HackerSpray – Block Brute force and DOS attacks

HackerSprayLogoHackerSpray is a .NET library to defend websites and web APIs against brute force and Denial-of-Service attacks. It comes as .NET 4 and .NET Core library. You can use it to protect ASP.NET Webforms, MVC, WebAPI anything that runs on a webserver. You can also use it in a non-web application context, for instance a chat server, where you want to prevent too many executions of certain transactions or you want to block hits from certain IPs.


  • Protect login, registration, password reset pages againstbrute force and DOS attacks.
  • Block users from performing any action too many times.
  • Prevent too many hits from any IP or IP Range.
  • Blacklist/Whitelist specific IP, IP range, username, URLs, transactions for a period.

An example scenario is a Bank Login page, where brute force password attempts on user accounts and DOS attack on Login page are a regular event. Using this library, you can protect login page from brute force attacks, blocking too many usernames from certain IPs, or too many hits from a range of IP trying to do DOS attack, or even simple 3 invalid login attempts per username, per 15 mins, across all webservers.

This high performance, lightweight library protects you from hitting the database too many times on pages or APIs that are target for attacks, thus lowering web server and database CPU, increasing the scalability of the overall application.