There are two main types of cyberattacks: targeted attacks and automated botnet attacks. In the case of a botnet attack, hackers exploit well-known vulnerabilities on hundreds or even thousands of servers and make them “zombie” machines in their botnet. Once infected, they use these zombie machines as part of their botnet to automatically carry out their attacks, infecting and controlling more and more devices. On a vulnerable server, botnets are responsible for 40% of the web traffic on average.
- High load on the server
- Suspicious connections
- Slow websites
THE POWER OF BITNINJA REALTIME IP REPUTATION
The revolutionary power of BitNinja is our database containing information on 70,000,000 IP addresses worldwide. Every server protected by BitNinja receives the latest updates on which IPs are safe and which are malicious. With each new server added, the defense shield grows stronger. If an attack occurs on a server protected by BitNinja and the IP gets blocked, it will be not only blocked on that server but on every BitNinja protected server worldwide. This breakthrough technology is a BitNinja exclusive feature called a Defense Network.
In addition to the power of the global lists generated by our Defense Network, you can also manage your own user-level IP lists by adding single IPs, IP ranges, countries and even ASNs to them.
We also designed an industry-first IP reputation list that goes beyond typical black- and whitelists. Our greylist makes the IP management more flexible and provides a more convenient way to handle false positives, while still blocking potentially malicious requests. Greylisted IPs can be delisted by valid human visitors simply by completing a CAPTCHA or the BitNinja Browser Integrity Check (BIC).
How is it different against other IP Reputation solutions?
The first step of each attack is scanning the victim server to collect information about vulnerabilities. Unfortunately, most server owners don’t realize they can block these scans and stop attacks before they happen. Instead, most IT teams spend their time reacting to attacks, after they occur, cleaning infected files.
Scanning isn’t as apparent as a DoS attack or malware infection, so it is often overlooked when it comes to server security. However, all of these can happen to your server, and are the first signs you are under attack:
- Data leakage
- Hackers can scan your servers
- Connections to open ports
THE POWER OF BITNINJA HONEYPOTS
You can stop your server being scanned by malicious IPs and block hackers by creating an automatic decoy. BitNinja Honeypots trap suspicious connections, so cybercriminals won’t be able to access the valid services on your servers, only the fake ones which are setup to trap them.
The BitNinja Web Honeypot can turn the backdoors used by hackers to access your server through PHP web applications into traps that block them from using the resources on your server. When Command&Control (C&C) servers – that direct botnet attacks – try to access the backdoors on your server, BitNinja will identify and block them.
How is Bitninja different than other Honeypot solutions?
Websites are the main point of weakness for shared servers. Many botnets specifically target and exploit website vulnerabilities to gain control of a server and use it to launch their automated attacks.
Outdated CMS systems (WordPress, Joomla, Drupal, Magento, etc.) make servers more vulnerable to many different kinds of cyberattacks, such as SQL injection, cross-site scripting (XSS), remote and local file injections, and more. Cleaning infected files can quickly become a full-time job for IT teams managing shared servers, overwhelming their support teams with requests.
- INFECTED WORDPRESS, DRUPAL, JOOMLA SITES
- FORUM AND BLOG COMMENT SPAMMING
- WEBSITE DEFACEMENT
- IT TEAM CLEANING INFECTED WEBSITES ON A DAILY BASIS
THE POWER OF THE WAF 2.0
Shared hosting companies have special needs when it comes to server security. With hundreds or thousands of domains hosted on a single server, it can be hard to filter out malicious requests while allowing genuine visitors to connect to your hosted sites.
The most effective way to block website cyberattacks is at the application layer using a Web Application Firewall (WAF). The BitNinja WAF 2.0 operates between visitors’ web browsers and your web server. It’s a very fast reverse proxy which filters all incoming web requests, automatically rejecting any attacks.
The BitNinja WAF 2.0 makes it easy to manage all your firewall settings from one location, and you can also configure the filter level by domain. By using domain-based patterns you can change the strictness level by domain or by URL, blocking malicious traffic and allowing genuine traffic to reach each hosted site. This unique feature is only available with BitNinja and makes life a lot easier when managing shared servers.
To keep you secure from the latest threats, we are constantly patching new kinds of CMS vulnerabilities by adding new WAF rules to the rulesets. We also include automated false positive reporting which allows you to fine-tune the settings if needed, and we guarantee a low false positive rate with the pre-defined rulesets.
