KovaShield
Welcome back
Your security command center is ready.
No account? Start free →
Overview
Protected
Security
Calculating your security score…
KovaShield is analyzing your traffic patterns and building a threat profile for your server.
🚨
Total incidents logged
🚫
IPs
Unique IPs blocked
🧅
TOR
Tor exit nodes detected
🌍
GEO
Countries of origin
💡
What does this mean for my business? KovaShield is watching your server 24/7. Every entry above represents a malicious request that was logged, scored, and blocked — so attackers never reach your actual site.
Attack Timeline
last 24h
Recent Threats
Loading…
🌍 Top Origins
⚔️ Attack Types
🕸️ Subnet Activity
🌐 Domain Health
checking…
0 events
Loading threats…
👆
Select a threat
Click any event on the left to see full threat details, intelligence, and response actions.
Total incidents logged
Unique IPs blocked
Subnets flagged
Tor exit nodes seen
🌍 Country Breakdown
⚔️ Attack Vectors
🎯 Most-Targeted Paths
🏴‍☠️ Top Attackers
ranked by hit count
IP AddressCountryHitsThreat ScoreTorStatus
🌐 Live Attack Topology
Domain → Honeypot → Attacker
Your server
Protected domain
Honeypot path
Critical attacker
High threat
Medium threat
🚫 Blocked IPs
loading…
IP AddressCountryReasonScoreTagsLast Seen
Loading…
🕸️ Blocked Subnets
SubnetIPs in rangeReason
Evidence Vault
SHA-256 + HMAC Sealed
⚖️
Court-ready evidence. Every captured attack is cryptographically sealed the moment it arrives. The SHA-256 hash is a tamper-proof fingerprint — if anyone modifies the record, the hash changes and the tampering is immediately detectable. These packages can be handed to law enforcement or used in legal proceedings.
Loading evidence packages…
🌐 Protected Domains
0 domains
🔗
Add your domains to start monitoring. Once you add a domain and verify ownership via DNS, KovaShield tags all threats by which of your domains was targeted — so you can see exactly what attackers are going after.
Rules run top-to-bottom. First match wins.
🛡️
Firewall rules let you block, allow, or challenge any traffic before it hits your server. For example: block all traffic from Russia, challenge any request to /admin that doesn't come from your office IP, or block any request with a suspicious user-agent string. Rules you create here run automatically — you don't need to touch your server.
🚫
BLOCK
Requests blocked today
⚠️
CHAL
Challenges issued
ALLOW
Bypassed via allowlist
📋
LOG
0
Active rules
Active Rules
0 rules
#Rule NameMatch ConditionActionHitsStatus
🛡️
No rules yet
Add your first rule to start filtering traffic before it reaches your server.
⚡ Quick Templates
one-click rules for common threats
🧅
Block all Tor exit nodes
Prevents anonymous Tor traffic from reaching your server
🤖
Block known scanners
Blocks Shodan, Censys, Masscan and other recon tools
🔐
Protect /wp-login.php
Rate-limits WordPress brute force login attacks
💉
Block SQL injection patterns
Detects and blocks common SQLi attack strings in URLs
📜
Block XSS attempts
Filters script injection patterns from incoming requests
👻
Block empty user-agents
Bots that don't identify themselves are almost always malicious
Automatically throttle IPs that send too many requests too fast.
⏱️
Rate limiting stops brute force attacks and DDoS floods before they overwhelm your server. For example: if someone tries your login page more than 10 times per minute, block them for an hour. You don't need a networking degree — just set a path, a limit, and an action.
Rate Limit Rules
0 rules
Rule NamePathLimitWindowActionHits TodayStatus
⏱️
No rate limit rules
Add a rule to automatically throttle abusive traffic on any path.
⚡ Quick Templates
🔑
Login brute force protection
Max 10 attempts/min on /login — block for 1 hour
API rate limit
Max 100 requests/min on /api — throttle excess
📝
Signup abuse prevention
Max 3 signups/hour per IP on /register
🌐
Global flood protection
Block any IP sending 500+ req/min sitewide
🤖
Not all bots are bad. Google's crawler needs to visit your site so it shows up in search results. But most bots are scanners, scrapers, or attack tools. This page lets you set exactly which bots are welcome and what to do with the rest.
