The BitNinja Botnet research project
To maintain high service levels and react fast to new threats, we need to understand better the botnet spreading mechanisms and how widespread some botnets are. To achieve this goal we constantly monitor the public internet with various automated security scanning mechanisms. Our botnet research group focuses mainly on the spread of PHP based botnets.
The Scanning Process
The research involves making benign connection attempts to every public IP address. By measuring the entire public address space, we are able to analyze global patterns and trends in protocol deployment and security.
We never attempt to exploit security problems, guess passwords, or change device configuration. We only receive data that is publicly visible to anyone who connects to a particular address and port.
The data collected through these connections helps computer scientists study the deployment and configuration of network protocols and security technologies.
Personal Data we collect
- Domain name
- IP address
- Control Panel types
- CMS type & version
We will not share your personally identifiable information with third parties. Where it is feasible, we anonymize personal data or use non-identifiable statistical data. The infected websites and servers are recorded in our ever-growing database and it is stored in our own server.
We are happy to cooperate with web hosting providers and data centers and inform them about the infections we have found on their servers through our research. We provide these data free of charge and without any obligation.
How can I open the report?
To keep your security data confidential, we always send the data in an encrypted format. The
findings are sent over in an encrypted file. To decrypt the file please specify a second communication channel, so that we can send you the encryption key/password. You can then decrypt the report. For security reasons please never send the report along with the password. Make sure you use a second communication channel.
Can I opt-out of these measurements?
If you wish to opt-out, you can configure your firewall to drop traffic from the subnet we use for measurements: 18.104.22.168, 22.214.171.124, 126.96.36.199 (please note that IP addresses can change dynamically, however the reverse is always: *.scanner.bitninja.io). If you have further questions, contact email@example.com.
Getting in Touch
Feel free to contact us at +1 805-628-4196 (USA) or +44 20 3974 2242 (EU) regarding further questions. We also appreciate any community analysis results and hope for your collaboration.