Cyber attack trends – The top 7 attack types
Eniko Toth

Cyber attack trends – The top 7 attack types

Here, at BitNinja we always keep a close look on the defended incidents in order to discover attack trends and new attack types. Currently, BitNinja protects over 5000 servers worldwide and we are effectively defending more than 50 millions incidents every week. Undoubtedly, we still see many “oldtimer” attack types between these incidents such as (D)DoS , SQLi , XSS , etc. However, by analyzing this data, we found these are the top cyberattack types we see today: Brute force Mirai botnet Hexa botnet WordPress attacks Reflection attacks More automated tools Cryptocur...
Read more
Recently discovered Hexa botnet is targeting WordPress hosts
Eniko Toth

Recently discovered Hexa botnet is targeting WordPress hosts

There is a huge demand for buying botnets on the Dark Web, so it’s not a surprise that new kinds of botnets appear from time to time in order to meet the needs of the cybergangs. Of course, there are some old but constantly attacking botnets, like the most popular Mirai botnet or the Hello Peppa botnet which was discovered and named by us. However, we’d like to show you a new botnet, that we haven’t talked about yet. This is the Hexa botnet. Discovery of the Hexa botnet Back in March, we introduced our new security module, the Defense Robot . It was a pleasure to us that we coul...
Read more
WordPress Hosting Protected by BitNinja - Case Study with Mijn Websitehosting
Boglarka Angalet

WordPress Hosting Protected by BitNinja - Case Study with Mijn Websitehosting

WordPress is by far the most popular CMS today. However, this popularity has an unfortunate side effect of also making WordPress sites extremely exposed to potential attacks. It means quite a huge challenge to web hosting providers to keep the hackers out of their business. Fortunately, this task is not impossible.   https://kinsta.com Our great partner, Mijn Websitehosting has over 14 years of expertise in this field and chose BitNinja to help them successfully protect their customers.  Read on to learn about their struggles, before they stepped on the road...
Read more
How to secure WP-login
Laszlo Takacs

How to secure WP-login

WordPress is the most known CMS in the world currently (WordPress runs 32% of the entire internet), we hear that it is the easiest CMS to handle, to install and to use. Taking all these information into account, we would think that it is safe as a house. Wrong! It might be easy to use, but for this exact reason, it is easy to hack. As it is free, there are many free plug-ins which are usually not up to date, creating weak points. Hackers always tend to exploit vulnerabilities in Plugins, Themes and WP Core. There are many parts where WordPress should be strengthened, now I would like to hig...
Read more
2018: The Year in Review at BitNinja
Boglarka Angalet

2018: The Year in Review at BitNinja

As we look back now, it is amazing to remember all the things we achieved together and all the threats BitNinja saved us from since the start of the year.  Here’s a five minute summary of what we have been up to in 2018.  Hacker-free new year to everyone! See you in 2019! Thank you for an amazing 2018! First of all, we’d like to say thank you for your engagement and support all around the year. You inspire us to achieve the best security solution available, to develop our community and to deepen our knowledge of every aspect of cybersecurity.  Thanks...
Read more
WordPress User Enumeration Attack in Focus
Valentin Balint

WordPress User Enumeration Attack in Focus

If you’re a WordPress user, then this following article is a must for you. However, if you are interested in website vulnerabilities and how they can be attacked, and you wish to upgrade your knowledge about them, you’ve also come to the perfect place as well. In this article, we’ll be talking about the user enumeration attack method, and how you can protect against it if you’re a WordPress user. Attack type A hacker can use user enumeration to get access to a specific application or website by getting the credentials—in the first instance, the usernames—through an attack. If the attacke...
Read more
Became More Secure Than Other Hosting Companies: Case Study with FastComet
Eniko Toth

Became More Secure Than Other Hosting Companies: Case Study with FastComet

FastComet is one of the trendiest web hosting companies these days. They have more than 45,000 customers from 83 countries, over nine years of experience in system administration, and they’ve been providing public cloud hosting services since 2013. FastComet has a very high rating on HostAdvice, thanks to their high reliability, excellent 24/7 support, affordable pricing, easy usability, and fantastic features. FastComet joined our Ninja Community in 2017 and we are delighted that since then they’ve become one of our biggest partners. Now, it’s time to share the story about how BitNinja bro...
Read more
New BitNinja WAF Rules to Protect Against RCE Attacks
Eniko Toth

New BitNinja WAF Rules to Protect Against RCE Attacks

Your server’s safety is the number one priority for us, that’s why we have created two new BitNinja WAF rules which are already part of the safe minimum ruleset. They grant protection against the following vulnerabilities: Magento Remote Execution Protection Those who are using Magento and didn't apply the patch are vulnerable to RCE (remote code execution) attacks. By targeting the “Cms_Wysiwyg” controller, the attacker can take over the site and gain information such as customers’ credit card details. BitNinja will block requests sent to this controller which contain exact para...
Read more
New SenseLog rules against WordPress and Joomla vulnerabilities
Eniko Toth

New SenseLog rules against WordPress and Joomla vulnerabilities

A few days ago, we released a new agent version (1.23.3), which contains very important developments: We added two new SenseLog rules. The first one detects arbitrary file uploader bots, and the second one is for Joomla Spam regers. SenseLog is prepared for future remote config update. Instant blacklist action added to WAF Manager. It can be enabled for rules in the config.ini. Virtual WAF honeypotify command added to CLI. It could be useful for blocking web shell access. We'd like to talk a bit more about the first point; the new SenseLog rules. SenseLog rule agai...
Read more
Road to success with Sweden's fastest growing Hosting Company
Eniko Toth

Road to success with Sweden's fastest growing Hosting Company

Are you curious how can a web hosting company speed up their business’ growth? The answer is really simple: they have time to work on different projects and develop new features. Besides that, they can guarantee a reliable service to their customers. But where is BitNinja in this story? We tell you! Miss Group is Sweden's fastest growing hosting company and they had the same problems as many other companies. After the many cyber attacks, the WordPress sites became compromised, customers began to complain, the load of the support team has increased, and the technical team spent lots of ti...
Read more