The BitNinja Botnet research project


Here at BitNinja our mission is to make the Internet safer. We build security technologies to help shared web-hosting providers, VPS data centers and website owners secure their assets in an easy-to-use manner.

To maintain high service levels and react fast to new threats, we need to understand better the botnet spreading mechanisms and how widespread some botnets are. To achieve this goal we constantly monitor the public internet with various automated security scanning mechanisms. Our botnet research group focuses mainly on the spread of PHP based botnets. 

The Scanning Process

The research involves making benign connection attempts to every public IP address. By measuring the entire public address space, we are able to analyze global patterns and trends in protocol deployment and security.

We never attempt to exploit security problems, guess passwords, or change device configuration. We only receive data that is publicly visible to anyone who connects to a particular address and port.

The data collected through these connections helps computer scientists study the deployment and configuration of network protocols and security technologies.

Personal Data we collect

    • Domain name
    • IP address
    • Hostname
    • Control Panel types
    • CMS type & version
    • Country

We will not share your personally identifiable information with third parties. Where it is feasible, we anonymize personal data or use non-identifiable statistical data. The infected websites and servers are recorded in our ever-growing database and it is stored in our own server.

We are happy to cooperate with web hosting providers and data centers and inform them about the infections we have found on their servers through our research. We provide these data free of charge and without any obligation.


How can I open the report?

To keep your security data confidential, we always send the data in an encrypted format. The
findings are sent over in an encrypted file. To decrypt the file please specify a second communication channel, so that we can send you the encryption key/password. You can then decrypt the report. For security reasons please never send the report along with the password. Make sure you use a second communication channel.

You can open the report only with the pin we will provide through a communication channel other than the one used for the report itself.


Can I opt-out of these measurements?

This research helps the scientific community accurately study the Internet. The data is sometimes used to detect security problems and to inform operators of vulnerable systems so that they can fixed. If you opt-out of the research, you might not receive these important security notifications.

If you wish to opt-out, you can configure your firewall to drop traffic from the subnet we use for measurements:, (please note that IP addresses can change dynamically, however the reverse is always: * If you have further questions, contact

Getting in Touch

Feel free to contact us at +1 805-628-4196 (USA) or +44 20 3974 2242 (EU) regarding further questions. We also appreciate any community analysis results and hope for your collaboration.