BlackRed is a dynamic blacklisting library using Redis as a fast and reliable storage backend.

How does it work?

Example: A user tries to log on a system and fails because of bad credentials or an inactivated account. This failure can be recorded with BlackRed. After three failures within a certain time the account gets locked for an extended period of time. This limits brute force attacks. All time periods are configurable.

In a desktop application you would record the username in question with BlackRed. In a web environment, the requester’s IP address would be the perfect.

In the redis database, two lists are kept: A watchlist that records the failures, and the blacklist that contains blocked items.


BlackRed runs only under Python 3.3, 3.4, 3.5 and PyPy3. There’s no support for Python 2.

The only thing BlackRed needs is the redis package >= 2.10.

Jump Start

Installation can be done with pip install blackred. Usage is as easy, here an example for a simple user login:

import blackred

def login(username, password, request_ip):
    br = blackred.BlackRed()
    if br.is_blocked(request_ip):
        return False
    if not authenticate(username, password):
        return False
    return True

More examples: Example Usage.

Indices and tables