DoS Attacks

Denial-of-Service (DoS) attacks are the easiest to spot. The purpose of this attack type is to stop a service. Unfortunately, one single device is enough for the attacker to make a website completely inaccessible (e.g. – the Slowloris attack).

When a DoS attack happens: the system slows down, the server load goes up, websites don’t load, and the server can even crash completely. Whilst DoS is most visible on HTTP(S), hackers target other protocols as well, including FTP, SSH, IMAP, POP3, and SMTP.

Symptoms

“We usually work with rpm based Linux distributions and we used to face a lot of problems on them. Before using BitNinja we experienced a huge amount of attacks, mostly DDoS. BitNinja is an all-in-one solution, which makes all the previous security software that we were using before redundant. It’s a dream come true for hosting companies that want to protect their servers with only one comprehensive server security tool.” 

Alejandro Escobar

AITIRE

High Server Load

High Memory Usage

Slow or inaccessible services

THE POWER OF THE BITNINJA DOS DETECTION

BitNinja continuously monitors the number of connections on your server. If too many concurrent connections are detected, BitNinja will automatically add the IP address to the blacklist for 60 seconds to make sure that all the connections are blocked from the attacker IP. 

After that, the IP address will be placed in the greylist, so valid users can delist the IP if it is a genuine login. BitNinja DoS Detection also works in conjunction with our AntiFlood module. When there are recurring DoS attempts, the IP will be blacklisted for a longer period of time.

The default threshold (80 active connections at the same time) guarantees a low false positive rate and also effectively blocks DoS attacks. This threshold can be configured on each port, and for inbound and outbound connections as well.

The BitNinja CAPTCHA page is also protected against DoS attacks and requires minimal resources for running the CAPTCHA service.

How is it different against other DOS DETECTION solutions?

CUSTOM TRESHOLDS

By default, IP addresses are blocked above 80 active connections at the same time. This threshold can be configured for each port.

BLOCK OUTBOUND DOS

BitNinja DoS Detection module blocks not only inbound attack attempts, but also outbound DoS.

PROTECTION ON SEVERAL PROTOCOLS

Beyond simply blocking HTTPS attacks, BitNinja blocks FTP, POP3, IMAP and any other TCP-based DoS attack.

LOW FALSE POSITIVE RATE

Our default thresholds and greylist provide the perfect balance between a low false positive rate and maximum protection.

WHY DO OUR USERS LOVE THIS MODULE?

“We usually work with rpm based Linux distributions and we used to face a lot of problems on them. Before using BitNinja we experienced a huge amount of attacks, mostly DDoS. BitNinja is an all-in-one solution, which makes all the previous security software that we were using before redundant. It’s a dream come true for hosting companies that want to protect their servers with only one comprehensive server security tool.” 

Alejandro Escobar

Aitire

“Before we started using BitNinja, we had a lot of DDoS attacks from our competitors’ websites and protecting against them was very hard for us. Now, thanks to BitNinja’s special module, all the botnet requests are being rejected. BitNinja takes away all the problems that we spent 90% of our time on before. In the past, our stability and availability had decreased, but BitNinja affected both of them very positively.”

Daniel Mecsei

Web-Server.hu

“Having continuous high load on multiple servers that cause service interruptions and downtime due to DDoS and Malware are some of the daily challenges. Having sleepless nights, not having enough rest, taking phone calls from irate clients and multiple memos from higher management had me questioning myself, ‘What I am doing, and what I am not doing?’ Trying to find a solution, I signed up for the BitNinja 7-day trial period. From that day until now, me and my team are finally feeling secure and able to focus on other technical tasks. Now, all of our servers are protected by these Ninjas and we are literally enjoying ‘good nights’. :D”

Antonio B. Ibañez, Jr.

ZOOM Hosting

FREQUENTLY ASKED QUESTIONS

Does BitNinja DoS detection block Distributed Denial-of-Service (DDoS) attacks too?

A network-layered DDoS (SYN flood, ICMP flood, UDP flood) is designed to overwhelm the network devices and this attack cannot be blocked on the server-side. However, BitNinja provides indirect protection against DDoS. By constantly updating our global list of malicious IP addresses, most botnets are already blocked by BitNinja. Usually, the same botnet IPs are used to launch DDoS attacks, so our system will automatically block their requests.

How many connections from one IP address will cause it to be blocked?

When an IP address exceeds 80 active connections at the same time, the attacker IP will be automatically blacklisted. After 60 seconds, the IP will be placed in the greylist, so that valid users can delist it. You can configure the threshold for each port, and for inbound and outbound connections too.

On which ports does BitNinja DoS Detection block attacks?

BitNinja blocks DoS attacks on several protocols: HTTP, FTP, POP3, IMAP and any other TCP-based DoS. By default, the following ports are monitored: 80 (HTTP), 25 (SMTP), 53 (DNS), and 22 (SSH). You can also customize the ports in the module’s configuration.

What happens when BitNinja detects a DoS attack?

The attacker IP address is immediately blacklisted for 60 seconds to make sure that all the active connections are blocked. (This timeframe can be configured as needed.) After 60 seconds, the IP is added to our greylist so valid visitors won’t be blocked; and, they can delist the IP with the BitNinja Browser Integrity Check or CAPTCHA

Why is it important to block outgoing DoS attacks too?

When a server is infected, attackers can target other devices with DoS attacks via a backdoor on your server. This consumes your server’s resources and puts your server at risk, so it needs to be stopped.

Can I configure BitNinja DoS Detection module by domains?

This feature is currently not available. However, this is something we will be adding in the future.

BUILD YOUR SECURITY

START THE 7-DAY FREE TRIAL WITH FULL FUNCTIONALITY 
WITHOUT SPENDING A CENT.

(No credit card required)