Bot Score Thresholds
KovaShield scores every request 0–100. Score 0 = definitely a bot. Score 100 = definitely human. Set what happens at each range.
Block if score below10
Challenge if score below30
Detection Methods
✅ Known Good Bots
always allowed
BotPurposeAllow
GooglebotSearch indexing
BingbotSearch indexing
DuckDuckBotSearch indexing
SlackbotLink previews
UptimeRobotUptime monitoring
Stripe webhookPayment events
🚫 Always Block
ScannerTypeBlock
ShodanInternet scanner
CensysInternet scanner
MasscanPort scanner
sqlmapSQL injection tool
🌊
A DDoS attack is when hundreds or thousands of computers flood your server with fake traffic all at once, trying to crash it. KovaShield detects these floods automatically and activates protections. These settings control how aggressively it responds.
DDoS Sensitivity
AUTO-ACTIVE
Low
Only block extreme floods (1000+ req/sec). Low false positives. Good for high-traffic sites.
Medium Recommended
Block floods at 100+ req/sec. Balanced for most small business servers.
High
Block at 20+ req/sec from a single IP. Aggressive — may block some legitimate users on mobile.
Custom
Set your own req/sec thresholds per path.
Tarpit Settings
Tarpitting slows down attackers by making their connection wait before responding — wasting their resources instead of yours.
Auto-Block Rules
Under Attack Mode
Manual
Enable this if your server is actively being attacked right now. It activates maximum protections: all unrecognized IPs are challenged, rate limits tighten to 10 req/min, and tarpit runs on every blocked IP.
🚨
Under Attack Mode
Currently: OFF
⚠️ This may block legitimate users temporarily. Disable once the attack subsides.
IPs and ranges here bypass all firewall rules and rate limits.
The allowlist is for IP addresses you completely trust — like your own office, your home, or a payment processor. Traffic from allowlisted IPs skips all blocking rules. Be careful: only add IPs you control, because anything on this list can never be blocked.
Trusted IPs & Ranges
0 entries
IP / CIDRLabelAddedLast seen
No trusted IPs yet
Add your office IP or home IP so your own traffic is never accidentally blocked.
👤 Profile
Email
Plan
Account ID
Member Since
Status● Active
💳 Plan & Billing
Current Plan
StatusActive
Renews
Domains covered
Evidence retention30 days (free)
📦 Plan Comparison
FeatureFreePro
Protected domains1Unlimited
Evidence retention30 days90 days
Firewall rules5Unlimited
Rate limit rules3Unlimited
SMS alerts
GeoIP blocking
AbuseIPDB sync
Webhook alerts
API access
⚠️ Danger Zone
Deleting your account permanently erases all evidence packages, threat data, firewall rules, and settings. This cannot be undone.
🔐 Change Password
📱 Two-Factor Authentication
Recommended
Add a second layer of protection to your account. Even if your password is stolen, an attacker still can't log in without your phone.
🔑 Session Management
Active Sessions
This device
Current session · Windows
CURRENT
📋 Login History
DateIPLocationResult
Login history loading…
📧 Email Alerts
📱 SMS Alerts Pro
🔔 Alert Threshold
Set the minimum threat score that triggers an alert. Lower = more alerts. Higher = only the worst threats.
Minimum score to alert40
All threatsCritical only
🔗 Webhook Alerts Pro
Send threat events to Slack, Discord, PagerDuty, or any custom URL. KovaShield will POST a JSON payload for every matched threat.
🔑 API Key
Your Secret API Key
••••••••••••••••••••••••
Quick Examples
curl -H "Authorization: Bearer YOUR_KEY" \
  https://kovashield.com/api/shield-alerts
🔗 Connected Integrations
ServicePurposeStatus
Slack Threat alerts → channel Not connected
Discord Webhook to server channel Not connected
AbuseIPDB Auto-report attackers Not connected
PagerDuty Pro On-call incident escalation Not connected
📡 API Reference
GET /api/shield-alerts
List all threat events with scores, IPs, and paths
GET /api/blocked-ips
Get current blocked IP list and subnets
POST /api/ks/block-ip
Manually block an IP address via API
GET /api/ks/evidence
Retrieve cryptographically sealed evidence packages
GET /api/ks/dashboard
Summary stats: threats, blocked IPs, countries, timeline
🔄 Data Export
Download your KovaShield data at any time. Exports are generated instantly and emailed to your account address.
