Easy setup

Enjoy immediate protection on your server. BitNinja is designed to install and work with as little human interaction as possible. Run one line of code and your server is protected from 99% of attacks.

All-in-one protection

BitNinja combines the most powerful server security software in one easy-to-use protection suite. You get full-stack protection against XSS, DDoS, malware, scans, script injection, enumeration, brute force and other automated attacks – on all major protocols, not only HTTP.

Machine learning

Servers protected by BitNinja learn from each attack and inform each other about malicious IPs. This result is a global defense network that counteracts botnet attacks with a shield of protection for all servers running BitNinja, while also reducing the number of false positives each server encounters.

— JoneSolutions.Com is a registered partner of BitNinja.io

BitNinja Pro Security License
( Unlimited Users )

$2000monthly
  • Free Setup and Installation

Features

There are two main types of cyberattacks: targeted attacks and automated botnet attacks. In the case of a botnet attack, hackers exploit well-known vulnerabilities on hundreds or even thousands of servers and make them “zombie” machines in their botnet. Once infected, they use these zombie machines as part of their botnet to automatically carry out their attacks, infecting and controlling more and more devices. On a vulnerable server, botnets are responsible for 40% of the web traffic on average.

Symptoms

  • High load on the server
  • Suspicious connections
  • Slow websites
 

THE POWER OF BITNINJA REALTIME IP REPUTATION

The revolutionary power of BitNinja is our database containing information on 70,000,000 IP addresses worldwide. Every server protected by BitNinja receives the latest updates on which IPs are safe and which are malicious. With each new server added, the defense shield grows stronger. If an attack occurs on a server protected by BitNinja and the IP gets blocked, it will be not only blocked on that server but on every BitNinja protected server worldwide. This breakthrough technology is a BitNinja exclusive feature called a Defense Network.

In addition to the power of the global lists generated by our Defense Network, you can also manage your own user-level IP lists by adding single IPs, IP ranges, countries and even ASNs to them.

We also designed an industry-first IP reputation list that goes beyond typical black- and whitelists. Our greylist makes the IP management more flexible and provides a more convenient way to handle false positives, while still blocking potentially malicious requests. Greylisted IPs can be delisted by valid human visitors simply by completing a CAPTCHA or the BitNinja Browser Integrity Check (BIC).

How is it different against other IP Reputation solutions?

CONTINUOUS UPDATES
Our IP Reputation list is continuously updated. When any BitNinja protected server is attacked, the malicious IP is immediately added to our blacklist.

DEFENSE NETWORK
The Power of the Ninja Community is a global network of BitNinja protected servers sharing information about the latest attacks. With every new server, our Defense Network grows stronger.

GREYLIST
Instead of immediately blacklisting a malicious IP, we invented a new technology called a greylist. This blocks suspicious activity while still making it easy for people to validate genuine requests.

USER AND GLOBAL LEVEL
The global grey-, black- and whitelists are shared on all BitNinja protected servers. In addition, you can manage your own user-level lists for all of your servers in one place.

The first step of each attack is scanning the victim server to collect information about vulnerabilities. Unfortunately, most server owners don’t realize they can block these scans and stop attacks before they happen. Instead, most IT teams spend their time reacting to attacks, after they occur, cleaning infected files.

Scanning isn’t as apparent as a DoS attack or malware infection, so it is often overlooked when it comes to server security. However, all of these can happen to your server, and are the first signs you are under attack:

Symptoms

  • Data leakage
  • Hackers can scan your servers
  • Connections to open ports
 

THE POWER OF BITNINJA HONEYPOTS

You can stop your server being scanned by malicious IPs and block hackers by creating an automatic decoy. BitNinja Honeypots trap suspicious connections, so cybercriminals won’t be able to access the valid services on your servers, only the fake ones which are setup to trap them.

The BitNinja Web Honeypot can turn the backdoors used by hackers to access your server through PHP web applications into traps that block them from using the resources on your server. When Command&Control (C&C) servers – that direct botnet attacks – try to access the backdoors on your server, BitNinja will identify and block them.

How is Bitninja different than other Honeypot solutions?

WEB AND PORT HONEYPOTS
We provide two kinds of Honeypots: Port Honeypot to block IPs which scan for open ports and Web Honeypot to stop hackers from scanning web application vulnerabilities.

100% COMPATIBLE
Our Honeypots don’t interfere with any services running on your server. Honeypots are only setup on ports where the real service is not running.

AUTOMATIC BLOCKING
BitNinja Honeypots not only collect information about suspicious IPs, but also automatically blocks them to prevent further attacks.

ZERO CONFIG
100 honeypots are setup by default to capture most attacks. BitNinja will also turn backdoors it discovers into honeypots automatically.

