Sales & Support: 617-819-5877


How Do Hackers Attack My Business?

Hackers have a multi-pronged approach to attacking American businesses and agencies. Most attacks are random, usually on your website or in the form of spam / phishing and attacks looking for vulnerabilities. When one is found, it is exploited.

Website & Email attacks include:

  • Thousands of WP-Admin logins per hour
  • SQL Injections
  • Form and Comment spam
  • Direct File Inclusions (malware/viruses)
  • Denial-of-Service Attacks
  • Email Bombing
  • Phishing

Meanwhile, your public-facing servers are dealing with the same 'noise' attacks, while dealing with Windows-specific attacks such as Exchange Server exploits from Ransomware-as-a-Service (RaaS), Eavesdropping, Network Denial-of-Service Attacks, Spoofing, RTP Relays, Spim Attacks, Viruses & Worms, and so on, and so on.

These attacks result in slow networks, websites and email delivery; affecting productivity, increasing IT costs, and in worse cases, ransomware nightmares.


What If I Need an IP Unblocked?

If you find that your firewalls are blocking a legitimate IP address, you can report it to us on our website, or contact our offices. Unblock requests are processed as soon as received, to ensure fast resolution of your issue. Once removed from our Blocklist, all computers running Hacker Blocker will remove the IP from their firewalls within an hour, or you can manually update the Rules in the Hacker Blocker popup window.

How Does Hacker Blocker Update Linux Machines?

We use secure FTP (sFTP) connections to your Linux/Unix machines to update your 'deny' files every hour from our live Blocklist. For web servers, this is usually through 3rd-party plugins such as CSF for WHM. When you signup for our service, you'll be asked for sFTP credentials, as well as the path to your deny files.

Does Hacker Blocker Affect Performance?

Hacker Blocker has varying effects on performance, depending on the role of the machine it's installed on. For public-facing servers, Hacker Blocker increases performance substantially, as the server has much less to deal with and can focus on real processes. On PCs and Laptops on private networks, Hacker Blocker has little effect on performance unless it is under attack.

attack chart

What Does Hacker Blocker Do To My Computer?

Hacker Blocker installs a Service on your Windows machine that communicates with our secure servers and aquires our latest Blocklist. It then parses this list into Rules in your Windows Firewall. Hacker Blocker then updates your Firewall Rules every hour, as we constantly add and remove entries.

How Do Licenses Work?

Hacker Blocker for Windows Licensing

Windows PC -  Single user license is for one Activation on a single device. You can move an Activation from one device to another 3 times, called 'Deactivations' per license. If you need more Deactivations, you can request them in your Customer License Portal or call support.

Windows Server edition - Licenses are assigned to a physical OSE of Windows Server for up to 25 users or virtual OSEs, with two activations assigned. For Enterprise and Datacenter editions with more than 25 OSEs, contact our Volume License department.

Volume Licenses can be ordered by calling our sales department at (617) 819-5877. We can also customize your license options for easy tracking and deactivations of licenses on individual machines:

Volume Server License

Volume License with two device Activations

For Windows Server, Activation codes for physical OSE, calculated by number of users or virtual OSEs (VMs).

As low as $8 per user / mo
Buy now

Mulitple Device License

Multiple Devices with Single Activation

For multiple PCs, assigns a single license and Activation code to each device, for those who need more control over Deactivations.

As low as $25 per device / mo
Buy now

Volume & Device License

Combination License

Manage all your Volume Server & device license activations from your Customer License Portal.

Call for custom pricing.

Our Customer License Portal allows Customers to organize and control license options easily, and we can help customize your Portal for easy management.

email: This email address is being protected from spambots. You need JavaScript enabled to view it. or call (617) 819-5877 to speak to a licensing specialist.

Linux / Unix / WHM

For Linux machines, we use Secure FTP (sFTP) connections to upload our Blocklist to your CSF path every 15 minutes, in whichever format needed i.e.: csf.deny. We offer paid subscriptions through our website here.

How Does Hacker Blocker Protect From Ransomware?

Ransomware attacks vary in their techniques, from simple phishing and malware infections to sophisticated proxy-shell flaw exploits. Hacker Blocker adds blockades to Ransomware at multiple stages:

  1. We research and block IP addresses and CIDRs used by Ransomware actors, including known RaaS (Ransomware as a Service) organizations such as BlackByte, which attacked the San Francisco 49ers on Superbowl Sunday, 2/13/2022
  2. We block IPs used by email servers that spread malware and phishing emails, substantially reducing the amount of spam and phishing emails
  3. We block IPs used by malware programs to communicate with their servers, stopping their ability to do their dirty work
  4. We recommend adding roles such as Anti-Ransomware FSRM to your servers, and educating staff to avoid phishing schemes

Exchange Servers using Hacker Blocker see immediate decreases in spam and phishing emails, increasing overall performance.


What improvements are being made to Hacker Blocker?

Hacker Blocker has made significant improvements since it was created in 2019. Our first release simply updated the Windows firewall rules. Our new version also does auto IP removal, if it detects you're on a blocked IP. This avoids any issues with 'blocking yourself' if you happen to be on a VPN in our block list.

Other improvements include better license options, more coverage and of course, an ever-growing block list that keeps our clients safe from hackers 24/7/365.

Wait, but IP's shift hands all the time! How do you keep up?

Most IPs in the Blocklist are CIDRs of compromised hosting servers overseas. These servers are easily compromised and have been for years, making them a 'hub' for malicious activity. American IPs used by residences and businesses are almost never blocked because they rarely meet the history criteria, we have a strict blocking criteria. Out of the billions of IPs we block, only a handful are American residential or commercial IPs; and those have been reported hundreds or thousands of times on reporting sites.

With thousands of CIDRs in our Blocklist, we don't have to play Wac-a-Mole games blocking individual IPs - and blocking these CIDRs do nothing to legitimate traffic.

What Is "The Blocklist"?

The Hacker Blocker Blocklist has been compiled since 2016, and includes IP addresses & CIDRs of reported cyber-attacks from around the world. Our process is both reactive and proactive, as we collect attack reports from our customers as they happen, and from outside agencies before they happen to our customers.

  1. As attacks happen to our clients, we collect the IP address and research its origin
  2. Using our Whois tools, we find the CIDR of the IP. This can range from one to a million IPs on a single CIDR
  3. The CIDR is added to our own live firewalls, if it matches our criteria
  4. Our updated Blocklist is generated from our live firewall lists every 15 minutes

We only block the CIDR if it matches certain criteria:

  • Small Network with multiple attack reports
  • Large network from countries unfriendly to the USA (i.e.: Russia)
  • Not a University or Medical Institution

Is This Like Fail2Ban?

We're asked by many sysadmins, "wait, isn't this just Fail2Ban with extra steps"?

No. Hacker Blocker is entirely different from Fail2Ban; it is an organically-curated list of known attacker IPs, consolidated into CIDRs when possible. These aren't like grandma's laptop being hijacked - these are web servers that have been compromised for years, and continue to attack millions of business and government servers every day. Fail2Ban will protect you against attacks on your server and network - Hacker Blocker protects all users from a single attack on one user. The more they attack us, the more powerful we become.