4,000+ Attacks blocked daily
< 1ms Kernel-level block time
2,700+ Known bad IPs pre-loaded
9 Attack patterns detected

The Reality

You sealed your ports. You're behind Cloudflare.
You're still getting hit 4,000 times a day.

Modern attackers don't care about your firewall rules. They probe every port, rotate IPs, hammer SSH with botnets and fingerprint your stack looking for anything you missed. Standard defenses were built for a different era.

Chéng was built for this era.

While your firewall checks rules, Chéng watches behavior. The moment an attacker reveals their pattern, they're blocked. Under 1ms. Persisted. You get a Telegram card. They don't get a second chance.

Capabilities

Everything your server needs to stay standing

Chéng runs three dedicated threads — packet capture, pattern detection and auto-blocking — so your server never slows down while staying protected.

Kernel-Level Blocking

nftables rules block attackers at the Linux kernel before packets reach your applications. Zero overhead, maximum speed.

🧠

9-Pattern Detection Engine

Detects and blocks port scan, brute force, ddos, c2 beacon, wan probe, 404 bot, dns amp, multicast flood and wp bot — automatically.

🗺️

Live Threat Map

Watch attacks light up on a world map as they happen. GeoIP data shows exactly where every attacker is coming from.

📱

Telegram Alerts

Instant attack notifications with IP, country, attack pattern, port, GPS coordinates and a Google Maps link — right to your phone.

🛡️

2,700+ IP Blocklist

Pre-loaded ipsum blocklist stops known bad actors before they even knock. Updated automatically.

🔄

Self-Healing Services

Built-in site monitor watches all your services. Detects failures and auto-restarts individual services without cascading restarts.

How Chéng protects your server

01

Packet Capture

libpcap monitors your network interface in real time, capturing every inbound packet before it reaches userspace.

02

Pattern Detection

9 attack signatures detected and neutralized at the kernel level — before threats ever reach your applications.

03

Instant Block

Confirmed attackers are immediately added to nftables. The block persists across reboots and is logged with full GeoIP data.

04

You Get Notified

A Telegram card arrives with the attacker's full profile — country, coordinates, attack pattern, targeted port and Maps link.

# Live threat notifications — straight to your phone 🚫 Auto-blocked 🌐 IP: 37.19.221.201 ⚔️ Pattern: BRUTE FORCE 🌍 Country: United States 🔌 Port: 22 📍 37.751°N -97.822°E ⏱️ Block time: < 1msPersisted to firewall 🚫 Auto-blocked 🌐 IP: 149.88.23.103 ⚔️ Pattern: PORT SCAN 🌍 Country: China 🔌 Ports: 22, 80, 443, 3389 📍 39.928°N 116.388°E ⏱️ Block time: < 1msPersisted to firewall 🚫 Auto-blocked 🌐 IP: 185.220.101.47 ⚔️ Pattern: DDoS 🌍 Country: Russia 🔌 Port: 443 📍 55.752°N 37.616°E ⏱️ Block time: < 1msPersisted to firewall

In Action

See Chéng defend a live server

Watch the pattern engine detect and block a real DDoS attack as it unfolds — live threat map, Telegram notifications and all.

vs The Competition

Why Chéng beats what you're already using

Fail2ban reads logs. CrowdSec checks a community list. Chéng watches packets at the kernel level — before anything touches your stack.

FEATURE 誠 CHÉNG Fail2ban CrowdSec CSF Firewall
Detection method Packet-level behavior Log file scanning Log + community list Log + iptables rules
Block speed < 1ms kernel-level Seconds (log delay) Seconds (log delay) Seconds (log delay)
DDoS detection ✦ Real-time ✕ Limited ~ Via scenarios ~ Flood protection
C2 beacon detection ✦ Yes ✕ No ✕ No ✕ No
Live threat map ✦ Yes ✕ No ~ Dashboard only ✕ No
Telegram alerts ✦ Yes — per attack ✕ No ✕ No ✕ No
GeoIP + coordinates ✦ Full GPS data ✕ No ~ Country only ~ Country block
Self-healing services ✦ Yes ✕ No ✕ No ✕ No
Pre-loaded blocklist ✦ 2,700+ IPs ✕ No ✦ Community list ✕ No
Starting price $15/mo Free Free / $29+/mo dashboard Free

Fail2ban and CrowdSec are free open-source tools. Chéng is purpose-built for operators who need real-time visibility and don't want to piece together their own stack.

Plans

Simple, honest pricing

Every plan includes real-time blocking, Telegram alerts and the live threat map. No hidden fees.

Guardian

$15

per month

  • Kernel-level nftables blocking
  • DDoS & brute force detection
  • Port scan & WAN probe detection
  • Telegram attack notifications
  • Live threat map
  • 2,700+ IP blocklist
  • 1 server
Get Started

Fortress

$99

per month

  • Everything in Sentinel
  • Grok AI threat analysis
  • IPv6 full blocking support
  • Country-level one-click block
  • Windows port (when available)
  • Priority support
  • Unlimited servers
Get Started

Questions

Frequently asked questions

What is Chéng Network Guardian?
Chéng is a real-time network security application for Linux servers that auto-blocks DDoS attacks, brute force attempts, port scans and WAN probes at the kernel level using nftables. It includes a live threat map, GeoIP tracking and instant Telegram notifications.
How does Chéng block attacks?
Chéng uses libpcap to capture packets on your network interface and runs a pattern detection engine across three dedicated threads. Detected attackers are immediately blocked via nftables kernel-level rules that persist across reboots.
Will Chéng slow down my server?
No. Chéng runs on three dedicated threads completely separate from your applications. Blocking happens at the kernel level via nftables so blocked traffic never reaches userspace at all.
What Linux distributions does Chéng support?
Chéng currently supports Ubuntu 24.04 LTS and other nftables-compatible Linux distributions. Windows support is on the roadmap.
Does Chéng send alerts?
Yes. Every auto-blocked IP triggers an instant Telegram notification with the attacker's country, attack pattern, targeted port, GPS coordinates and a Google Maps link.

Be first through the gate

Chéng is in active development. Join the waitlist for early access, launch pricing and updates.

Joining waitlist...