - only Python 3 and PHP 8 standard libraries:
| Optimization | Description | Improvement |
|---|---|---|
| Sharded Locks | Divide cache into 16 shards with separate locks to reduce contention | 2-4x throughput |
| Write Buffering | Buffer writes in memory and flush periodically (every 50 updates or 2 seconds) | 10x fewer disk writes |
| Lazy Writes | Only write when score changes by ≥5 points or ban status changes | 5x fewer writes for legitimate traffic |
| Bloom Filter | Track "clean" IPs to skip file reads for legitimate traffic | 50% fewer file reads |
| Memory-Mapped Bans | PHP reads directly from mmap file - O(1) lookup without JSON parsing | 100x faster ban checks |
Expected Performance Metrics
Disk Writes
Original: 1000/sec
Optimized: 50-100/sec
Improvement: 10-20x fewer writes
Ban Check Latency
Original: ~2ms
Optimized: ~0.02ms
Improvement: 100x faster
Cache Contention
Original: High
Optimized: Low
Improvement: 4x throughput
# Example: Memory-mapped banned IP table (Python + PHP)
# File structure (512KB):
# ┌─────────────────────────────────────────┐
# │ Entry 0: [4B checksum][4B timestamp] │
# │ Entry 1: [4B checksum][4B timestamp] │
# │ ... │
# │ Entry 65535: [4B checksum][4B timestamp]│
# └─────────────────────────────────────────┘
# PHP lookup (O(1)):
$idx = md5_hash($ip) % 65536;
$entry = substr($mmap, $idx * 8, 8);
$is_banned = (checksum_matches($entry, $ip));
How It Works
Architecture Overview
┌─────────────────┐
│ Apache Logs │──── tail -f ────▶┌─────────────────┐
│ (multi-site) │ (threads) │ Python Daemon │
└─────────────────┘ │ (immution) │
└────────┬────────┘
│
▼
┌─────────────────┐
│ /dev/shm/ │
│ immution/ │
│ {ip}.txt │
└────────┬────────┘
│
┌─────────────────┐ │
│ HTTP Request │ │
└────────┬────────┘ │
│ │
▼ ▼
┌─────────────────┐ reads ┌─────────────────┐
│ gate.php │◀─────────────────│ IP Data File │
│ (auto_prepend) │ │ score, banned │
└────────┬────────┘ └─────────────────┘
│
├── banned=true ──▶ Log to CSV + Show 403 + exit()
│
└── banned=false ─▶ Continue to PHP script
Detection Criteria
Scoring Events
- 404 Error: +2 points (increases with frequency)
- Suspicious Path: +6 points
- Missing User-Agent: +8 points
- Known Bot User-Agent: +12 points
- Soft Request Burst (>25 req/10s): +10 points
- Hard Request Burst (>60 req/10s): +25 points
System Parameters
- Ban Threshold: ≥ 50 points
- Score Decay: Half-life of 20 minutes
- TTL: 1 hour of inactivity
- Multi-site: Single daemon handles all sites
- Languages: Ban pages in English & Italian
Installation & Configuration
Quick Installation
# Download and run the installer
sudo bash install.sh
# The installer will:
# 1. Copy files to /opt/immution/
# 2. Create and enable the systemd service
# 3. Configure log rotation
# 4. Install Apache configuration
Manual PHP Configuration
# Add to Apache PHP configuration
sudo nano /etc/php/8.x/apache2/php.ini
# Add this line:
auto_prepend_file = /opt/immution/gate.php
# Restart Apache:
sudo systemctl restart apache2
Useful Commands
Monitoring
sudo systemctl status immutionsudo journalctl -u immution -ftail -f /var/log/immution/blocked.csvls -la /dev/shm/immution/
Maintenance
# Count blocks todaygrep "$(date +%Y-%m-%d)" /var/log/immution/blocked.csv | wc -l# Top 10 blocked IPscut -d',' -f2 /var/log/immution/blocked.csv | sort | uniq -c | sort -rn | head -10# Unblock a specific IPsudo rm /dev/shm/immution/1.2.3.4.txt
GitHub Repository Coming Soon
The Immution project is currently in testing phase. The source code will be publicly available on GitHub shortly.
Check back soon for access to the repository, documentation, and installation instructions.
Repository will be available at: github.com/immution
Project Status
Current Phase: Testing & Performance Optimization
Next Release: Public GitHub repository with full source code
License: MIT License - Open Source
Requirements: Python 3 + PHP 8 (standard libraries only)
File Structure
/opt/immution/
├── immution.py # Main Python daemon
├── gate.php # PHP gate (auto_prepend)
├── gate-404.php # Multilingual 404 page
├── config.json # Configuration (optional)
└── immution_optimized.py # Performance-optimized version
/dev/shm/immution/ # IP data in RAM (fast)
├── 1.2.3.4.txt # Data for each tracked IP
├── 5.6.7.8.txt
└── banned.mmap # Memory-mapped ban table
/var/log/immution/ # Block logs
└── blocked.csv # CSV log of all blocks
/etc/apache2/conf-available/
└── immution-apache.conf # Apache configuration
/etc/systemd/system/
└── immution.service # Systemd service unit