Websites are the main point of weakness for shared servers. Many botnets specifically target and exploit website vulnerabilities to gain control of a server and use it to launch their automated attacks. 

Outdated CMS systems (WordPress, Joomla, Drupal, Magento, etc.) make servers more vulnerable to many different kinds of cyberattacks, such as SQL injection, cross-site scripting (XSS), remote and local file injections, and more. Cleaning infected files can quickly become a full-time job for IT teams managing shared servers, overwhelming their support teams with requests.

Symptoms

  • INFECTED WORDPRESS, DRUPAL, JOOMLA SITES
  • FORUM AND BLOG COMMENT SPAMMING
  • WEBSITE DEFACEMENT
  • IT TEAM CLEANING INFECTED WEBSITES ON A DAILY BASIS

 

THE POWER OF THE WAF 2.0

Shared hosting companies have special needs when it comes to server security. With hundreds or thousands of domains hosted on a single server, it can be hard to filter out malicious requests while allowing genuine visitors to connect to your hosted sites. 

The most effective way to block website cyberattacks is at the application layer using a Web Application Firewall (WAF). The BitNinja WAF 2.0 operates between visitors’ web browsers and your web server. It’s a very fast reverse proxy which filters all incoming web requests, automatically rejecting any attacks.

The BitNinja WAF 2.0 makes it easy to manage all your firewall settings from one location, and you can also configure the filter level by domain. By using domain-based patterns you can change the strictness level by domain or by URL, blocking malicious traffic and allowing genuine traffic to reach each hosted site. This unique feature is only available with BitNinja and makes life a lot easier when managing shared servers.

To keep you secure from the latest threats, we are constantly patching new kinds of CMS vulnerabilities by adding new WAF rules to the rulesets. We also include automated false positive reporting which allows you to fine-tune the settings if needed, and we guarantee a low false positive rate with the pre-defined rulesets.

How is it different against other WAF solutions?

DOMAIN PATTERNS
Besides the server-based settings, you can set the filtration level and the strictness for each domain.

CONSTANT PATCHES
We are constantly creating new WAF rules to patch the different kinds of zero-day CMS vulnerabilities.

FULL TRANSPARENT PROXY
The BitNinja WAF 2.0 module is easy-to-use and doesn’t require any pre-configuration or constant intervention.

LOW-FALSE POSITIVES
The pre-defined ruleset ensures a very low false positive rate. False positive statistics are available for each domain pattern.

Malicious botnets often use dictionaries of common names and phrases to find the right username and password combination to hack an account. They systematically check many possible login credentials until they succeed. This type of attack isn’t very elegant and relies on making many trial-and-error attempts to login, that’s why it’s called a brute force attack.

The most popular targets of brute force attacks are email accounts, WordPress/Joomla/Drupal admins, FTP and SSH access. Typically, these malicious botnets use many different IPs to carry out their attacks.

Symptoms

  • Hacked FTP, SSH, CMS and email accounts
  • A lot of failed login attempts
  • User complaints about locked accounts

 

THE POWER OF THE BITNINJA LOG ANALYSIS

After the BitNinja agent is installed, the Log Analysis module automatically recognizes the most common log files on your server and starts to analyze them in an efficient and resource-friendly way.

This module will immediately block brute force attacks as well as many other attack types including SQL injection, directory traversal, spamming attempts, WordPress user enumeration attack, reflective DDoS via xmlrpc.php, and more.

BitNinja Log Analysis doesn’t require configuration and runs silently in the background, monitoring for malicious IP addresses. When this module detects a malicious IP, it is automatically greylisted by our real-time IP Reputation module. We constantly update our IP rules and continuously monitor log files, ensuring you always have the latest protection on your server.

How is it different against other Log Analysis solutions?

ZERO CONFIG
BitNinja Log Analysis starts automatically without any configuration required. Of course, you can configure the supervisors and log paths as you like.

RESOURCE-FRIENDLY
We use the most effective technologies (Auditd, Aho-Corasick algorithm) for checking the log file changes and pattern matching.

LOW FALSE-POSITIVE RATE
All incidents generated by the newly added rules will be applied in test mode first. Then, we carefully analyze them to ensure a low false positive rate.

FREQUENT RULE UPDATES
New log files and rule types are constantly added to our Log Analysis module for auto-detecting.

Denial-of-Service (DoS) attacks are the easiest to spot. The purpose of this attack type is to stop a service. Unfortunately, one single device is enough for the attacker to make a website completely inaccessible (e.g. – the Slowloris attack).

When a DoS attack happens: the system slows down, the server load goes up, websites don’t load, and the server can even crash completely. Whilst DoS is most visible on HTTP(S), hackers target other protocols as well, including FTP, SSH, IMAP, POP3, and SMTP.

