Intrusion Detection & Prevention System

Botshield is a host-based "Intrusion-Detection-and-Prevention System". The free-of-charge security software includes many components which are an effective weapon against all kinds of abusive attacks if put together on a Windows Internetserver. It protects your system against intruders, spys, brute force attacks and many more.


The softwares clearly arranged user interface allows both, a rapid configuration and control of each function, and also a detailed overview about all the recorded events within any chosen period of time.


The basic secure function is Botshields background Windows service application. It passively scans the networks traffic and therefore nearly not burdens your system while operating.
Botshield gets active when a direct threat occurs – which can lead from detection to direct blockage via Windows Firewall – depending on how serious the threat is.




Portshield is the core feature of this software. It includes algorithms to detect failed logins and brute force attacks on heavily used, security-critical Server-Services such as

  • Remote Desktop (RDP)
  • Webserver (HTTP/HTTPS)
  • Fileserver (FTP)
  • Email-services (POP3,IMAP, SMTP)
  • MySQL databases


Especially RDP-Port 3389 seems to be appealing to hackers and attackers. Every day thousands of failed-login attempts are performed on Servers world wide.

Those attacks heavily burden the systems ressources.
Thats why Botshield is designed to individually configure the quantity of failed Login occurrences that lead to blockage of affected IPs – as long as you want – for every Port you want.




Threadshield is particularly protecting the HTTP/HTTPS port, which is- through the plurality of services and web-applications connected to it- at a high risk for so called "exploits" performed by abusive programmes. Programmes like these are developed by hackers to systematically attack weak spots on webservices and scripts used by vulnerable ports. Botshield detects many often used scanners such as Hacktool.DFind, which can be seen searching weak spots on your server on a daily base.



Botshield enables you to add trusted IPs to a so called Whitelist, which prevents them from being missinterpreted as attackers – and being blocked.


Notably useful:
The software also supports hostnames and dynamic IP addresses so even changing internet connections are not problematic to the safety functions!



Every day multiple variations of aggressive crawlers, spiders and bots try to scan websites for weakspots and vulnerable gateways.
Most of them are designed to gain control over systems without being noticed - to abuse or spy on them for their own purposes, ignoring the terms of robots.txt.

Botshield already recognizes about 400 of these unwanted "agents" and prevents them from abusing or burdening your system.

Our botlist is updated on a regular base and can be supplemented by your own entrys at any time.

Screenshot Gobal Blacklist



Botshields hourly updated global IP Blacklist contains thousands of potentially threatening IP Addresses.

Often these IPs are part of huge and world wide operating botnets, which try to scan servers for weak spots and abuse them for their own purposes on a daily base.
The Blacklist is fed through multiple trusted anti-spam databases and supplemented by Botshields own Honeypot-network.
Screenshot Gobal Blacklist

Further you can add own entrys to your personal blacklist to individual block unwanted IPs – for every amount of time you want.




Botshields file sensor recognizes changes within any directory of your file system. You can configure your user experience by adding individual filters at any point of use.

If, for example, files are manipulated or added to your homepage directory, Botshield will immediately alert you via email and report - regarding all filter-rules defined by you.

This effectively guards your system against any threat through undetected addition or manipulation of files and scripts – another potential weakspot less!


Botshields monitoring protocol allows you to supervise any activities performed on your system in detail – at first sight.
If suspicious behaviour occurs, Botshield not only logs the attackers IP address, but also date and type of the detection.

Further you can comfortable add hostile IPs to a local blacklist directly from the monitoring protocol.

Protocolled incidents cannot only be seen as preview directly within the software:
BotShield also once per a day sends your personal report via email if desired – the time of delivery can be configured freely.

This makes monitoring easy, archivable and comfortable in the most efficient way possible.

Freeware for Windows Server 2008/2012/2016
and Windows 7/8/10 (if used as Server)