Release Note - New Way of Malware Detection
Akos Molnar

Release Note - New Way of Malware Detection

It’s been a while since we wrote a release note so there are plenty of new upgrades, features and fixes to tell you about. Our tech ninjas worked harder than ever. We invented a brand new way of malware detection and raised the SenseLog performance hugely. 

In the past months we also:

  • created a new licensing system,

  • made a new Captcha design,

  • added a service detector,

  • upgraded the HaProxy,

and of course we fixed bugs and added plenty of other features which made the UI/UX much better.

Let’s see the details of what happened in the past 6 months!

New way of malware detection: Source Code Structure Analysis

The problem with PHP malware detection is that hackers can easily bypass current detection techniques. MD5 and other hash based methods are useless if the hacker changes the source of the malware, even just with one byte. Pattern matching is known from high false-positive rates

That’s why we decided to build up a completely new detection technique which is much better at dealing with code alternation (or even code obfuscation) and has a very low false-positive rate. 

The result is a brand new, patent pending detection technique that we call Source Code Structure Analysis.

How does Source Code Structure Analysis work? It creates a special structure based signature from the source code and then does the matching on the structure. This way no matter how the source is altered, the structure will be the same. It is very similar to how anti-plague systems work, but optimized for speed and for the malware domain. 

As we mentioned in our latest newsletter, now you are able to add a malware signature to the system. The malware signature will be broadcasted not just to yours, but to all of the BitNinja servers around the world. We experienced that the same crowdsourcing method made our IP reputation system unique and efficient so we implemented it to our malware detection system too.

SenseLog performance

From now on the SenseLog uses php-inotify to detect log file changes and it caused a huge performance increase. Reading 5000 logs used 45-50% of the CPU, but we successfully reduced it to 0-1%! SenseLog processing is more than 4 times faster than before. It was reading 7000 lines per minute and we raised it to 32000!

New Captcha design

We are not just developing the “unseen” things in the background. It is also important to have an up to date design so we gave a new look to our Captcha page. It contains less text, the box is rounded which gives a clear-out appearence and not just the exterior looks different, we also optimised the code in the background. Don't forget that you can make your own Captcha configuration easily. Here you can find how to do it!


New licensing system

In the old times every subscriber had only one key so it occurred a lot of times that two servers had the same license key, but in the new licensing system every server gets a different license.

There are three different key types in BitNinja. With the provisioning key you are able to install BitNinja to an unlimited number of servers. With the license key there is a limit, depending on your subscription. The 3rd type is the VPS license key. You get a certain number (depending on your VPS package) of VPS license keys which you can use or can give to your VPS users.

You can find your License Manager on the BitNinja dashboard. Here you can check your VPS and Server Protection license keys too.

Control panel/service detector

In our service detector we added a new string to the Os Info section which shows us what kind of control panel you use. It is really good news for the cPanel users because from now on the Captcha page works without any problem on the control panel login pages as well.

HAProxy upgrade

The TLS 1.1 support expired in April. Most of the browsers (Firefox, Chrome, Omega and Safari as well) will not make connections through the 1.1 version anymore because this https implementation is not proved safe enough, so we upgraded it to TLS 1.3.

Trusted proxy

We also added the following CDNs to the list of preconfigured trusted proxies:

  • StackPath CDN

  • Fastly Edge CDN

  • MetaCDN

  • QUIC.cloud - The First and Only Complete WordPress Caching CDN

  • KeyCDN

  • wao.io CDN

  • and BunnyCDN.

You don’t have to do anything specific, the agent will be upgraded after restart. If you have any specific recommendation to add to the trusted proxies please don’t hesitate to share it with us.

“A” grade https certification

We are always striving to make the internet a safer place. We proudly announce that in this year we took a step forward and fortunately we are not the only one who thinks that. After all of these changes we reached a milestone. All of the (more than 10 million!) websites defended by BitNinja will get an “A” grade https certification if they require it!


If you would like to see every change made in the BitNinja Agent or in the REST API, you can find them here.

Future developments at BitNinja

We always improve the user experience. Now we are working on a new admin look and we will add a malware handler to the dashboard where you can manage your signatures. 

Don’t forget that we are always happy to help you, so feel free to contact us at info@bitninja.io or on the Dashboard chat if you have any questions or need assistance.

Stay safe and happy hacker-hunting!

Share your ideas with us about this article

Previous posts

#CloudFest2020 cancelled – NinjaFest Day is here
We know that many of you were excitedly waiting for CloudFest2020. This conference is always the best event throughout the year to bring the amazing cloud community together. It was sad news that CloudFest was cancelled due to the Coronavirus threat, however, it was the right decision from the organizers. However, as thousands of people were preparing for this week-long event, we thought that you shouldn’t miss everything. We decided to bring a little piece of CloudFest to you online. We organize an online „NinjaFest” day on 18 March 2020, where you’ll have the opportunity to: Atte...
Meet with the BitNinja Team at CloudFest 2020
28 Febr, 2020 16:44 PM UPDATE: We know that it was a hard decision for the organizers, and we feel really sorry that we can't meet with the wonderful cloud community in the Europa Park this year. However, it was the right decision because security always comes first. We, however, have a plan B. ;) As you could read in this article below we would have held 2 presentations at the CloudFest. But you won't have to miss them due to the event cancellation! Instead of CloudFest 2020, we'll organize webinars for the topics: Detecting Obfuscated Malware by George Egri...