How is it different against other WAF solutions?
FULL TRANSPARENT PROXY
The BitNinja WAF 2.0 module is easy-to-use and doesn’t require any pre-configuration or constant intervention.
Malicious botnets often use dictionaries of common names and phrases to find the right username and password combination to hack an account. They systematically check many possible login credentials until they succeed. This type of attack isn’t very elegant and relies on making many trial-and-error attempts to login, that’s why it’s called a brute force attack.
The most popular targets of brute force attacks are email accounts, WordPress/Joomla/Drupal admins, FTP and SSH access. Typically, these malicious botnets use many different IPs to carry out their attacks.
- Hacked FTP, SSH, CMS and email accounts
- A lot of failed login attempts
- User complaints about locked accounts
THE POWER OF THE BITNINJA LOG ANALYSIS
After the BitNinja agent is installed, the Log Analysis module automatically recognizes the most common log files on your server and starts to analyze them in an efficient and resource-friendly way.
This module will immediately block brute force attacks as well as many other attack types including SQL injection, directory traversal, spamming attempts, WordPress user enumeration attack, reflective DDoS via xmlrpc.php, and more.
BitNinja Log Analysis doesn’t require configuration and runs silently in the background, monitoring for malicious IP addresses. When this module detects a malicious IP, it is automatically greylisted by our real-time IP Reputation module. We constantly update our IP rules and continuously monitor log files, ensuring you always have the latest protection on your server.
How is it different against other Log Analysis solutions?
Denial-of-Service (DoS) attacks are the easiest to spot. The purpose of this attack type is to stop a service. Unfortunately, one single device is enough for the attacker to make a website completely inaccessible (e.g. – the Slowloris attack).
When a DoS attack happens: the system slows down, the server load goes up, websites don’t load, and the server can even crash completely. Whilst DoS is most visible on HTTP(S), hackers target other protocols as well, including FTP, SSH, IMAP, POP3, and SMTP.
- High Server Load
- High Memory Usage
- Slow or inaccessible services
THE POWER OF THE BITNINJA DOS DETECTION
BitNinja continuously monitors the number of connections on your server. If too many concurrent connections are detected, BitNinja will automatically add the IP address to the blacklist for 60 seconds to make sure that all the connections are blocked from the attacker IP.
After that, the IP address will be placed in the greylist, so valid users can delist the IP if it is a genuine login. BitNinja DoS Detection also works in conjunction with our AntiFlood module. When there are recurring DoS attempts, the IP will be blacklisted for a longer period of time.
The default threshold (80 active connections at the same time) guarantees a low false positive rate and also effectively blocks DoS attacks. This threshold can be configured on each port, and for inbound and outbound connections as well.
The BitNinja CAPTCHA page is also protected against DoS attacks and requires minimal resources for running the CAPTCHA service.
How is it different against other DOS DETECTION solutions?
One way that cybercriminals can access a server is by using a backdoor. Once they install it, a backdoor allows hackers to bypass typical security measures and access the victim’s server whenever they want. Even if the initial security threat is stopped, the hacker can use the backdoor to control the server without having to start the attack cycle again.
Backdoors are often used for targeted web attacks, including backdoors which are installed on WordPress sites.
Once a hacker has control over your server through a backdoor, they will make it part of their botnet and begin using your server resources to carry out attacks on other devices. This not only takes resources from your server functions; it also puts your server at risk of being blacklisted as a malicious IP.
- Server gets blacklisted
- Outgoing spam
- Google alerts (phishing/malware content) on websites
- Outbound attacks
- Suspicious files on the server
- High resource usage
THE POWER OF BITNINJA MALWARE DETECTION
Backdoors are typically installed as malware and provide access to the server, so the attacker can use the server’s resources. It’s essential to block and remove the infected malware file as soon as possible to prevent the hacker from creating other backdoors in the system.
Hackers’ techniques are constantly evolving, and they have been deploying malware which is obfuscated as normal system files. Traditional malware detecting methods are ineffective against these new threats. That’s why we invented a new resource-friendly approach which can detect any obfuscated malware upload attempt while providing a very low false positive rate. The unique technology behind our Malware Detection module is patent pending.
The BitNinja Malware Detection module detects infected files and goes a step further, placing them in quarantine to prevent any further damage to your server.
How is it different against other Malware Detection solutions?