The first step of each attack is scanning the victim server to collect information about vulnerabilities. Unfortunately, most server owners don’t realize they can block these scans and stop attacks before they happen. Instead, most IT teams spend their time reacting to attacks, after they occur, cleaning infected files.
Scanning isn’t as apparent as a DoS attack or malware infection, so it is often overlooked when it comes to server security. However, all of these can happen to your server, and are the first signs you are under attack:
“We got many attacks and tried many methods to block them, but nothing was enough. The BitNinja approach is the best we could find. The approach is cloud-based, it is a very elegant solution to a global problem. Every protected server is used as a trap by BitNinja, which is an excellent idea.”Simon Hintermann
Hackers can scan your servers
Connections to open ports
THE POWER OF BITNINJA HONEYPOTS
You can stop your server being scanned by malicious IPs and block hackers by creating an automatic decoy. BitNinja Honeypots trap suspicious connections, so cybercriminals won’t be able to access the valid services on your servers, only the fake ones which are setup to trap them.
The BitNinja Web Honeypot can turn the backdoors used by hackers to access your server through PHP web applications into traps that block them from using the resources on your server. When Command&Control (C&C) servers – that direct botnet attacks – try to access the backdoors on your server, BitNinja will identify and block them.
How is Bitninja different than other Honeypot solutions?
WEB AND PORT HONEYPOTS
We provide two kinds of Honeypots: Port Honeypot to block IPs which scan for open ports and Web Honeypot to stop hackers from scanning web application vulnerabilities.
Our Honeypots don’t interfere with any services running on your server. Honeypots are only setup on ports where the real service is not running.
BitNinja Honeypots not only collect information about suspicious IPs, but also automatically blocks them to prevent further attacks.
100 honeypots are setup by default to capture most attacks. BitNinja will also turn backdoors it discovers into honeypots automatically.
WHY DO OUR USERS LOVE THIS MODULE?
“At the relaunch of our hosting, our new big server was attacked and damaged immediately from all over the world. Of course, we had used all available means (firewall, malware scanner, etc.). Only BitNinja really helped us to reduce the flood of attacks to a minimum. When our small server was online, it was also attacked daily on all ports 1,000’s of times. On this server we let BitNinja fight the fight alone without intervening. After 1 week, the attacks have dropped by 90%. Very good job, BitNinja! We trust BitNinja!”
“Before using BitNinja, faced a lot of load problems in our cPanels. We experienced heavy DDoS attacks and we tried CSF and CXS with relative success. We wanted to try something different to the common CDN solutions, and then BitNinja came to the rescue. Since we have been using it, the CPU load has dramatically decreased, and we like the Honeypots too. We believe this module is the greatest discovery of BitNinja.”
“We got many attacks and tried many methods to block them, but nothing was enough. The BitNinja approach is the best we could find. The approach is cloud-based, it is a very elegant solution to a global problem. Every protected server is used as a trap by BitNinja, which is an excellent idea.”
FREQUENTLY ASKED QUESTIONS
Where can I find the technical documentation?
On which ports does the BitNinja Port Honeypot bind?
BitNinja Port Honeypot chooses 100 ports from the 1,000 most attacked ports (for example: 23, the telnet port). It doesn’t setup on actual ports, so it will never interfere with any real services. If you wish, you can configure the module’s settings in /etc/bitninja/PortHoneypot/config.ini
Can I choose which ports should and shouldn’t be used as honeypot?
Yes, in the /etc/bitninja/PortHoneypot/config.ini you can set the ports which should always be used as honeypot and those which should be never be a honeypot. However, BitNinja Port Honeypot will never use a port where a real service is running. You can even set the exact starting port, so the module will choose the honeypot ports above that port number.
What programming languages are supported by the BitNinja Web Honeypot?
Currently, we only have a PHP implementation, but we have plans for supporting other languages as well. We are always happy to accept contributors, so don’t be afraid to contact us at firstname.lastname@example.org if you wish to help our ninjas’ work.
What kind of scans can be stopped with BitNinja Honeypots?
BitNinja can block most deep port scans (TCP connect scans) except syn stealth scan and a few others.
How can I check which IPs are scanning my servers?
In your Dashboard, the Network Attacks menu helps you review and analyze any blocked attacks. There, you can filter for the “Honeypot” type of incident to see any scans which have occurred on your server. You can see detailed logs for all of your servers or only for those you select.
Why should I create Web Honeypots?
Web Honeypots are a highly effective method for detecting hackers and blocking malicious bots in a proactive way. Instead of waiting until something bad happens, stop the bad guys as soon as possible! You can also enable our “honeypotify” feature in the Malware Detection module, so any backdoors which are detected will automatically be turned into traps. You can even create additional Web Honeypots (for example on Google Dorks – google search results for vulnerabilities – or on default 404 pages to block directory brute force).
BUILD YOUR SECURITY
START THE 7-DAY FREE TRIAL WITH FULL FUNCTIONALITY
WITHOUT SPENDING A CENT.
(No credit card required)