Botnet renewal – Here is the February botnet
Eniko Toth

Botnet renewal – Here is the February botnet

Do you remember the new version of the Hello Peppa botnet? At the end of 2018, it was welcomed into 2019 slightly early, and the January botnet started to spread. Well, it wouldn’t be funny, if the botnet would still send the „J4nur4ry” in the Post Data when we are already over January… So, here is the February botnet! Despite the January botnet, this one was accurate and started on 1st February. The pike was on the next day, as you can see it from the chart below.   After that, it looked like it moved back, but on 17th Feb there was another pike. Let’s look closely to o...
Read more
News from Threat Lab: 4+1 New SenseLog rules have been created
Eniko Toth

News from Threat Lab: 4+1 New SenseLog rules have been created

The new year inspired us and brought new vibes to our office. Our tech ninjas are developing several new badass features. Besides the new features, we are also improving our existing modules as well. Last week, the SenseLog module became enriched with 4 new rules and another rule has been updated. Here is a list of them: 1. Apache Magento Downloader (Rule ID: 80_1_021) 2. Apache WP Login Deprecated Firefox User Agents (Rule ID: 80_1_022) 3. Plesk Login Fail (Rule ID: 8443_1_001) 4. LFD Blocked (Rule ID: lfd_1_001) +1  Updated rule: Apache WP XML-RPC Suspicious User Agent (Rule...
Read more
2018: The Year in Review at BitNinja
Boglarka Angalet

2018: The Year in Review at BitNinja

As we look back now, it is amazing to remember all the things we achieved together and all the threats BitNinja saved us from since the start of the year.  Here’s a five minute summary of what we have been up to in 2018.  Hacker-free new year to everyone! See you in 2019! Thank you for an amazing 2018! First of all, we’d like to say thank you for your engagement and support all around the year. You inspire us to achieve the best security solution available, to develop our community and to deepen our knowledge of every aspect of cybersecurity.  Thanks...
Read more
Goodbye Peppa, Hello January!
Eniko Toth

Goodbye Peppa, Hello January!

A few months ago our Attack Vector Miner discovered a new botnet, that we simply call „Hello Peppa botnet”. Now, this botnet welcomes the new year in a new mask. Specifics of this botnet Its behaviour stayed the same, like what we mentioned in the case of the Hello Peppa: Checks backdoors which remained from a previous infection. Uses the Mozilla/5.0 User Agent The most targeted URLs are: /7788.php /8899.php /9678.php /conflg.php /db.init.php /db__...
Read more
How to protect your web hosting business during the holiday season attack wave
Boglarka Angalet

How to protect your web hosting business during the holiday season attack wave

For devops in the web hosting business, holiday season is not exactly the most wonderful time of the year. If you’ve ever sneaked out from Christmas dinner to check on your servers’ status, or been woken up by attack alerts when only Santa Claus is supposed to be awake, you know what I mean. The Rise of Holiday Hacking Holiday season is peak period for cyber attacks, and we’ve written about it several times. But we’re not the only ones analyzing historical data and finding any indication of what’s to come. Just taking a look at last year, The SSL Store predicted over 50 millio...
Read more
New SenseLog rules against WordPress and Joomla vulnerabilities
Eniko Toth

New SenseLog rules against WordPress and Joomla vulnerabilities

A few days ago, we released a new agent version (1.23.3), which contains very important developments: We added two new SenseLog rules. The first one detects arbitrary file uploader bots, and the second one is for Joomla Spam regers. SenseLog is prepared for future remote config update. Instant blacklist action added to WAF Manager. It can be enabled for rules in the config.ini. Virtual WAF honeypotify command added to CLI. It could be useful for blocking web shell access. We'd like to talk a bit more about the first point; the new SenseLog rules. SenseLog rule agai...
Read more
The Most Famous Vulnerabilities: SQL injection
Jozsef Konnyu

The Most Famous Vulnerabilities: SQL injection

As a member of the BitNinja Development Team, one of our most important tasks is to develop the protection of BitNinja. When we deal with such a process we can see how an attack works or how a botnet can exploit a vulnerability. It's almost like watching these events behind the scenes. That's why this blog series started—because there are some vulnerabilities we need to talk about. The first patient is SQL injection. My previous blog article which was about the Hackerone also encouraged me to make this blog series. On this platform, there is a lot of public report for SQL injection...
Read more
Drupalgeddon 3 in retrospect
Nikolett Hegedüs

Drupalgeddon 3 in retrospect

As you know, recently we’ve released multiple security patches for the Drupalgeddon vulnerabilities. The last one was Drupal Remote Code Execution - SA-CORE-2018-004, CVE-2018-7602, patched only 2 days after it was first discovered. We’re very proud of our quick reaction time and would like to share some statistics with you about the attacks that were prevented since then - with the help of BitNinja. The data from the first incident that we’ve caught looks like this (the URL is masked for privacy purposes): Url: [###.hu//] Headers: [array ( 'User-Agent' => 'Mozilla/5.0 (X...
Read more
GPON routers – new elements of your botnet attacks?
Laszlo Takacs

GPON routers – new elements of your botnet attacks?

People can never rest. We thought that after the last serious Drupal vulnerablity finally we can rest, but a new threat came up which is including GPON routers made by Dasan. GPON is a type of Passive Optical Network (PON) used to provide fiber connections. It is being used to provide short haul fiber connections for cellulas base stations, home access points, DAS. Primary regions with GPON devices include Vietnam, Mexico, Kazakhstan. Top countries Number of Devices Mexico 492,080 Kazak...
Read more
Server security on point – 5 +1 best practices for Linux sysadmins
Boglarka Angalet

Server security on point – 5 +1 best practices for Linux sysadmins

No matter if you’re a Linux security veteran or you’re just about to get your feet wet, you’ll face the same security threats and upcoming attacks forms. Here we come with a security cheat sheet with ultimate checkpoints that no sysadmins should miss. When meeting new company, usually the very first thing I’m asked about is „How should I get rid of hackers? Show me the silver bullet.” But it’s a little bit like asking an economist on „Where to invest my money?”. It depends. To get a grip in the jungle of security recommendations, here I collected some guidelines...
Read more