6+1 benefits of visiting tech conferences
Nikolett Hegedüs

6+1 benefits of visiting tech conferences

Nikolett Hegedüs
Our team at BitNinja tries to make a habit of visiting the great community conference called DevConf every year. It is an event hosted by Red Hat in the beautiful city of Brno in the Czech Republic. The presentations and talks take place at the Brno University of Technology (those buildings that are a unique combination of tradition and modern architecture, in my humble opinion). This year I had the opportunity to dedicate almost a whole day listening to presentations and participating in discussions about testing. The first talk I attended in thi...
Read more
Web Application Firewalls: Choosing the Right WAF for Server Security
Anita Batari

Web Application Firewalls: Choosing the Right WAF for Server Security

Web applications pose a significant security risk to servers, and having a web application firewall (WAF) in place is vital to keeping your servers and your business running smoothly. The average web server faces thousands of attacks on a daily basis. There are a number of web application firewalls available to protect your server, and having the right security in place can mean the difference between just another “day at the office” and a dozen “sleepless nights” trying to maintain your servers’ uptime. Let’s take a look at why having a WAF is so important, how it works, and the op...
Read more
Shared hosting provider with 7,000 customers had 0 infections over the past  7 days
George Egri

Shared hosting provider with 7,000 customers had 0 infections over the past 7 days

Our Hungarian web hosting partner, web-server.hu had ZERO website infections – since enabling BitNinja’s new WAF 2.0 module. We caught up with the lead sysadmin to talk to him about his experience with BitNinja. What has been your experience with BitNinja overall? “Before we began using  BitNinja, we had to fight daily battles with hackers. Infected Wordpress, Joomla, Drupal and other accounts were the most commonly affected platforms. Because of the continuous battle with infections and DoS attacks, we hardly had any time left for servers and for development. Since we started using...
Read more
MongoDB vs. Elasticsearch
Jozsef Konnyu

MongoDB vs. Elasticsearch

What is MongoDB? MongoDB is an open-source NoSQL database that uses a document-oriented data model. This type of model is built on an architecture of collections and documents instead of using tables and rows like MySQL. Documents are built from key-value pairs which are the basic units of MongoDB. These documents may also be part of different collections - like tables - in a relational the database. Being a NoSQL database MongoDB uses dynamic schemas for documents and as a result, they may be structurally different. This database also uses BSON (Binary JSON) – which is...
Read more
Brand-new BitNinja WAF 2.0 is out now – open beta
Eniko Toth

Brand-new BitNinja WAF 2.0 is out now – open beta

Wooow! Are you ready for something new? Well, we have it!  The long-awaited BitNinja WAF 2.0 beta is now here! Currently, this beta is available for everyone who has Pro or Trial license. But wait! Before you go running to our Dashboard, to switch it on … please take a few minutes to read this article, as it contains lots of super valuable information – that will help familiarize you with this brand-new feature. Why WAF 2.0 is better than any other WAF solutions? •We grant a pre-defined, default ruleset for all the websites hosted on your server to guarantee low false po...
Read more
Suspect BitNinja behind increased server load?
Anita Batari

Suspect BitNinja behind increased server load?

As you know, providing all-in-one server security, BitNinja protects 3000+ Linux web servers worldwide, capturing 100 million incidents a month and keeping 1.7 million suspicious IP addresses in its blocklists to protect you and your customers. Mixing that up with custom infrastructures, configurations, and software in each leads to high load problems sometimes. Despite the best intentions - we always endeavor for the best solutions and we test our novelties constantly before and after each and every release -, these things happen. Most of them are temporary and everything falls back to nor...
Read more
Test your security knowledge
Anita Batari

Test your security knowledge

Anita Batari
Start the New Year with this security quiz to test your knowledge and get a chance to receive the latest edition of ‘The Art of Server Protection’ e-book, or -- win our BitNinja Server Security for 1 month, absolutely free.  What a great way to start the New Year! Our ninjas created a short quiz to test your knowledge; it contains 9 questions which are - more or less - related to security. At the end, don’t forget to enter your email address, because, without that, we’re unable to send you your prize. Every participant who scores 9/9 on the quiz will receive our CEO’s book, ‘The Art...
Read more
Describe your infrastructure as code
József Pálfi

Describe your infrastructure as code

József Pálfi
As we promised before, our article series inspired by V-day is continuing. Those who are provisioning servers day by day, certainly have some doubts about their process: being time-consuming, non-repeatable, hard to test or simply just something is going wrong in the existing infrastructure during the provisioning. There are opportunities to test failover or rollback processes, but… Through the years, a lot of providers have elaborated their own processes and solutions in order to accelerate deployment cycles. So-called provisioning scripts are everywhere, and helped with the well-k...
Read more
Fun way to read a book
Anita Batari

Fun way to read a book

What do you think about SPAMs? Most of us think they are useless and heavily annoying, but not for everybody. There are some geeks, who totally understand the background and find it rubbish, but sometimes they read them to “entertain themselves” and learn more about the recent patterns hacker tactics. Have you ever found a hidden gem among spams, worth showing to your friend? ‘Cus we have! We captured a spam attack causing some funny moments and now we’ll show it. Contact form spams - nightmare for a sysadmin Yesterday, while one of our talented administrators anal...
Read more
Bugs discovered in ModSecurity and MongoDB PHP extension
Eniko Toth

Bugs discovered in ModSecurity and MongoDB PHP extension

Eniko Toth
Bugs are always hunting us.  Recently we found some bugs during our work, but keep calm, they're not in the BitNinja agent. ;) Let’s see what we explored: ModSecurity bug: empty comment line In our WAF2.0 (beta will come soon) we implemented ModSecurity as well as the OWASP’s core ruleset. Recently, our developers found a strange bug in them. The crs’ 913100 rule has always caught the Chinese search engine, because of suspicious user agent:spider/4.0(+ http://www.sogou.com/docs/help/webmasters.htm#07); After checking the code , we didn’t understand why it has been trigger...
Read more