WordPress hosting and the BitNinja WAF - How to do it right? (Part 1: The basics)
Nikolett Hegedüs

WordPress hosting and the BitNinja WAF - How to do it right? (Part 1: The basics)

We know that our customers care a lot about their own customers, too. Just like we care about you, and about making the internet a safer place. So, with the following series of articles titled “Wordpress hosting and the BitNinja WAF - how to do it right?”, I’d like to help those who work in Wordpress hosting, and would like to use the BitNinja WAF to protect their servers. The BitNinja WAF is a really great tool for security - when used properly. And to use it, you’ll need to understand the terminology that we’re using. So let’s start with the basics, shall we? :) What are rule...
Read more
HTTP/2 support with BitNinja WAF 2.0
Zoltan Toma

HTTP/2 support with BitNinja WAF 2.0

HTTP/2 support with BitNinja WAF 2.0 The version of bitninja-ssl-termination 1.1.0, which is practically a HAProxy (1.8.9), can handle HTTP2 connections. It will be installed automatically by BitNinja (v 1.20.10) and it will reconfigure the configs for HTTP/2. It only affects the HTTPS connections. HTTP2 over TLS (h2) is supported by all of the modern browsers. Why HTTP/2?  HTTP/2 compared to HTTP/1.1 is far more powerful, it can broadcast requests and answers in parallel, so the browser needs to open only 1 connection to the server instead of 6-8. This connection is far more...
Read more
Riskware – a thin line between benign and malicious programs
Eniko Toth

Riskware – a thin line between benign and malicious programs

Riskware – a thin line between benign and malicious programs Programming is something that can be used for good and also for bad reasons. We can write software with the sole purpose of causing harm, or we can be developers whose aim is to make things better and easier. Nowadays we can hear a lot about the first ones, the malware, but what about riskware? What is riskware at all? There are some legitimate computer programs which can act as malware and cause damage if they are used by bad guys. It’s like a gun. It matters who holds it and why. A gun is very dangerous in a killer’s hand,...
Read more
What is going on  in the background of the cyberworld
Laszlo Takacs

What is going on in the background of the cyberworld

There are things we are not really waiting for, in fact we are looking for a way to bypass or avoid them. Unfortunately, some of them are inevitable just like the Cyber Worldwar, which in fact has already begun. Mentionable acts from history There was a historical milestone on May 12th, 2017 when within only one day one country has invaded 150 other countries. Now you would start to think: why can't I remember anything like this? Well, the answer is simple, it was the "in"famous WannaCry ransomware, it has invaded more than 200 thousand computers. By assumptions, it originated from North...
Read more
Drupalgeddon 3 in retrospect
Nikolett Hegedüs

Drupalgeddon 3 in retrospect

As you know, recently we’ve released multiple security patches for the Drupalgeddon vulnerabilities. The last one was Drupal Remote Code Execution - SA-CORE-2018-004, CVE-2018-7602, patched only 2 days after it was first discovered. We’re very proud of our quick reaction time and would like to share some statistics with you about the attacks that were prevented since then - with the help of BitNinja. The data from the first incident that we’ve caught looks like this (the URL is masked for privacy purposes): Url: [###.hu//] Headers: [array ( 'User-Agent' => 'Mozilla/5.0 (X...
Read more
Kevin Mitnick the most famous hacker
Laszlo Takacs

Kevin Mitnick the most famous hacker

Laszlo Takacs
Where it all began Kevin David Mitnick is one of the most famous hackers. At age 13 Mitnick used dumpster dicing and social engineering to bypass the bus ticketing system in Los Angeles, this way he was able to ride the LA area using unused transfer slips. First big step His first unauthorized access to a network was in 79’ , when he was only 16 years old. He broke into DEC’s ( Digital Equipment Corporation ) computer network and simply copied their software, later he was charged for this action in 1988,  got sentenced for 12 months in prison. The prison h...
Read more
GDPR and BitNinja - Important updates
Eniko Toth

GDPR and BitNinja - Important updates

Eniko Toth
By now, you are likely aware that on May 25, 2018, a new data privacy law introduced in Europe called the General Data Protection Regulation (GDPR) will go into effect. GDPR govern how businesses collect, use and share personal data and it allows individuals to exercise their legal rights. Of course, we have taken the necessary steps to ensure that we are compliant with the GDPR. We updated our Privacy Policy and General Contract Terms and Conditions. Also, we created this separate section about the topic in order to keep you updated. The Data Processing Addendum ...
Read more
GPON routers – new elements of your botnet attacks?
Laszlo Takacs

GPON routers – new elements of your botnet attacks?

People can never rest. We thought that after the last serious Drupal vulnerablity finally we can rest, but a new threat came up which is including GPON routers made by Dasan. GPON is a type of Passive Optical Network (PON) used to provide fiber connections. It is being used to provide short haul fiber connections for cellulas base stations, home access points, DAS. Primary regions with GPON devices include Vietnam, Mexico, Kazakhstan. Top countries Number of Devices Mexico 492,080 Kazak...
Read more
3rd Drupalgeddon alert! How to be protected with BitNinja?
Eniko Toth

3rd Drupalgeddon alert! How to be protected with BitNinja?

Third critical Drupal vulnerability discovered!!! Those who are running a Drupal website couldn’t have a rest over the past few weeks. This is the third time when Drupal recommends to update these sites. During exploring the previous remote code execution (RCE) vulnerability, the CVE-2018-7600, the team discovered a new RCE vulnerability (CVE-2018-7602). If  you or your customers have Drupal websites and would like to avoid  backdoors, cryptocurrency miners and other malwares, BitNinja is here to  help you! Just make sure your WAF rule #402003 is enabl...
Read more
Security by design
Laszlo Takacs

Security by design

Our team has attended the CloudFest back in March where during the security panel we have attended a presentation about the importance of security by design an important thing in terms of responsibility and suggested OWASP as a standard to start with. In this blog post we would like to show, why it is important for developers too, not just for security providers. The best way to define it is an approach to software and hardware development where the main goal is to make a system as free of vulnerabilities and imprevious to attack as possible. To achieve this there is a need for a huge amoun...
Read more