👁
24H
Unique visitors
📨
REQ
Total requests
🚫
BLK
Requests blocked
MS
Avg response time
📈 Requests Over Time
requests vs blocked
📊 Bandwidth
data transferred
🔝 Top Paths
🌍 Top Countries
📱 Status Codes
🛡️
Web Application Firewall
Automatically blocks SQL injection, XSS, path traversal, shell injection, and 40+ other attack patterns before they reach your app.
💡
Your WAF currently has 47 rules across 12 attack categories. These run automatically on every request. You don't need to configure anything — just leave it on. The categories below let you fine-tune how aggressive each rule set is.
⚔️
Total blocks
📋
47
Active rules
12
Rule categories
🎯
99.2%
Detection accuracy
Rule Categories
toggle to enable/disable
CategoryMITRE IDRulesBlocked TodayModeActive
🩹 CVE Auto-Patch Feed
loading…
CVE IDSoftwareSeverityWAF RuleStatusPublished
Loading CVE feed…
📋 Recent WAF Events
0 events
TimeIPRulePathAction
Security Rules are high-level switches that turn entire protection behaviors on or off. Unlike firewall rules (which filter specific traffic), these control how KovaShield behaves globally — like whether to seal evidence automatically, whether to report attackers to public databases, or whether to enable honeypot deception.
🔗
Tunnels let you expose a server or service to the internet without opening firewall ports. Think of it like a secure pipe from your private server to the public. All traffic through a tunnel is encrypted and passes through KovaShield's inspection layer first.
Each tunnel creates a secure encrypted connection to your server.
Active Tunnels
0 tunnels
NamePublic URLLocal TargetProtocolStatusRequests
🔗
No tunnels yet
Create a tunnel to securely expose any local service — a web app, API, or database admin panel — without opening your firewall.
Quick Setup
Run this on your server to install the KovaShield tunnel agent:
curl -sSL https://kovashield.com/install-tunnel.sh | bash
Then start a tunnel to your app:
kovashield tunnel --name "My App" --port 3000
📬
Email Routing
Route emails sent to @yourdomain.com anywhere you want — your Gmail, KovaMail, or any inbox. Powered by your server's port 25 SMTP.
📧
Email routing lets you use your own domain for email — like hello@yourdomain.com — without running a full mail server. You add a few DNS records, create a routing rule, and emails arrive in whatever inbox you choose. Works with Gmail, Outlook, KovaMail, or any SMTP address.
📨 Routing Rules
From (catch)Forward ToDomainStatus
📬
No routes yet
Add a route to start receiving email at your domain.
➕ New Email Address
@
🔧 DNS Setup
Required
Add these DNS records to your domain to enable email routing. This tells the internet to send your email through KovaShield first.
MX Record
MX 10 mail.kovashield.com
SPF Record (prevents spam)
TXT "v=spf1 include:kovashield.com ~all"
DMARC Record (anti-spoofing)
TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@kovashield.com"
DNS changes can take up to 24 hours to propagate globally.
📊 Email Stats
Received today0
Forwarded0
Spam blocked0
Bounced0
SMTP port 25● Open
SMTP port 587● Open
TLS encryption● Enforced
🔗 KovaMail Integration
Route emails directly into KovaMail instead of forwarding externally. Your users get a full inbox at their domain — powered by the same server.
🔒
SSL / TLS Encryption
All traffic to your server is encrypted in transit. Certificates are managed automatically via Caddy — no renewals needed.
📜 Certificates
DomainTypeExpiresAuto-renewStatus
Loading certificates…
⚙️ TLS Settings
🔍 SSL Health Check
🔑 Custom Certificate
Advanced
If you have a paid certificate from DigiCert, Comodo, or another CA, you can upload it here. Otherwise, your auto-provisioned Let's Encrypt cert is equally trusted.
Manage low-level network behavior for your server and all protected domains. Changes apply immediately — no restart needed.
