BitNinja Security


Easy setup

Enjoy immediate protection on your server. BitNinja is designed to install and work with as little human interaction as possible. Run one line of code and your server is protected from 99% of attacks.


All-in-one protection

BitNinja combines the most powerful server security software in one easy-to-use protection suite. You get full-stack protection against XSS, DDoS, malware, scans, script injection, enumeration, brute force and other automated attacks – on all major protocols, not only HTTP.


Machine learning

Servers protected by BitNinja learn from each attack and inform each other about malicious IPs. This result is a global defense network that counteracts botnet attacks with a shield of protection for all servers running BitNinja, while also reducing the number of false positives each server encounters.

Features

Port Honeypot
Related Vulnerability
Malicious port scans and sweeps

Our Solution
After installation, BitNinja opens 100 randomly chosen unused or closed ports while taking into account the existing services you are running to avoid any interruptions. These ports act like honeypots, exposing malicious IPs, before they can attack your server. Some of these honeypots will even behave like real services, for instance, the commonly attacked telnet.

As most attacks begin with scanning for possible vulnerabilities, Port Honeypot instantly blocks future attacks: any malicious IPs will be automatically greylisted so they can’t infect your server.

 

Web Honeypot
Related Vulnerability
CMS (WordPress, Joomla, Drupal, etc) vulnerabilities

Our Solution
Web Honeypot works like Port Honeypot, with one important exception – you can replace any compromised file with honeypot scripts. You get the same benefits, plus additional customization to trap hackers and prevent further attacks. You can also configure BitNinja’s Malware Detection and Removal to automate this process for trouble-free protection against threats to web and CMS applications on your server.

Malware Detection and Removal
Related Vulnerabilities
Unvalidated file uploads, script injection, remote code injection, and CMS (WordPress, Joomla, Drupal, etc) vulnerabilities

Our Solution

  • After malware removal, BitNinja replaces the file with a honeypot to entrap the Command & Control (C&C) server.
  • If you don’t prefer automatic inspection, you can easily disable it and run scans manually whenever you like.
  • We push new malware definition files automatically so BitNinja is always up-to-date, and your server is always protected against the latest threats.

Web Application Firewall (WAF) – Beta
Related Vulnerabilities
Application layer attacks, such as directory traversal, SQL Injection, XSS, remote file inclusion, code injection, on-site and cross-site request forgery, buffer overflow, unvalidated file upload, and CMS (WordPress, Joomla, Drupal, etc) vulnerabilities

Our Solution
Our Web Application Firewall (WAF) constantly scans and analyzes the incoming traffic flow to your server, looking for malicious content based on different factors. Used in conjunction with Log Analysis, WAF guarantees an extremely low false positive rate while stopping attacks against the applications running on your server:

  • BitNinja provides automatic updates and firewall rules. We constantly patch new vulnerabilities for you.
  • For custom needs, you can easily set up a list of whitelisted domains or URLs.
  • In case of a suspicious web application you can switch the WAF into strict mode with tighter rules to avoid any further infection. (Currently in Beta)
  • BitNinja’s Web Application Firewall is a zero configuration service, so you don’t need to waste time setting up your WAF and configuring rules.
  • Thanks to our special on-host redirecting technology, WAF is compatible with all major web servers – Apache, NginX, Lite HTTP, TomCat, GlassFish, NodeJS and more.
  • Our WAF is compatible with your existing mod_security WAF, so you can continue to use your current rules

 

Outbound Web Application Firewall (OutboundWAF) – Beta
Related Vulnerabilities
Application layer attacks, such as directory traversal, SQL Injection, XSS, remote file inclusion, code injection, on-site and cross-site request forgery, buffer overflow, invalidated file upload, and CMS (WordPress, Joomla, Drupal, etc) vulnerabilities

Our Solution
BitNinja’s OutboundWAF module scans only outgoing connections real-time, with the built-in HTTP proxy solution, looking for malicious content based on different factors. If BitNinja finds any suspicious connections, it will send the incident to BitNinja analyzer central and try to find which process and script is responsible for it. Currently, OutboundWAF uses the same ruleset like WAF, but in the future, it will have a different source.

  • BitNinja provides automatic updates and firewall rules. We constantly patch new vulnerabilities for you.
  • BitNinja OutboundWAF forks a new process for every request to disperse the load between multiple CPUs.
  • Requests made by root are not watched
  • BitNinja’s OutboundWAF is a zero-configuration service, so you don’t need to waste time setting it up and configuring rules.
  • Thanks to our special on-host redirection technology, OutboundWAF is compatible with all major web servers – Apache, NginX, Lite HTTP, TomCat, GlassFish, NodeJS and more.
  • Our OutboundWAF is compatible with your existing mod_security WAF, so you can continue to use your current rules.

