Threat404 connects independent servers into one shared defense layer. A single 404 scanner detection anywhere instantly protects every member at the firewall — no agents, no dashboards, just results.
curl -s https://api.threat404.cloud/blocklist \
| xargs -I {} ipset add threat404_v4 "{}" 2>/dev/null
# Blocking 2,478 IPs network-wide
# Last sync: 52s ago
Local script scans logs for 404 probe patterns (wp-admin, .env, backups, exploit paths). No dependencies, no outbound calls until match.
Signed attacker IP posted to central nodes. No origin info leaked. Private IPs rejected automatically.
Members pull blocklist ~every 12 min, apply to ipset + iptables. Dropped at kernel level — zero app impact.
ipset + iptables. Scanners never reach your web server or application — zero overhead on clean traffic.
Apache, Nginx, Caddy, LiteSpeed, Go — anything with standard logs and cron works. No plugins required.
Separate lists and rules for both. Modern bots scan both — Threat404 blocks both.
Just scripts + cron. Optional WP MU-plugin dashboard if you want stats inside WordPress.
Cryptographic signing. No member sees who reported an IP. Loopback/private ranges blocked server-side.
More members = stronger protection for everyone. One detection anywhere benefits the whole collective.
No sales. No credit card. Just instant shared blocking.