Malicious botnets often use dictionaries of common names and phrases to find the right username and password combination to hack an account. They systematically check many possible login credentials until they succeed. This type of attack isn’t very elegant and relies on making many trial-and-error attempts to login, that’s why it’s called a brute force attack.
The most popular targets of brute force attacks are email accounts, WordPress/Joomla/Drupal admins, FTP and SSH access. Typically, these malicious botnets use many different IPs to carry out their attacks.
“Before we installed BitNinja we struggled with malware scripts, unauthorized WP logins, and XML-RPC attacks. Numerous malwares were injected on PHP scripts and wp-login.php, and we also received a lot of incident reports about outgoing attacks from the server. The first thing we experienced after installing BitNinja was the drop in server load just like the number of attacks. Our favorite part was that BitNinja reduced our customers’ support requirements by reducing the server’s load and the number of outgoing attacks.”Sam Lee C. Y.
Hacked FTP, SSH, CMS and email accounts
A lot of failed login attempts
User complaints about locked accounts
THE POWER OF THE BITNINJA LOG ANALYSIS
After the BitNinja agent is installed, the Log Analysis module automatically recognizes the most common log files on your server and starts to analyze them in an efficient and resource-friendly way.
This module will immediately block brute force attacks as well as many other attack types including SQL injection, directory traversal, spamming attempts, WordPress user enumeration attack, reflective DDoS via xmlrpc.php, and more.
BitNinja Log Analysis doesn’t require configuration and runs silently in the background, monitoring for malicious IP addresses. When this module detects a malicious IP, it is automatically greylisted by our real-time IP Reputation module. We constantly update our IP rules and continuously monitor log files, ensuring you always have the latest protection on your server.
How is it different against other Log Analysis solutions?
BitNinja Log Analysis starts automatically without any configuration required. Of course, you can configure the supervisors and log paths as you like.
We use the most effective technologies (Auditd, Aho-Corasick algorithm) for checking the log file changes and pattern matching.
LOW FALSE-POSITIVE RATE
All incidents generated by the newly added rules will be applied in test mode first. Then, we carefully analyze them to ensure a low false positive rate.
FREQUENT RULE UPDATES
New log files and rule types are constantly added to our Log Analysis module for auto-detecting.
WHY DO OUR USERS LOVE THIS MODULE?
“We’ve been facing many issues such as DoS, brute-force attacks, SQL Injection Attack, website hacking attempts etc.
We’ve tried many different tools and protection solutions, and based on testing we found that BitNinja is the most suitable solution.”
Webhosting Team Lead
“Brute-force password guesses, code injections like PHP script uploads, spam attacks and vulnerability exploits made life
harder for us and our clients. We
had many attacks and tried many
methods to block them, but it
wasn’t enough. The BitNinja
approach is the best we could find.
The approach is cloud-based, it is
a very elegant solution to a global
“Before we installed BitNinja we struggled with malware scripts, unauthorized WP logins, and XML-RPC attacks. Numerous malwares were injected on PHP scripts and wp-login.php, and we also received a lot of incident reports about outgoing attacks from the server. The first thing we experienced after installing BitNinja was the drop in server load just like the number of attacks. Our favorite part was that BitNinja reduced our customers’ support requirements by reducing the server’s load and the number of outgoing attacks.”
Sam Lee C. Y.
Technologies Sdn. Bhd.
FREQUENTLY ASKED QUESTIONS
How can I configure the list of log files monitored by BitNinja Log Analysis?
BitNinja will automatically monitor the most common log files, such as Apache/Nginx access and error logs, system-wide logs, exim4 logs, postfix logs, and more. If you wish, you can specify custom log paths in the module’s configuration too.
What kind of attacks are blocked by BitNinja Log Analysis?
This module protects your sites and accounts (WordPress, Joomla, Magento, cPanel, etc.) on your servers (FTP, MySQL, Postfix, OpenSSH, etc.) against a wide range of attacks:
- Brute force
- SQL injection
- Directory traversal
- Reflective DDoS attacks
- Autoshell upload attempts
- Code injection
- WordPress user enumeration attacks
- XML-RPC attacks
How does BitNinja make Log Analysis resource-friendly?
Log file changes are monitored through system calls made by our Auditd feature, so the log files don’t have to be opened all the time. We also use the most effective Aho-Corasick algorithm for pattern matching.
If BitNinja Log Analysis detects a malicious IP address, how long will it be blocked?
Unlike other solutions, we don’t permanently blacklist every IP address. Instead, after blocking the IP address, we add the IP to the BitNinja greylist.
If attacks continue, the IP address is blacklisted. On the other hand, if it’s a genuine login attempt, the IP can be removed from the greylist. IP addresses can be removed from our greylist in three different ways:
- A valid human visitor completes the BitNinja Browser Integrity Check or CAPTCHA successfully.
- You manually remove the IP from the greylist through your BitNinja Dashboard.
- It is automatically delisted if we don’t perceive any incidents from the IP for a period of time.
Read more about how BitNinja treats malicious IP addresses under the IP Reputation module.
Is BitNinja compatible with fail2ban?
Yes, BitNinja is 100% compatible with fail2ban. However, our software makes fail2ban redundant, so you don’t need to keep using fail2ban when you have BitNinja installed.
BUILD YOUR SECURITY
START THE 7-DAY FREE TRIAL WITH FULL FUNCTIONALITY
WITHOUT SPENDING A CENT.
(No credit card required)