Connectivity
IPv6 Compatibility
Enable IPv6 support so visitors using modern ISPs can reach your server. Recommended — most mobile networks are IPv6-only.
WebSockets
Allow persistent WebSocket connections to your origin server. Required for real-time apps, live chat, and dashboards like this one.
Plan limit: up to 100 concurrent connections
gRPC Support
Allow gRPC connections to your origin. Required if any of your apps or APIs use the gRPC protocol instead of HTTP/REST.
HTTP/2
Serve websites over HTTP/2 for faster page loads. HTTP/2 multiplexes requests, reducing latency significantly for visitors.
Recommended — ~30% faster than HTTP/1.1
HTTP/3 (QUIC)
Next-generation protocol that improves performance on lossy networks (mobile, satellite). Uses UDP instead of TCP — faster handshakes.
Supported in Chrome, Firefox, Safari
0-RTT Connection Resumption
Allow returning visitors to resume TLS sessions instantly with zero round-trip time. Speeds up repeat visits at a slight replay-attack risk.
⚠ Not recommended for login or payment endpoints
IP & Request Headers
IP Geolocation Header
Attach the visitor's country code to every request in the X-KovaShield-Country header. Use this in your app to show localized content or block specific countries at the app level.
Example: X-KovaShield-Country: US
Pseudo IPv4 Header
When a visitor connects over IPv6 but your origin server only understands IPv4, KovaShield maps their IPv6 address to a pseudo IPv4 address and sends it in the CF-Pseudo-IPv4 header.
True Client IP Header
Send the original visitor's real IP address to your server in the True-Client-IP header — even when requests pass through proxies or load balancers.
Request ID Header
Attach a unique ID to every request in the X-Request-ID header. Makes debugging and log correlation dramatically easier — match a user complaint to the exact request in your logs.
Limits & Upload
Maximum Upload Size
Maximum data a visitor can upload in a single request. Larger uploads are blocked with a 413 error. Increase this if your app accepts file uploads, video, or large documents.
Request Timeout
How long KovaShield waits for your server to respond before returning a 524 timeout error to the visitor. Increase for slow database queries or large file generation.
Keep-Alive Timeout
How long an idle TCP connection is kept open between KovaShield and your origin. Longer values reduce connection overhead for APIs with frequent requests.
Privacy & Routing
Onion Routing (Tor Support)
Route legitimate Tor users through KovaShield's inspection layer instead of exit nodes. This improves privacy for those users while still letting you apply security rules. Different from blocking Tor — this allows Tor with visibility.
⚠ Distinct from "Block Tor exit nodes" in Security Rules — that blocks Tor entirely; this allows it with monitoring.
Network Error Logging
Collect browser-reported network errors from your visitors. When a user can't reach your site, their browser sends an anonymous report — helping you diagnose ISP-level or CDN-level connectivity issues you'd never otherwise see.
Privacy Pass Support
Honor Privacy Pass tokens — a standard that lets browsers prove they've already passed a challenge without repeating it. Reduces friction for legitimate users who get challenged frequently.
Server-Side Excludes (SSE)
Hide specific pieces of page content from visitors KovaShield identifies as threats — without changing the page for legitimate users. Wrap sensitive content in <!--sse--> tags in your HTML.
DNS
DNSSEC
Cryptographically sign your DNS records to prevent DNS spoofing attacks. Attackers can't redirect your domain to a fake server even if they compromise a DNS resolver.
Your PowerDNS server supports DNSSEC natively
DNS-over-HTTPS (DoH)
Encrypt DNS queries from your visitors' browsers so ISPs and network observers can't see which domains they're looking up. Enables more privacy-conscious visitors to reach your site without DNS interception.
Minimum TTL
How long DNS resolvers cache your records before re-checking. Lower = faster propagation after changes. Higher = less DNS traffic and faster resolution for visitors.
🌐
DNS is the phonebook of the internet. When someone types your domain, DNS tells their browser which server to connect to. Your server runs PowerDNS — you manage all records right here. Changes propagate globally within 5 minutes.
Managing records for all your domains
DNS Records
TypeNameContentTTLProxy
Loading records…
➕ Add DNS Record
🔑
KovaAccess — Identity-Gated Access
Put any app, admin panel, or internal tool behind a login screen — without changing your code. Only verified users get through.
