(D)DoS attack - How does it work and how will BitNinja stop it?
Nikolett Hegedüs

(D)DoS attack - How does it work and how will BitNinja stop it?

100% server uptime... Every hosting company is dreaming about it as nowadays when there are countless service providers, customers will choose the one which grants reliability. What happens when a website is inaccessible? It’s always painful for the website owner, the visitors and for the hosting company. There could be many reasons behind it, but maybe the most annoying is when it happens because of a DoS attack. What is DoS? DoS stands for Denial of Service: it’s a type of attack that could render web servers unresponsive - meaning they won’t be able to serve HTTP requests. So users ca...
Read more
The Most Famous Vulnerabilities - Cross-Site Scripting (XSS)
Jozsef Konnyu

The Most Famous Vulnerabilities - Cross-Site Scripting (XSS)

It’s been a while since I wrote the previous episode of my blog series. If you are interested in Remote Code Execution, then I definitely recommend reading the previous part. So, here we are again, the moment has come for my final article about cross-site scripting (XSS). What is Cross-Site Scripting (XSS)? Usually, XSS vulnerability occurs when there are untreated inputs and bad cookie usage. So, please let me tell you about a case that happened in 2005 on Myspace. A MySpace user found an XSS vulnerability on the site, and he wrote a payload called „Samy Worm.” This payload was a...
Read more
GXHLGSL.txt file uploader botnet –Discovered by BitNinja FtpCaptcha
Eniko Toth

GXHLGSL.txt file uploader botnet –Discovered by BitNinja FtpCaptcha

At the beginning of the year we released our brand-new FtpCaptcha module, and of course, we were so excited about receiving the first incidents. However, we didn’t think that the very first logs will be such eye-catching. We detected a not so well-known botnet, and we didn’t find an article about it (only a few forum topics), so we summarized everything that you need to know about it. Test the ability to upload a file This botnet is trying to upload a file named GXHLGSL.txt, which contains only this: TEST. If it was a vulnerability scanner, there would provide some description about it o...
Read more
Botnet renewal – Here is the February botnet
Eniko Toth

Botnet renewal – Here is the February botnet

Do you remember the new version of the Hello Peppa botnet? At the end of 2018, it was welcomed into 2019 slightly early, and the January botnet started to spread. Well, it wouldn’t be funny, if the botnet would still send the „J4nur4ry” in the Post Data when we are already over January… So, here is the February botnet! Despite the January botnet, this one was accurate and started on 1st February. The pike was on the next day, as you can see it from the chart below.   After that, it looked like it moved back, but on 17th Feb there was another pike. Let’s look closely to o...
Read more
How to secure WP-login
Laszlo Takacs

How to secure WP-login

WordPress is the most known CMS in the world currently (WordPress runs 32% of the entire internet), we hear that it is the easiest CMS to handle, to install and to use. Taking all these information into account, we would think that it is safe as a house. Wrong! It might be easy to use, but for this exact reason, it is easy to hack. As it is free, there are many free plug-ins which are usually not up to date, creating weak points. Hackers always tend to exploit vulnerabilities in Plugins, Themes and WP Core. There are many parts where WordPress should be strengthened, now I would like to hig...
Read more
2018: The Year in Review at BitNinja
Boglarka Angalet

2018: The Year in Review at BitNinja

As we look back now, it is amazing to remember all the things we achieved together and all the threats BitNinja saved us from since the start of the year.  Here’s a five minute summary of what we have been up to in 2018.  Hacker-free new year to everyone! See you in 2019! Thank you for an amazing 2018! First of all, we’d like to say thank you for your engagement and support all around the year. You inspire us to achieve the best security solution available, to develop our community and to deepen our knowledge of every aspect of cybersecurity.  Thanks...
Read more
Goodbye Peppa, Hello January!
Eniko Toth

Goodbye Peppa, Hello January!

A few months ago our Attack Vector Miner discovered a new botnet, that we simply call „Hello Peppa botnet”. Now, this botnet welcomes the new year in a new mask. Specifics of this botnet Its behaviour stayed the same, like what we mentioned in the case of the Hello Peppa: Checks backdoors which remained from a previous infection. Uses the Mozilla/5.0 User Agent The most targeted URLs are: /7788.php /8899.php /9678.php /conflg.php /db.init.php /db__...
Read more
WordPress User Enumeration Attack in Focus
Valentin Balint

WordPress User Enumeration Attack in Focus

If you’re a WordPress user, then this following article is a must for you. However, if you are interested in website vulnerabilities and how they can be attacked, and you wish to upgrade your knowledge about them, you’ve also come to the perfect place as well. In this article, we’ll be talking about the user enumeration attack method, and how you can protect against it if you’re a WordPress user. Attack type A hacker can use user enumeration to get access to a specific application or website by getting the credentials—in the first instance, the usernames—through an attack. If the attacke...
Read more
The Most Famous Vulnerabilities – Remote Code Execution (RCE)
Jozsef Konnyu

The Most Famous Vulnerabilities – Remote Code Execution (RCE)

If someone wants to use a server resource or take control of the server in some way or wants to steal data, then he does it via remote code execution vulnerability. What is Remote Code Execution? This vulnerability triggers in so many ways, but in most cases, it is possible via the following methods. •Untreated inputs •Untreated file uploads We talk about an untreated input when there is little validation on the server side or none at all. For example, we have a server control panel, and we have an input on it, where we can add commands which will run directly on the server. In...
Read more
The Most Famous Vulnerabilities: Cross-Site Request Forgery (CSRF)
Jozsef Konnyu

The Most Famous Vulnerabilities: Cross-Site Request Forgery (CSRF)

Before I begin to explain CSRFs we need to understand some facts. First of all, we have to see how websites usually work when they have a login. Most pages use username/email and password for authentication. In today's world, it's not uncommon for newer sites to support two-step authentication. Normally we use a login once on a website because it generates on the server side a session which reminds our browser that we are already logged in. Generally, the session has an expiration time and when it expires we have to login again. After we login, the browser receives some cookies which...
Read more