Shared hosting provider with 7,000 customers had 0 infections over the past  7 days
George Egri

Shared hosting provider with 7,000 customers had 0 infections over the past 7 days

Our Hungarian web hosting partner, had ZERO website infections – since enabling BitNinja’s new WAF 2.0 module. We caught up with the lead sysadmin to talk to him about his experience with BitNinja.

What has been your experience with BitNinja overall?

“Before we began using  BitNinja, we had to fight daily battles with hackers. Infected Wordpress, Joomla, Drupal and other accounts were the most commonly affected platforms. Because of the continuous battle with infections and DoS attacks, we hardly had any time left for servers and for development. Since we started using BitNinja, the overall number of these incidents has dropped substantially. We’ve had no further DoS attacks and only a couple infected websites – per week. Cleaning the infections was super easy as the Malware Detection Daily Reports – gave us all the necessary details  to work with.”

What is your experience with the WAF 2.0 module in particular?

“We were alpha testing the new BitNinja WAF 2.0 module and found it to be a very great experience. At the beginning, there were some performance issues, but the dev guys at BitNinja have since, fixed them. The number of infections was reduced, and even with 1-2 backdoor uploads per week, we had no major infections. Finally, we had a tool to fight with. Our sysadmins then tweaked the rules and set up a stricter ruleset for the accounts in danger.”

How did you manage to have zero infections?

“Thanks to the rule tweaks, and a couple of new rules auto-deployed by BitNinja, we had zero infections over the past 8 days. No backdoor uploads, no webshells, nothing at all from the hackers. We are very satisfied with these results and hope, we can keep this hacker-free period for a long-long time!”

Maybe hackers stopped attacking, or there was some major law enforcement action taken to lessen the attacks?

“I am absolutely sure that the WAF 2.0 keeps blocking the attacks. In the last 7 days, it blocked more than 3,000 attacks, according to the report. We use WAF 2.0 in active protection mode, so these 3,000 attack attempts are more or less unique attacks, as the IP is greylisted after a WAF incident – so further attempts will not count as  WAF incidents.”

Were there any user complaints?

“There were a couple of requests from users connected to the WAF – however, it was easy to set up a domain pattern and disable problematic rules in these situations. We have also trained our support staff on how to configure the WAF so they can do it right away – when the request comes in.”

Which rules were the most beneficial?

“We use the BitNinja Safe Minimum rule template as the default domain pattern (*/*) and use both the medium and strict templates for a couple of domains. Looking at the results "PHP variables", "PHP Object Injections" and „PHP Functions: High-Risk PHP Function Names” has a very high catch rate with extremely low false positives.”

Try the new WAF 2.0 too, and achieve these amazing results yourself!

It's a real hacker-killer in terms of Wordpress -, Drupal -, Joomla hacks, data theft, file injections and many more –not to mention its fine-tuning options where you have the opportunity to configure the protection to your needs - with no false positives.

Share your ideas with us about this article

Previous posts

MongoDB vs. Elasticsearch
What is MongoDB? MongoDB is an open-source NoSQL database that uses a document-oriented data model. This type of model is built on an architecture of collections and documents instead of using tables and rows like MySQL. Documents are built from key-value pairs which are the basic units of MongoDB. These documents may also be part of different collections - like tables - in a relational the database. Being a NoSQL database MongoDB uses dynamic schemas for documents and as a result, they may be structurally different. This database also uses BSON (Binary JSON) – which is...
Brand-new BitNinja WAF 2.0 is out now – open beta
Wooow! Are you ready for something new? Well, we have it!  The long-awaited BitNinja WAF 2.0 beta is now here! Currently, this beta is available for everyone who has Pro or Trial license. But wait! Before you go running to our Dashboard, to switch it on … please take a few minutes to read this article, as it contains lots of super valuable information – that will help familiarize you with this brand-new feature. Why WAF 2.0 is better than any other WAF solutions? •We grant a pre-defined, default ruleset for all the websites hosted on your server to guarantee low false po...