🛡️
KovaAccess adds a login wall in front of any URL on your server — before any request reaches your app. You define who can access it (by email, domain, or IP), and everyone else gets a login page. Works for admin panels, internal dashboards, staging environments, SSH web UIs, and more. No VPN, no code changes.
🔒 Protected Applications
NameProtected URLAuth MethodSessionsStatus
🔑
No apps protected yet
Add an app to put it behind a KovaAccess login screen.
👥 Access Policies
Policies define who is allowed through. You can allow by email address, email domain, IP range, or KovaShield account.
📧
Allow by email domain
Anyone with a @tnzproductions.com address can authenticate
🌐
Allow by IP range
Specific CIDRs bypass the login screen entirely (combine with Allowlist)
🔐
Require MFA on every login
Users must verify with an authenticator app even after password login
⏱️
Session timeout
Automatically expire sessions after inactivity
🔑 Authentication Methods
📊 Access Audit Log
TimeUserAppResult
No access events yet
💡 How it works
1️⃣
User visits your protected URL (e.g. admin.yourdomain.com)
2️⃣
KovaAccess intercepts the request and shows a login page — your app never sees it
3️⃣
User authenticates. KovaAccess checks your policy (allowed email domain, MFA, etc.)
4️⃣
If approved, request is forwarded to your app with a signed session token. Session expires automatically.
🍯
Gotchas are your secret weapon — fake paths, fake credentials, and canary tokens that look real to attackers but are traps. When someone hits a gotcha, you know immediately they're probing your server. KovaShield logs them, scores them, and seals court-ready evidence automatically. This is what separates KovaShield from every other firewall on the market.
🍯
Total gotcha triggers
🎣
0
Active traps
🧅
Tor nodes caught
⚖️
Evidence packages sealed
🪤 Active Traps
Path / TriggerTypeResponseHitsActive
⚡ Quick Trap Templates
🕵️ Recent Gotcha Triggers
TimeIPPathScore
🧠 Deception Strategy
🔍 Browser Fingerprinting
Beta
Serve a 1-pixel JavaScript snippet to every visitor. Real browsers execute it and pass a fingerprint token. Bots that cannot run JavaScript are detected and scored higher automatically.
Enable fingerprinting above to see the snippet to add to your pages.
API Shield protects your API endpoints specifically — not just your website. APIs are attacked differently: credential stuffing on /login, data scraping on /users, inventory manipulation on /checkout. API Shield learns your endpoints and blocks anything that doesn't look like legitimate API traffic.
API Shield
Protect your API endpoints with schema validation, JWT authentication, and per-endpoint rate limiting.
📋 Endpoint Inventory
0 endpoints
MethodPathAuthRate LimitCalls/dayStatus
Discovering endpoints…
🔐 JWT Validation
🛡️ API Protections
📊 API Traffic
Sites online
0
Sites down
Avg response time
📈
30-day uptime
🌐 Domain Status
live checks every 60s
DomainStatusResponseSSLLast CheckUptime
Checking…
📊 Response Time History
🔔 Alert Rules
📄 Status Page
Coming Soon
A public status page at status.kovashield.com lets your customers check if your services are up — without them having to contact you first.
0 unread
↩️
Page Rules let you redirect URLs, inject headers, rewrite paths, and control caching per URL pattern — without touching your server code. For example: redirect http:// to https://, redirect /old-page to /new-page, add security headers to every response, or force a specific cache TTL on your images.
Rules execute top-to-bottom. First match wins.
Active Rules
0 rules
#Match URLActionValueHitsOn
↩️
No page rules yet
Add a redirect, header injection, or rewrite rule.
⚡ Common Templates
Caching saves copies of your pages and serves them to visitors without hitting your server every time. A cached site can handle 10x more traffic and loads faster for everyone. Static files like images, CSS, and JavaScript can be cached for days — dynamic pages like checkout should not be cached at all.
Cache hit rate
💾
Requests served from cache
🔄
Cache misses (origin hits)
Cache Level
Standard Recommended
Cache static files (images, CSS, JS). Never cache HTML or API responses.
