(D)DoS attack - How does it work and how will BitNinja stop it?
Nikolett Hegedüs

(D)DoS attack - How does it work and how will BitNinja stop it?

100% server uptime... Every hosting company is dreaming about it as nowadays when there are countless service providers, customers will choose the one which grants reliability. What happens when a website is inaccessible? It’s always painful for the website owner, the visitors and for the hosting company. There could be many reasons behind it, but maybe the most annoying is when it happens because of a DoS attack. What is DoS? DoS stands for Denial of Service: it’s a type of attack that could render web servers unresponsive - meaning they won’t be able to serve HTTP requests. So users ca...
Read more
Defense Robot – The breakthrough innovation for the cybersecurity market
Eniko Toth

Defense Robot – The breakthrough innovation for the cybersecurity market

Are you tired of the never-ending malware infections? Would you like to get rid of the nightmare of the long hours spent troubleshooting? Do you still seem to get repeatedly infected regardless of how often you make malware removals? It’s enough of the reactive protection! The old way What would usually happen when a server became infected? People had to buy special security tools, which had really high prices to find malware. If it succeeded, the sysadmins had to spend plenty of hours (or in worse cases several days) to remove the malware. The other option was to pay for someone to do t...
Read more
News from Threat Lab: 4+1 New SenseLog rules have been created
Eniko Toth

News from Threat Lab: 4+1 New SenseLog rules have been created

The new year inspired us and brought new vibes to our office. Our tech ninjas are developing several new badass features. Besides the new features, we are also improving our existing modules as well. Last week, the SenseLog module became enriched with 4 new rules and another rule has been updated. Here is a list of them: 1. Apache Magento Downloader (Rule ID: 80_1_021) 2. Apache WP Login Deprecated Firefox User Agents (Rule ID: 80_1_022) 3. Plesk Login Fail (Rule ID: 8443_1_001) 4. LFD Blocked (Rule ID: lfd_1_001) +1  Updated rule: Apache WP XML-RPC Suspicious User Agent (Rule...
Read more
WordPress User Enumeration Attack in Focus
Valentin Balint

WordPress User Enumeration Attack in Focus

If you’re a WordPress user, then this following article is a must for you. However, if you are interested in website vulnerabilities and how they can be attacked, and you wish to upgrade your knowledge about them, you’ve also come to the perfect place as well. In this article, we’ll be talking about the user enumeration attack method, and how you can protect against it if you’re a WordPress user. Attack type A hacker can use user enumeration to get access to a specific application or website by getting the credentials—in the first instance, the usernames—through an attack. If the attacke...
Read more
New SenseLog rules against WordPress and Joomla vulnerabilities
Eniko Toth

New SenseLog rules against WordPress and Joomla vulnerabilities

A few days ago, we released a new agent version (1.23.3), which contains very important developments: We added two new SenseLog rules. The first one detects arbitrary file uploader bots, and the second one is for Joomla Spam regers. SenseLog is prepared for future remote config update. Instant blacklist action added to WAF Manager. It can be enabled for rules in the config.ini. Virtual WAF honeypotify command added to CLI. It could be useful for blocking web shell access. We'd like to talk a bit more about the first point; the new SenseLog rules. SenseLog rule agai...
Read more
Classification of malware
Eniko Toth

Classification of malware

The current world war isn’t happening in the physical world. However, cyber attacks have stepped into the foreground, and blackhat hackers can gain millions with their targeted attacks. Their main weapon in this war: malware. In this article, we’ll diversify the different types of malware so that you can better understand their behaviour. There are many ways in which malware can be categorized, but now we’d like to introduce Christopher C. Elisan's classifications from his book, Malware, Rootkits & Botnets. 1.Infectors Infectors have a very important limitation: they can only sprea...
Read more
New LogAnalysis with 109x speed
Nikolett Hegedüs

New LogAnalysis with 109x speed

New LogAnalysis with 109x speed The former version of SenseLog (which serves our robust LogAnalysis module) has processed the files at the start and observed them if there were any changes in them. It has used a lot of sources for the dates in the log rows. In this version it was necessary because SenseLog had to recognize the changes and had to decide whether it has to to something or not with the changes. The process of log files took longer time because of this. The current version only processing the changes, in the case of delegated logs, SenseLog stands at the end. This way therer...
Read more
New improvements at BitNinja - HTTPS solution
Nikoletta Szabo

New improvements at BitNinja - HTTPS solution

In this article, we would like to summarize our recently released developments, which impact the daily life of our clients. First of all, ... TheHTTPS Captcha: If you enable this feature in your agent, BitNinja will be able to present a Captcha on HTTPS. This will make the IP removal from our greylist possible just by one click not only on HTTP protocol but also on HTTPS. What results can be achieved by using it? Less complaint from your customers about the failure of removal, resulting in a lower load on your support staff Lower false-positive rate How does it work? T...
Read more
1.16.1 Version-645% performance improvement for SenseLog
Nikoletta Szabo

1.16.1 Version-645% performance improvement for SenseLog

This week we released a new version of BitNinja, which contains many significant performance improvements. But what are the changes exactly? We limited the SS usage of our Outbound WAF module. It will only use SS if a malicious request is caught. Its result will be a significant drop in BitNinja's CPU usage. Our SenseLog module has gone under serious optimization. From now on, it only scans logs stored from the last day.This way we can eliminate its slow loading and operation. Great news, this development increased its performance with 645%. Brilliant, isn't it? Multilingual texts...
Read more
XML-RPC attacks examined
Nikolett Hegedüs

XML-RPC attacks examined

Nikolett Hegedüs
XML-RPC attacks are “trending” nowadays. If you search for “XML-RPC attack” on Google, you can see approximately 380,000 results. Most of the articles deal with XML-RPC attacks on Wordpress-based websites. What is XML-RPC? RPC stands for remote procedure call and XML is the abbreviation of Extensible Markup Language. XML is widely used to represent data structures used in web services, and it is markup format that’s both human- and machine-readable.  XML-RPC is a protocol that uses XML to encode its remote procedure calls. It also uses HTTP as a transport mechan...
Read more