Release note – A bunch of new features are available in agent 1.29.X and 1.30.0
Eniko Toth

Release note – A bunch of new features are available in agent 1.29.X and 1.30.0

Where are our tech ninjas? The first quarter of 2019 was quite stirring. We have also published several articles about our work. So, let’s start just by thinking about these developments: FTP CAPTCHA New SenseLog rules Newly discovered file uploader botnet Patched Drupal vulnerability Defense Robot Anti-Phishing Also, what happened in Q2? Malware Scanner Slack integration The contrast is huge… Well, our tech ninjas thought have a little rest after the Cloudfest exhibition. Haha, just kidding… :) Actually, the opposite happened. They worked harder than ever...
Read more
GXHLGSL.txt file uploader botnet –Discovered by BitNinja FtpCaptcha
Eniko Toth

GXHLGSL.txt file uploader botnet –Discovered by BitNinja FtpCaptcha

At the beginning of the year we released our brand-new FtpCaptcha module, and of course, we were so excited about receiving the first incidents. However, we didn’t think that the very first logs will be such eye-catching. We detected a not so well-known botnet, and we didn’t find an article about it (only a few forum topics), so we summarized everything that you need to know about it. Test the ability to upload a file This botnet is trying to upload a file named GXHLGSL.txt, which contains only this: TEST. If it was a vulnerability scanner, there would provide some description about it o...
Read more
New Feature is Available: FTP CAPTCHA
Eniko Toth

New Feature is Available: FTP CAPTCHA

We’d like to start this year with a great announcement. Our purpose is to help make your servers safe and your service reliable. Your customers’ satisfaction is as much important for us as it is for you. That’s why we created a brand-new feature in order to make BitNinja more convenient for your users. This new module is called FTP CAPTCHA and it allows your visitors to remove their greylisted IP addresses when an FTP connection is opened. What is the reason behind creating the FTP CAPTCHA? If a greylisted IP wanted to connect to a BitNinja-protected server, the visitor could validate he...
Read more
The BitNinja mature WAF module
Nikolett Hegedüs

The BitNinja mature WAF module

Nikolett Hegedüs
We love to talk about our Web Application Firewall (in short: WAF) module, since its’ complete makeover and upgrade. Before the WAF 2.0, we had a previous Web Application Firewall module that’s been completely redesigned: this was the reason why the new WAF module got a brand new name too: it’s called WAFManager now. But you’ll only see the module’s name like this in CLI, because we’re calling it WAF 2.0 most of the time. We put a lot of time and effort into shaping the upgraded, mature WAF module into an asset that is effective and customizable for our users. And why did we...
Read more
New BitNinja WAF Rules to Protect Against RCE Attacks
Eniko Toth

New BitNinja WAF Rules to Protect Against RCE Attacks

Your server’s safety is the number one priority for us, that’s why we have created two new BitNinja WAF rules which are already part of the safe minimum ruleset. They grant protection against the following vulnerabilities: Magento Remote Execution Protection Those who are using Magento and didn't apply the patch are vulnerable to RCE (remote code execution) attacks. By targeting the “Cms_Wysiwyg” controller, the attacker can take over the site and gain information such as customers’ credit card details. BitNinja will block requests sent to this controller which contain exact para...
Read more
HTTP/2 support with BitNinja WAF 2.0
Zoltan Toma

HTTP/2 support with BitNinja WAF 2.0

HTTP/2 support with BitNinja WAF 2.0 The version of bitninja-ssl-termination 1.1.0, which is practically a HAProxy (1.8.9), can handle HTTP2 connections. It will be installed automatically by BitNinja (v 1.20.10) and it will reconfigure the configs for HTTP/2. It only affects the HTTPS connections. HTTP2 over TLS (h2) is supported by all of the modern browsers. Why HTTP/2?  HTTP/2 compared to HTTP/1.1 is far more powerful, it can broadcast requests and answers in parallel, so the browser needs to open only 1 connection to the server instead of 6-8. This connection is far more...
Read more
Hot new feature - Goodbye CAPTCHA! Hello Browser Integrity Check!
Anita Batari

Hot new feature - Goodbye CAPTCHA! Hello Browser Integrity Check!

How would you imagine a world where annoying CAPTCHAs are not the first line when it comes to identification of botnets and human visitors? Here at BitNinja we thought big and made it come true. Let us show you a security solution where the visitors with suspicious incidents in their past don't have to type anything, moreover, they don't have to click anywhere either. It sounds too good to be true, isn't it? Some of our users (you know, big players who) run into this issue when their end-users - who would like to surf on sites - were afraid of filling CAPTCHAs. We couldn...
Read more
New versions released
Eniko Toth

New versions released

Eniko Toth
In the last 2 weeks, we released 2 new versions of BitNinja. Let’s take a look at the novelties:    BitNinja version 1.12.10: CaptchaChallenge pages now use 403 status code instead of 200. Good bots will notice it and leave it. This means, that the good bots will recognize our captcha pages, and won’t walk around them. Causing that our already low false-positive rate will be further reduced. WordPress wp-login filter threshold increased to 100 attempt. Our log analyser module (SenseLog) perceives a wordpress page update as a wp-login.php request, so we increa...
Read more
Release note on 1.12.5 version
Nikoletta Szabo

Release note on 1.12.5 version

Nikoletta Szabo
Today (2016, 07 Nov) we released the newest version of BitNinja. Let’s see what has changed: SenseLog supervisors can be disabled in /etc/bitninja/SenseLog/config.ini CaptchaHttp now checks remote address at connection time From now on the BitNinja captcha is able to determine the performer of the connection in the exact moment when the connection has been established. DosDetection LocalIp filter undefined interface address bug fixed Turkish translation added to CaptchaHttp You can configure your own captcha with the use of our documentation site. Joomla Brute for...
Read more
Traffic Exchange Service- HitLeap and its consequences
Nikoletta Szabo

Traffic Exchange Service- HitLeap and its consequences

Nikoletta Szabo
Recently our support team has received questions about a highly controversial topic, a traffic exchange service, because these server owners started to receive incident reports from us about DoS attacks coming from their servers. We decided to write this blog in order to dissolve any possible concerns and doubts about BitNinja’s reaction to this service and its consequences. HitLeap is a traffic exchange service, which is mainly used by those who would like to boost their own marketing and have their site ranked somewhere at the beginning of Google’s search list. This counter-marketing serv...
Read more