#CloudFest2020 cancelled – NinjaFest Day is here
Eniko Toth

#CloudFest2020 cancelled – NinjaFest Day is here

We know that many of you were excitedly waiting for CloudFest2020. This conference is always the best event throughout the year to bring the amazing cloud community together. It was sad news that CloudFest was cancelled due to the Coronavirus threat, however, it was the right decision from the organizers. However, as thousands of people were preparing for this week-long event, we thought that you shouldn’t miss everything. We decided to bring a little piece of CloudFest to you online. We organize an online „NinjaFest” day on 18 March 2020, where you’ll have the opportunity to: Atte...
Read more
Ultimate WAF Guide  - How to patch WordPress vulnerabilities and block web attacks
Jacint Lazok

Ultimate WAF Guide - How to patch WordPress vulnerabilities and block web attacks

An exploited CMS vulnerability or vulnerabilities to web-based attacks is a big security issue as one well-aimed attack can cause a data leak, data loss or make your server unavailable. These attacks need to be stopped before they even reach your server and the WAF 2.0 module can do that for you. This powerful defense tool can protect you from these attacks without slowing down your server’s response time or increasing the load. In this guide, I will show you how you can use it to maximize your server’s protection by fine-tuning this module. Spoiler: not by turning on every WAF rule ;)&n...
Read more
NEW Feature  - Transparent Proxy for BitNinja WAF 2.0
Eniko Toth

NEW Feature - Transparent Proxy for BitNinja WAF 2.0

Complicated WAF setup? Not anymore! The new BitNinja Transparent Proxy offers a new way for a much easier WAF setup and more convenient WAF management. You don’t have to hassle with enabling the X-Forwarded-For header from now on. Background At the beginning of 2019, we released a brand-new Web Application Firewall. We completely redesigned our previous WAF solution and we’ve already published several articles about WAF 2.0: Brand-new BitNinja WAF 2.0 is out now WordPress hosting and the BitNinja WAF - How to do it right? article series Watch the n...
Read more
How to secure WP-login
Lazlo Takacs

How to secure WP-login

WordPress is the most known CMS in the world currently (WordPress runs 32% of the entire internet), we hear that it is the easiest CMS to handle, to install and to use. Taking all these information into account, we would think that it is safe as a house. Wrong! It might be easy to use, but for this exact reason, it is easy to hack. As it is free, there are many free plug-ins which are usually not up to date, creating weak points. Hackers always tend to exploit vulnerabilities in Plugins, Themes and WP Core. There are many parts where WordPress should be strengthened, now I would like to hig...
Read more
The Most Famous Vulnerabilities - HTTP Parameter Pollution
Jozsef Konnyu

The Most Famous Vulnerabilities - HTTP Parameter Pollution

In the previous blog article, we learned about SQL injection and how it works. If you read it then you will know that it belongs to the family of the most serious vulnerabilities. The next vulnerability is not going to be so serious, but it's worth taking care of. What is HTTP Parameter Pollution? The easiest way to introduce this vulnerability is to show the method that you have seen many times on websites or any other application that can be linked to the Internet at some level: redirection. A lot of websites use this technique to redirect from one website to another, or even within...
Read more
HTTP/2 support with BitNinja WAF 2.0
Zoltan Toma

HTTP/2 support with BitNinja WAF 2.0

HTTP/2 support with BitNinja WAF 2.0 The version of bitninja-ssl-termination 1.1.0, which is practically a HAProxy (1.8.9), can handle HTTP2 connections. It will be installed automatically by BitNinja (v 1.20.10) and it will reconfigure the configs for HTTP/2. It only affects the HTTPS connections. HTTP2 over TLS (h2) is supported by all of the modern browsers. Why HTTP/2?  HTTP/2 compared to HTTP/1.1 is far more powerful, it can broadcast requests and answers in parallel, so the browser needs to open only 1 connection to the server instead of 6-8. This connection is far more...
Read more
What is going on  in the background of the cyberworld
Lazlo Takacs

What is going on in the background of the cyberworld

There are things we are not really waiting for, in fact we are looking for a way to bypass or avoid them. Unfortunately, some of them are inevitable just like the Cyber Worldwar, which in fact has already begun. Mentionable acts from history There was a historical milestone on May 12th, 2017 when within only one day one country has invaded 150 other countries. Now you would start to think: why can't I remember anything like this? Well, the answer is simple, it was the "in"famous WannaCry ransomware, it has invaded more than 200 thousand computers. By assumptions, it originated from North...
Read more
Security by design
Lazlo Takacs

Security by design

Our team has attended the CloudFest back in March where during the security panel we have attended a presentation about the importance of security by design an important thing in terms of responsibility and suggested OWASP as a standard to start with. In this blog post we would like to show, why it is important for developers too, not just for security providers. The best way to define it is an approach to software and hardware development where the main goal is to make a system as free of vulnerabilities and imprevious to attack as possible. To achieve this there is a need for a huge amoun...
Read more
BitNinja Daily Routine - How to eliminate hackers on your servers completely?
George Egri

BitNinja Daily Routine - How to eliminate hackers on your servers completely?

We have collected the best practices of the most successful BitNinja customers. Would you like to completely eliminate hackers on your servers? Follow this guideline to achieve the most with BitNinja and stop all hackers. The initial steps When you first install BitNinja on your server, the best you can do is to enable all modules. All the beta modules are used in many production servers, it is safe in most of the cases to simply enable them all. If you have considerations about enabling all the modules, then here is a list of minimal modules to enable: IP reputation DoS detectio...
Read more
MongoDB vs. Elasticsearch
Jozsef Konnyu

MongoDB vs. Elasticsearch

What is MongoDB? MongoDB is an open-source NoSQL database that uses a document-oriented data model. This type of model is built on an architecture of collections and documents instead of using tables and rows like MySQL. Documents are built from key-value pairs which are the basic units of MongoDB. These documents may also be part of different collections - like tables - in a relational the database. Being a NoSQL database MongoDB uses dynamic schemas for documents and as a result, they may be structurally different. This database also uses BSON (Binary JSON) – which is...
Read more