Symptoms

  • High Server Load
  • High Memory Usage
  • Slow or inaccessible services

 

THE POWER OF THE BITNINJA DOS DETECTION

BitNinja continuously monitors the number of connections on your server. If too many concurrent connections are detected, BitNinja will automatically add the IP address to the blacklist for 60 seconds to make sure that all the connections are blocked from the attacker IP. 

After that, the IP address will be placed in the greylistso valid users can delist the IP if it is a genuine login. BitNinja DoS Detection also works in conjunction with our AntiFlood module. When there are recurring DoS attempts, the IP will be blacklisted for a longer period of time.

The default threshold (80 active connections at the same time) guarantees a low false positive rate and also effectively blocks DoS attacks. This threshold can be configured on each port, and for inbound and outbound connections as well.

The BitNinja CAPTCHA page is also protected against DoS attacks and requires minimal resources for running the CAPTCHA service.

How is it different against other DOS DETECTION solutions?

CUSTOM TRESHOLDS
By default, IP addresses are blocked above 80 active connections at the same time. This threshold can be configured for each port.

BLOCK OUTBOUND DOS
BitNinja DoS Detection module blocks not only inbound attack attempts, but also outbound DoS.

PROTECTION ON SEVERAL PROTOCOLS
Beyond simply blocking HTTPS attacks, BitNinja blocks FTP, POP3, IMAP and any other TCP-based DoS attack.

LOW FALSE POSITIVE RAT
Our default thresholds and greylist provide the perfect balance between a low false positive rate and maximum protection.

One way that cybercriminals can access a server is by using a backdoor. Once they install it, a backdoor allows hackers to bypass typical security measures and access the victim’s server whenever they want. Even if the initial security threat is stopped, the hacker can use the backdoor to control the server without having to start the attack cycle again.  

Backdoors are often used for targeted web attacks, including backdoors which are installed on WordPress sites. 

Once a hacker has control over your server through a backdoor, they will make it part of their botnet and begin using your server resources to carry out attacks on other devices. This not only takes resources from your server functions; it also puts your server at risk of being blacklisted as a malicious IP.

Symptoms

  • Server gets blacklisted
  • Outgoing spam
  • Google alerts (phishing/malware content) on websites
  • Outbound attacks
  • Suspicious files on the server
  • High resource usage

THE POWER OF BITNINJA MALWARE DETECTION

Backdoors are typically installed as malware and provide access to the server, so the attacker can use the server’s resources. It’s essential to block and remove the infected malware file as soon as possible to prevent the hacker from creating other backdoors in the system. 

Hackers’ techniques are constantly evolving, and they have been deploying malware which is obfuscated as normal system files. Traditional malware detecting methods are ineffective against these new threats. That’s why we invented a new resource-friendly approach which can detect any obfuscated malware upload attempt while providing a very low false positive rate. The unique technology behind our Malware Detection module is patent pending.

The BitNinja Malware Detection module detects infected files and goes a step further, placing them in quarantine to prevent any further damage to your server. 

How is it different against other Malware Detection solutions?

STRUCTURE ANALYSIS
The BitNinja Malware Detection module combines the most advanced techniques for analysis. Our industry-first approach to malware detection is patent pending. (Read our FAQ to learn more.)

OBFUSCATED CODE DETECTION
The latest threat to server security is obfuscated malware. Traditional malware detection can’t find these infected files. BitNinja will read the code structure and even deobfuscate the code to find hidden malware.

RESOURCE-FRIENDLY
BitNinja uses two-level caching: it stores the results of the malware analysis in memory and a database cache. We also use the latest techniques to reduce resource usage: Auditd file monitoring and Aho-Corascik algorithms.

QUICK FULL SCAN
When a new pattern is added to the Malware Detection module, the full scan can run incredibly fast without reading all the files again. This reduces resources and locates emerging threats quickly.

DEFENSE ROBOT
Detecting and removing malware from the server is often not enough. Unlike other solutions, the BitNinja Defense Robot will automatically find the source of the infection. The attacker IP will be blocked, and the abused domain/URI will be automatically “honeypotified”.

AUTO-HONEYPOT SYSTEM
The “honeypotify” function will automatically create a honeypot that captures any attacks. Replacing the backdoor with a web honeypot is an effective way to catch attackers who are searching for vulnerabilities on your servers.

CROWD-SOURCED MALWARE DATABASE
There is power in numbers! One of the biggest benefits of the BitNinja Malware Detection module is our malware database powered by thousands of BitNinja protected servers. This enables us to protect all the servers running BitNinja against zero-day attacks much earlier.

CUSTOM MALWARE SIGNATURES
You can add custom malware patterns to your database. When you add it on one server, the changes will be applied on all of your servers too. Managing custom signatures is easy with BitNinja. After implementing a new signature, it will be in “log only” mode. It will only be active after you confirm the result, so you can safely add new malware patterns without any adverse effects.