New security feature against phishing sites
Boglarka Angalet

New security feature against phishing sites

Cybercriminals can easily attempt to break into shared hosting environments to use their resources for different types of attacks. Phishing is one of the most irritating forms, where the provider, the website owner and all of their visitors are affected.

These attacks also highlight the responsibility of hosting providers, and that’s why we have just launched BitNinja’s new anti-phishing feature, to give a new weapon in your hands for fighting the hackers.

Why phishing?

Phishing is quite an old-school hacker technique, which seems to never go out of fashion. Since the technique simply aims to trick someone into clicking a malicious link is the easiest way to fetch sensitive information and steal payment credentials. All it takes is putting some effort into the design – by using a legitimate organization’s logos and contents into an email or on a website.

Thousands of websites visitors click on phishing domains every day, but not only users are targeted – the first step is getting into the web hosting companies’ server.

Despite the careful actions, educational contents and defensive lines in place, we’ve started to get more and more e-mail from our customers, asking for help in finding phishing contents more effectively.

So, how can infections get through?

There are two ways which seem to be the problem in every case: they get in due to a lack of proper configuration, or they might have been hiding on your server for a really long time, which BitNinja couldn’t spot without you running a manual malware scan.

We know exactly that users complaining about Google flagging their websites are a huge pain point. That’s why we have introduced this new feature on the Dashboard, so you’ll get feedback about any hiding infection and extra guidance for the proper configuration.

Of course, security awareness training and educational contents might also have an impact on preventing these attacks, but let’s face it: we cannot expect every user to update their CMS, keep rotating passwords and upgrade their plugins. That’s why we are here to help through BitNinja.

Anti-phishing from BitNinja

From now on, you’ll be able to recognize and clean your server from any phishing content before your customers would even notice that something is wrong. So your reputation won’t get hurt because of phishing anymore.


How do we do it?

BitNinja checks twice a day if there's any flagged website on your servers based on the information on Phishtank's trusted database. This information will help you to keep your servers clean and optimize your BitNinja configurations.

Moreover, you’ll not only see active phishing content listed here, but you’ll also receive feedback if clean up succeeded and the URL was delisted from Phishtank’s database.

What to do with this info?

It is always an option to check the flagged locations and cleaning up the infected files manually. However, as infections can still get through your shield due to the lack of proper configuration, we suggest these steps to automate protection if you see any website here:

1) Create a custom WAF pattern for the location with Safe Minimum Ruleset, and activate the Lock down feature if needed


2) Activate the Malware Detection module for real-time malware protection, if it's not active yet

3) Run a full Malware Scan to find any legacy infection on your servers
 

4) Check the malware correlation info at the folder /var/log/bitninja/correlations/YYYY/MM/DD/hh_mm_uniqid. Soon, this piece of information will be available in the Infected Files menu to see if the Defense Robot found any backdoors that need patching

Thanks for your feedback!

We hope this useful feature will help you to detect malicious content easily and keep your servers cleaner than ever.

As always, every feedback is much appreciated and please ping us a message for further feature requests.

Share your ideas with us about this article

Previous posts

Defense Robot – The breakthrough innovation for the cybersecurity market
Are you tired of the never-ending malware infections? Would you like to get rid of the nightmare of the long hours spent troubleshooting? Do you still seem to get repeatedly infected regardless of how often you make malware removals? It’s enough of the reactive protection! The old way What would usually happen when a server became infected? People had to buy special security tools, which had really high prices to find malware. If it succeeded, the sysadmins had to spend plenty of hours (or in worse cases several days) to remove the malware. The other option was to pay for someone to do t...
BitNinja WAF protects against the latest Drupal vulnerability (CVE-2019-6340)
The social media and the cybersecurity sites were blowing up when Drupal published their latest vulnerability (SA-CORE-2019-003). It’s not a surprise that this remote code execution vulnerability got a highly critical label, as hackers could easily hack your Drupal 8 websites. But BitNinja users shouldn’t have to worry for any minute, as they were protected by our WAF from the very beginning of this RCE flaw. We have already seen some attempts caught by the rule 933170, so hackers didn’t wait a lot to exploit the CVE-2019-6340. How are hackers trying to exploit the latest Drupal vulnerab...