 

Log Analysis
Related Vulnerability
Application layer attacks, like directory traversal, SQL Injection, XSS, remote file inclusion, code injection, on-site and cross-site request forgery, and CMS (WordPress, Joomla, Drupal, etc) vulnerabilities

Our Solution
BitNinja constantly monitors your server logs including Apache, NginX, Auth log, MySQL, Exim, Cpanel and others. As soon as it detects any suspicious behavior, it blocks further malicious actions.

  • BitNinja is designed for ease of use, you don’t have to worry about specifying the path of your logs, our zero-configuration setup finds them automatically.
  • Log Analysis goes a step further and checks events logged prior to the installation of BitNinja, in order to identify previous attack attempts and at the same time, to greylist hackers.
  • We automatically update the rules for detecting malicious behavior from server logs – BitNinja does the lion’s share of the work instead of you.

CAPTCHA
Related Vulnerability
Automated botnet attacks

Our Solution
CAPTCHA is the abbreviation for Completely Automated Public Turing Test to Tell Computers and Humans Apart. BitNinja uses CAPTCHA to distinguish between human and bot-generated traffic, streamlining the handling of false positives. As a result:

  • Botnets are immediately blocked
  • You are relieved from the everyday burden of managing false positives
  • The number of complaints from legitimate human visitors to your site is reduced

BitNinja provides validation on different protocols, such as HTTP, HTTPS, and SMTP. In the case of HTTP or HTTPS, web visitors are redirected to a CAPTCHA page. For SMTP, an email is sent with a confirmation link. Human visitors can remove themselves from the greylist with ease, while bots will remain blocked.

 

Collective Intelligence
Related Vulnerabilities
Recurring automatic exploits and zero-day attacks

Our Solution
Servers protected by BitNinja collect and share attack information with each other. Together, they form a global defense network, which becomes more intelligent and more powerful with every single attack.

This means when any BitNinja protected server detects an attack, your server is immediately vaccinated against the malicious IP at the source of the attack.

With our all-in-one security suite and global defense network, BitNinja also discovers and eliminates zero-day attacks and automated exploits – before they occur.

Collective Intelligence creates a set of manageable IP lists. These sets grant security on three different levels:

  • Black/Whitelist management
    You can use BitNinja to maintain user-defined blacklists and whitelists on your servers via CLI or our user-friendly Dashboard.
  • Basic IP reputation
    Essential list-based protection against only the most vicious IPs. These IPs are used by the most aggressive hackers all around the world. When an IP generates more than 5000 malicious requests, BitNinja places it on this list.
  • Advanced IP reputation
    Our proprietary greylist is the most important asset in the BitNinja global defense shield. This list contains suspicious IPs that clients handle with special care. Advanced IP reputation gives you unparalleled protection, securing your server against more than 6 million attacker IPs.

In addition to our user-based blacklist, BitNinja maintains a global blacklist that is shared among all BitNinja protected servers. Servers protected by BitNinja drop packets from IPs on this list. To make sure these IPs are blocked for a legitimate reason, we constantly evaluate the list by moving blacklisted IPs to our greylist at predefined intervals to detect whether the traffic from the IP source is still malicious.

DoS Detection
Related Vulnerability
Denial of Service via TCP based protocols – HTTP, SMTP, FTP etc.

Our Solution
BitNinja constantly monitors the number of simultaneous incoming and outgoing connections and blocks DoS (Denial of Service) attacks with our unique approach:

  • Unlike other solutions, we don’t permanently block the source but drop the connections and greylist the attacker IP. This way, we reduce the number of false positives and complaints from clients behind proxy networks and NAT routers.
  • We have a proven automated process to revise our greylists, so you don’t have to waste time managing false positives.
  • You can create different thresholds for different protocols, and then fine-tune them to your needs. For example, you can set a maximum of 80 connections for HTTP and 150 connections for IMAP.
  • BitNinja also helps prevent outgoing DoS attacks, so your provider won’t overcharge or block you.
  • There’s no need to change any of your existing server applications to to use our all-in-one security suite. Apache, NginX, Lite HTTP, TomCat, GlassFish, ProFTP, PureFTP, VSFTP, Courier Mail, and many more are all compatible.

 

DDoS Mitigation
Related Vulnerability
TCP/UDP-based Distributed Denial of Service attack

Our Solution
All servers running BitNinja create a global defense network, sharing information about malicious IPs. With data on over 15 million IPs worldwide, plus honeypots to capture and analyze the latest threats, your server is protected against DDoS botnet attacks – before they happen.

 

Antiflood
Related Vulnerability
Application-level DoS attack directed at the BitNinja application

Our Solution
A chain is only as strong as its weakest link. Antiflood ensures that hackers cannot mount an attack against the BitNinja application and destroy your defense shield in the process. Antiflood works by aggregating information from the entire BitNinja security suite to prevent any individual module from overloading.

$25/month

BitNinja Pro Security License ( Unlimited Users ), $15 cheaper than the original price.

Free Setup and Installation