The Defense Robot in the previous versions blocked the IP address of the uploader and it also replaced the detected malware with a web honeypot, so even if the hacker tried to access the malware or backdoor from another IP address they would be still blocked.
That’s right, BitNinja’s Defense Robot module can automatically find and patch the vulnerability that enabled the hackers to upload their malware in the first place.
We were thinking “but what if the hacker used another piece of malware or a backdoor or a CMS or a plugin vulnerability?”
We went one step further
The Defense Robot module can now detect other malware or a backdoor that was used to upload the detected malware, so your server will be protected from that malware too. This way our malware signature database is expanding rapidly and BitNinja will be able to protect your server from more and more malware every day.
The Defense Robot will trace back the origin of the malware until the vulnerability that allowed the hacker to upload the very first malware is found and repaired. In the near future the Defense Robot module will patch the plugin or CMS vulnerability automatically too.
How it works
So BitNinja finds the other malware that was used to upload the detected file.
But what about false positives? Will BitNinja remove plugins and slow down my sites?
The answer is: Of course, not!
The malware signatures detected by the Defense Robot are not quarantined only logged. So, there will be no broken sites.
The signature’s status will be “validating”, meaning that the catch will only be logged. You can check the files caught by the Defense Robot on your dashboard. If you are certain the file is indeed malware you can set the signature’s status to “production” and the malware will be gone for good.
When the signature’s status is set to production it will be sent to all of your servers. The files matching the signature will be quarantined on all of the servers under your account. So, all of your servers will be protected against the malware.
You can find a guide on how to add these signatures to the database here.
In the future the signature handling will be much easier. Users will be able to do all of this from the dashboard. But first we need to teach the Defense Robot a few things. 😉
If you haven’t tried BitNinja yet don’t forget to register for the 7-day free trial! No credit card needed!
Stay safe and happy hacker-hunting!