WordPress hosting and the BitNinja WAF: How to do it right? - (Part 2)
Nikolett Hegedüs

WordPress hosting and the BitNinja WAF: How to do it right? - (Part 2)

Last time we finished off with the advice that if you’re hosting mainly WordPress websites, you should only enable the BitNinja Safe Minimum ruleset for the “/” location or any other domain pattern that contains “/wp-admin”. So let’s talk a bit more about domain patterns With the BitNinja WAF, we’d like to give you the opportunity to customize your firewall rules with domain patterns (we also call them location patterns, because they are, in fact, nginx location patterns or directives). It’s similar to virtual hosts defined on a web server. Let’s say that you have multiple domains on...
Read more
Drupalgeddon 3 in retrospect
Nikolett Hegedüs

Drupalgeddon 3 in retrospect

As you know, recently we’ve released multiple security patches for the Drupalgeddon vulnerabilities. The last one was Drupal Remote Code Execution - SA-CORE-2018-004, CVE-2018-7602, patched only 2 days after it was first discovered. We’re very proud of our quick reaction time and would like to share some statistics with you about the attacks that were prevented since then - with the help of BitNinja. The data from the first incident that we’ve caught looks like this (the URL is masked for privacy purposes): Url: [###.hu//] Headers: [array ( 'User-Agent' => 'Mozilla/5.0 (X...
Read more
BitNinja Daily Routine - How to eliminate hackers on your servers completely?
George Egri

BitNinja Daily Routine - How to eliminate hackers on your servers completely?

We have collected the best practices of the most successful BitNinja customers. Would you like to completely eliminate hackers on your servers? Follow this guideline to achieve the most with BitNinja and stop all hackers. The initial steps When you first install BitNinja on your server, the best you can do is to enable all modules. All the beta modules are used in many production servers, it is safe in most of the cases to simply enable them all. If you have considerations about enabling all the modules, then here is a list of minimal modules to enable: IP reputation DoS detectio...
Read more
MongoDB vs. Elasticsearch
Jozsef Konnyu

MongoDB vs. Elasticsearch

What is MongoDB? MongoDB is an open-source NoSQL database that uses a document-oriented data model. This type of model is built on an architecture of collections and documents instead of using tables and rows like MySQL. Documents are built from key-value pairs which are the basic units of MongoDB. These documents may also be part of different collections - like tables - in a relational the database. Being a NoSQL database MongoDB uses dynamic schemas for documents and as a result, they may be structurally different. This database also uses BSON (Binary JSON) – which is...
Read more
Suspect BitNinja behind increased server load?
Anita Batari

Suspect BitNinja behind increased server load?

As you know, providing all-in-one server security, BitNinja protects 3000+ Linux web servers worldwide, capturing 100 million incidents a month and keeping 1.7 million suspicious IP addresses in its blocklists to protect you and your customers. Mixing that up with custom infrastructures, configurations, and software in each leads to high load problems sometimes. Despite the best intentions - we always endeavor for the best solutions and we test our novelties constantly before and after each and every release -, these things happen. Most of them are temporary and everything falls back to nor...
Read more
Fun way to read a book
Anita Batari

Fun way to read a book

What do you think about SPAMs? Most of us think they are useless and heavily annoying, but not for everybody. There are some geeks, who totally understand the background and find it rubbish, but sometimes they read them to “entertain themselves” and learn more about the recent patterns hacker tactics. Have you ever found a hidden gem among spams, worth showing to your friend? ‘Cus we have! We captured a spam attack causing some funny moments and now we’ll show it. Contact form spams - nightmare for a sysadmin Yesterday, while one of our talented administrators anal...
Read more
Which are the most scanned ports?
Eniko Toth

Which are the most scanned ports?

What is a port? Ever since computers are able to run more programs at the same time and can connect to modern networks, ports became important. 3 things are needed for the communication between two machines: IP address of the host Port number Type of protocol (e.g. TCP, UDP) A port number is a 16-bit number between 0 and 65535. There are some specific ports which identify some exact services, e.g. port 80 is used for HTTP communication. Types of ports: Well Known Ports: 0 - 1023 Registered Ports: 1024 - 49151 Dynamic/Private : 49152 - 65535 W...
Read more
Cyberstorm from Argentina
Anita Batari

Cyberstorm from Argentina

Two days ago storm clouds of cyberwar has reached our server from Argentina. In this article, we will share you some details about the attack. 22nd November started as a usual day. Until the afternoon nothing strange happened, then at about 5 o’clock a heavier request flood reached our servers, which has been increased until 7 o’clock, and stayed really high. As you can see on the chart below, the average request number has been doubled compared to numbers from a few hours before and even tripled compared to the result from a day ago. The numbers are decreasing, because lots of the IPs r...
Read more
ServerPilot compatibility test
Zoltan Toma

ServerPilot compatibility test

Lots of our users are interested in using BitNinja with ServerPilot and our team was also very curious how much compatible they are. Therefore, I have tested it and today I show you the results. :) Test details Tested operating systems: Ubuntu LTS 14.04, Ubuntu LTS 16.04 The goal of this test is to check if BitNinja modules are compatible with ServerPilot and it's configurations. I used ServerPilot’s manual installer on two Ubuntu Vagrant boxes and two SoftLayer hosted Ubuntu servers. ServerPilot should be installed on a fresh installed/created server, meaning no Apache,...
Read more
Old botnets aren’t harmless - the presence of Cutwail botnet nowadays
Anita Batari

Old botnets aren’t harmless - the presence of Cutwail botnet nowadays

Server operator faces many different types of attacks every day. Brute force, spam, CMS hacks and SQL injections are the most common - and the majority of them are automated botnet attacks. I think none of us can estimate how many servers and PCs are being unprotected against even the most simple botnets. But it’s not necessary to be a victim of an easily defendable attack. But even being careful, one thing you can fail about server security is underestimating the risk of old vulnerabilities and botnets. Thinking they’re doing no harm anymore, since they have been exposed and tracked d...
Read more