Aggressive
Cache everything possible including HTML. Fastest for static sites.
Bypass
Disable caching entirely. Every request hits your server. Use during development.
Browser Cache TTL
How long browsers keep cached copies. Longer = faster repeat visits, slower to see your updates.
Cache Rules
Performance score
🗜
Bandwidth saved
📦
Files minified
🌍
Avg TTFB
Optimization Settings
Minification
Compression
Images
📊 Performance Tips
Every settings change, login, and rule modification is recorded here.
📋 Activity Log
0 events
TimeActorActionDetailIPResult
Loading audit log…
🩹
Virtual patching blocks exploits targeting known vulnerabilities in your software — before you have time to update. When a CVE drops for WordPress, PHP, Apache, or any framework you use, KovaShield can block the exploit at the network layer within minutes. Your app stays protected even if it's running an unpatched version.
🩹
Virtual Patching
Auto-push WAF rules for new CVEs. Blocks exploits at the network layer before they reach your app.
🎯 Software Inventory
tell us what you run
KovaShield watches CVEs for the software you mark. When a critical CVE drops for something you're running, it auto-deploys a blocking rule within minutes.
⚡ Auto-Push Settings
📋 Active Virtual Patches
0 patches
CVETargetsCVSSRuleExpires
🔑
Account Takeover (ATO) attacks happen when attackers try thousands of username/password combinations until one works. KovaShield detects these attacks by watching login velocity, geographic impossibility (same account from two countries in 5 minutes), and known breached credential lists — then blocks them automatically.
🔑
0
ATO attempts blocked
📧
0
Accounts targeted
🌍
0
Impossible travel detected
📋
0
Credential stuffing attempts
🛡️ Protection Rules
🌍 Protected Login Endpoints
📋 Recent ATO Events
TimeIPTypeTargetAction
🕵️
Threat actor profiles track the most persistent attackers against your server — building a dossier on each one. KovaShield correlates IP addresses, attack patterns, timing, and tooling to identify when the same attacker is coming back under different IPs or with different methods.
Loading profiles…
🏴‍☠️ Known Threat Actors
0 profiles
Actor IDIPs ObservedFirst SeenLast SeenPrimary AttackMITREThreat LevelEvidence
Loading threat actors…
📊 Attack Patterns
🌍 Actor Origins
📡
A public status page lets your customers check if your services are up — without calling you. KovaShield hosts a status page at status.yourdomain.com showing real-time uptime for all your services.
⚙️ Status Page Settings
status.
📣 Incident Management
👁 Preview
live preview
⚖️
Load balancing distributes traffic across multiple servers so no single one gets overwhelmed. If one server goes down, traffic automatically fails over to the others. KovaShield can proxy traffic to multiple origins and health-check each one in real time.
⚖️
Load Balancer
Distribute traffic across multiple origin servers with automatic failover.
🖥️ Origin Servers
AddressWeightHealthRequestsLatency
⚖️
No origins added
Add your server IPs or hostnames to start load balancing traffic across them.
⚙️ Balancing Strategy
Round Robin
Distribute requests evenly across all healthy origins.
Least Connections
Send new requests to the origin with fewest active connections.
IP Hash (Sticky Sessions)
Same visitor always goes to same server. Good for session-based apps.
📊 Traffic Distribution
💡 How It Works
1️⃣
Visitor request arrives at KovaShield
2️⃣
WAF + bot scoring runs on the request
3️⃣
If safe, load balancer picks healthiest origin
4️⃣
Request forwarded, response returned to visitor
📡
SIEM (Security Information and Event Management) tools like Splunk, Elastic, and Datadog collect security events from all your systems in one place. KovaShield can stream your threat events to any SIEM in real time using standard formats — so your security team sees KovaShield events alongside everything else.
🔗 SIEM Connectors
PlatformFormatStatus
SplunkHEC (JSON)Not configured
Elastic / OpenSearchLogstash JSONNot configured
DatadogDD Agent JSONNot configured
Microsoft SentinelCEF (Syslog)Not configured
Generic SyslogRFC 5424Not configured
Custom WebhookJSON POSTNot configured
⚙️ Export Settings
📄 Sample Event (JSON)

            

          

          

            
⬇ Manual Export