LIVE

This Linux server fights back.

Name: Inner Warden
Author: Inner Warden

Every event below is a real attack on a real production server, decided in milliseconds by an agent running inside the box. No SOC. No alerts in your inbox. No cloud watching your data. One Rust binary, awake while you sleep.

130.162.171.105production · public IP · no WAF · no human in the loop

Attackers stopped (7d)

Decisions today

Humans paged

Put this on your server in under a minute

curl -fsSL https://www.innerwarden.com/install | sudo bash

Source on GitHub·Apache-2.0·Linux · Rust · eBPF

Attack origins

Server

Active (24h)

Quiet (7d)

Inner Warden Bot

Autonomous security agent · 49 detectors · 40 eBPF hooks

online

Quiet on the wire. The agent is awake; nothing has tripped a detector in this window.

Punch the server. See if it punches back.

Pick an attack. Run it. Within 5 seconds you should see your IP land on the map, get a verdict in the feed, and (if you push hard enough) end up in AbuseIPDB.

Open a Terminal on your computer (Linux/macOS: Ctrl+Alt+T or just "Terminal". Windows: search "PowerShell"). Paste a script, press Enter, scroll up and watch the agent decide what to do with you.

1. SSH brute-force run

Ten common usernames in a tight loop. Triggers ssh_bruteforce + sliding-window detector. Expect: block decision within ~2 seconds, IP added to the kernel-side blocklist via XDP.

for user in admin root test deploy postgres mysql nginx www backup oracle; do
ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no -o PubkeyAuthentication=no $user@130.162.171.105 2>/dev/null
done

2. Credential stuffing

Twenty distinct usernames from one IP. Different shape than brute-force; trips credential_stuffing + the distinct-user-per-IP detector. Expect: a different verdict line and threat-DNA fingerprint.

for i in $(seq 1 20); do
ssh -o ConnectTimeout=1 -o PubkeyAuthentication=no user$i@130.162.171.105 2>/dev/null
done

3. Single probe (just to see yourself)

One handshake, one rejected auth. The lowest-impact way to put your IP on the map and prove the pipeline works end-to-end.

ssh -o ConnectTimeout=2 -o PubkeyAuthentication=no test@130.162.171.105

These commands are safe to run from your machine. They only generate failed SSH auth attempts; nothing gets installed, nothing gets modified locally. Works on Linux, macOS, and Windows (PowerShell).

Live production server. One real Linux box on a public IP, defended only by Inner Warden. No WAF, no managed firewall, no human watching. Volumetric pressure trips an auto-failover to Cloudflare at the edge. Confirmed attackers get reported to AbuseIPDB and broadcast to the InnerWarden mesh in real time.

Go ahead. Try it. The agent covers 49 detectors across SSH brute-force, credential stuffing, port scanning, container escape, reverse shell, fileless payloads, ransomware, kernel rootkits, DNS tunneling, and more. Your IP gets fingerprinted (Threat DNA), correlated against the past week of activity, and may be temporarily blocked while you test. We unblock honest curiosity on request.

Put this on your server.

One command. eBPF sensor + AI agent + local dashboard. Starts in dry-run; nothing on your host changes until you flip the switch. No telemetry, no cloud control plane, no API key required.

curl -fsSL https://www.innerwarden.com/install | sudo bash

Star on GitHub How it defends

Apache-2.0·Linux · Rust·Self-hosted·No telemetry