Malware Detection and Removal

Related Vulnerabilities

Unvalidated file uploads, script injection, remote code injection, and CMS (Wordpress, Joomla, Drupal, etc) vulnerabilities

Our Solution

• After malware removal, BitNinja replaces the file with a honeypot to entrap the Command & Control (C&C) server.
• If you don’t prefer automatic inspection, you can easily disable it and run scans manually whenever you like.
• We push new malware definition files automatically so BitNinja is always up-to-date, and your server is always protected against the latest threats.

Web Application Firewall (WAF)

Related Vulnerabilities

Application layer attacks, such as directory traversal, SQL Injection, XSS, remote file inclusion, code injection, on-site and cross-site request forgery, buffer overflow, unvalidated file upload, and CMS (Wordpress, Joomla, Drupal, etc) vulnerabilities

Our Solution

Our Web Application Firewall (WAF) constantly scans and analyzes the incoming traffic flow to your server, looking for malicious content based on different factors. Used in conjunction with Log Analysis, WAF guarantees an extremely low false positive rate while stopping attacks against the applications running on your server:

• BitNinja provides automatic updates and firewall rules. We constantly patch new vulnerabilities for you.
• For custom needs, you can easily set up a list of whitelisted domains or URLs.
• In case of a suspicious web application you can switch the WAF into strict mode with tighter rules to avoid any further infection.
• BitNinja’s Web Application Firewall is a zero configuration service, so you don’t need to waste time setting up your WAF and configuring rules.
• Thanks to our special on-host redirecting technology, WAF is compatible with all major web servers – Apache, NginX, Lite HTTP, TomCat, GlassFish, NodeJS and more.
• Our WAF is compatible with your existing mod_security WAF, so you can continue to use your current rules.
  
  

Log Analysis

Related Vulnerability

Application layer attacks, like directory traversal, SQL Injection, XSS, remote file inclusion, code injection, on-site and cross-site request forgery, and CMS (Wordpress, Joomla, Drupal, etc) vulnerabilities

Our Solution

BitNinja constantly monitors your server logs including Apache, NginX, Auth log, MySQL, Exim, Cpanel and others. As soon as it detects any suspicious behavior, it blocks further malicious actions.

• BitNinja is designed for ease of use, you don’t have to worry about specifying the path of your logs, our zero-configuration setup finds them automatically.
• Log Analysis goes a step further and checks events logged prior to the installation of BitNinja, in order to identify previous attack attempts and at the same time, to greylist hackers.
• We automatically update the rules for detecting malicious behavior from server logs – BitNinja does the lion’s share of the work instead of you.

CAPTCHA

Related Vulnerability

Automated botnet attacks

Our Solution

CAPTCHA is the abbreviation for Completely Automated Public Turing Test to Tell Computers and Humans Apart. BitNinja uses CAPTCHA to distinguish between human and bot-generated traffic, streamlining the handling of false positives. As a result:

• Botnets are immediately blocked
• You are relieved from the everyday burden of managing false positives
• The number of complaints from legitimate human visitors to your site are reduced

BitNinja provides validation on different protocols, such as HTTP, HTTPS and SMTP. In the case of HTTP or HTTPS, web visitors are redirected to a CAPTCHA page. For SMTP, an email is sent with a confirmation link. Human visitors can remove themselves from the greylist with ease, while bots will remain blocked.

Collective Intelligence

Related Vulnerabilities

Recurring automatic exploits and zero-day attacks

Our Solution

Servers protected by BitNinja collect and share attack information with each other. Together, they form a global defense network, which becomes more intelligent and more powerful with every single attack.

This means when any BitNinja protected server detects an attack, your server is immediately vaccinated against the malicious IP at the source of the attack.

With our all-in-one security suite and global defense network, BitNinja also discovers and eliminates zero-day attacks and automated exploits – before they occur.

Collective Intelligence creates a set of manageable IP lists. These sets grant security on three different levels:

• Black/Whitelist management
  You can use BitNinja to maintain user-defined blacklists and whitelists on your servers via CLI or our user-friendly Dashboard.
• Basic IP reputation
  Essential list-based protection against only the most vicious IPs. These IPs are used by the most aggressive hackers all around the world. When an IP generates more than 5000 malicious requests, BitNinja places it on this list.
• Advanced IP reputation
  Our proprietary greylist is the most important asset in the BitNinja global defense shield. This list contains suspicious IPs that clients handle with special care. Advanced IP reputation gives you unparalleled protection, securing your server against more than 6 million attacker IPs.

In addition to our user-based blacklist, BitNinja maintains a global blacklist which is shared among all BitNinja protected servers. Servers protected by BitNinja drop packets from IPs on this list. To make sure these IPs are blocked for a legitimate reason, we constantly evaluate the list by moving blacklisted IPs to our greylist at predefined intervals to detect whether the traffic from the IP source is still malicious.

DoS Detection

Related Vulnerability

Denial of Service via TCP based protocols – HTTP, SMTP, FTP etc.

Our Solution

BitNinja constantly monitors the number of simultaneous incoming and outgoing connections and blocks DoS (Denial of Service) attacks with our unique approach:

• Unlike other solutions, we don’t permanently block the source but drop the connections and greylist the attacker IP. This way, we reduce the number of false positives and complaints from clients behind proxy networks and NAT routers.
• We have a proven automated process to revise our greylists, so you don’t have to waste time managing false positives.
• You can create different thresholds for different protocols, and then fine-tune them to your needs. For example, you can set a maximum of 80 connections for HTTP and 150 connections for IMAP.
• BitNinja also helps prevent outgoing DoS attacks, so your provider won’t overcharge or block you.
• There’s no need to change any of your existing server applications to to use our all-in-one security suite. Apache, NginX, Lite HTTP, TomCat, GlassFish, ProFTP, PureFTP, VSFTP, Courier Mail, and many more are all compatible.

DDoS Mitigation

Related Vulnerability

TCP/UDP-based Distributed Denial of Service attack

Our Solution

All servers running BitNinja create a global defense network, sharing information about malicious IPs. With data on over 15 million IPs worldwide, plus honeypots to capture and analyze the latest threats, your server is protected against DDoS botnet attacks – before they happen.

Antiflood

Related Vulnerability

Application-level DoS attack directed at the BitNinja application

Our Solution

A chain is only as strong as its weakest link. Antiflood ensures that hackers cannot mount an attack against the BitNinja application and destroy your defense shield in the process. Antiflood works by aggregating information from the entire BitNinja security suite to prevent any individual module from overloading.