There are two main types of cyberattacks: targeted attacks and automated botnet attacks. In the case of a botnet attack, hackers exploit well-known vulnerabilities on hundreds or even thousands of servers and make them “zombie” machines in their botnet. Once infected, they use these zombie machines as part of their botnet to automatically carry out their attacks, infecting and controlling more and more devices. On a vulnerable server, botnets are responsible for 50% of the web traffic on average.


“After extensive testing and evaluation, we came to the conclusion that the BitNinja product is very mature and provides all the tools we wanted to build our infrastructure. Joining the BitNinja eco-system gave us access to the shared “knowledge” of tens of thousands servers worldwide so we can proactively block malicious traffic before even reaching our clients’ websites – simply impressive”

Dimitar Petkov


High load on the server

Suspicious connections

Slow websites


The revolutionary power of BitNinja is our database containing information on 70,000,000 IP addresses worldwide. Every server protected by BitNinja receives the latest updates on which IPs are safe and which are malicious. With each new server added, the defense shield grows stronger. If an attack occurs on a server protected by BitNinja and the IP gets blocked, it will be not only blocked on that server but on every BitNinja protected server worldwide. This breakthrough technology is a BitNinja exclusive feature called a Defense Network.

In addition to the power of the global lists generated by our Defense Network, you can also manage your own user-level IP lists by adding single IPs, IP ranges, countries and even ASNs to them.

We also designed an industry-first IP reputation list that goes beyond typical black- and whitelists. Our greylist makes the IP management more flexible and provides a more convenient way to handle false positives, while still blocking potentially malicious requests. Greylisted IPs can be delisted by valid human visitors simply by completing a CAPTCHA or the BitNinja Browser Integrity Check (BIC).

How is it different against other IP Reputation solutions?


Our IP Reputation list is continuously updated. When any BitNinja protected server is attacked, the malicious IP is immediately added to our blacklist.


The Power of the Ninja Community is a global network of BitNinja protected servers sharing information about the latest attacks. With every new server, our Defense Network grows stronger.


Instead of immediately blacklisting a malicious IP, we invented a new technology called a greylist. This blocks suspicious activity while still making it easy for people to validate genuine requests.


The global grey-, black- and whitelists are shared on all BitNinja protected servers. In addition, you can manage your own user-level lists for all of your servers in one place.


“After extensive testing and evaluation, we came to the conclusion that the BitNinja product is very mature and provides all the tools we wanted to build our infrastructure. Joining the BitNinja eco-system gave us access to the shared “knowledge” of tens of thousands servers worldwide so we can proactively block malicious traffic before even reaching our clients’ websites – simply impressive”

Dimitar Petkov


“BitNinja is being used by many different hosting companies, and swapping intelligence gathered from thousands of servers, hosting tens of thousands of domains worldwide. It allows us to tell the Good Guys from the Bad guys. With its “IP Reputation” we can see what an IP has been doing historically. Using BitNinja we can make better security decisions”

Andrew Shaw


“Our clients need to ensure their websites are secure from attacks and BitNinja is an integral part of this. It provides fantastic features and the ability for us to manage everything from a single pane of glass. Being part of the many thousands of servers that share attack info helps us ensure our customers’ reputations are not damaged by a compromised website. Now we have it, we would not be without it.” 

Andy Starr

Just Technology Group


Where can I find the technical documentation for the IP Reputation module?

You can read more about the IP Reputation module and the grey/black/whitelists on our documentation site.

What is the BitNinja Defense Network?

Our Defense Network refers to the information about malicious IPs that is shared by all BitNinja protected servers worldwide. With each new server added to the Ninja Community, the protection for every server protected by BitNinja grows stronger.

What is a greylist?

The BitNinja greylist is a flexible approach to differentiating valid human visitors from malicious bots. Our CAPTCHA page or Browser Integrity Check (BIC) will be shown for greylisted Ips. By successfully completing it, genuine visitors can continue browsing without a problem, while bots will be blocked from reaching your servers.

How does the CAPTCHA or Browser Integrity Check work?

When an IP address sends a suspicious request to a BitNinja protected server, the IP is first greylisted. If a valid human visitor then tries to connect to the server from the greylisted IP on HTTP, HTTPS, SMTP or FTP protocol, they can delist the IP with the help of the BitNinja CAPTCHA or Browser Integrity Check. These are used to make it easy for people to confirm it is a genuine request and continue browsing.

What is the BitNinja Browser Integrity Check (BIC)?

While Google reCAPTCHA became a popular tool to filter bot traffic, many people are hesitant to complete it when they first see it. That’s why we created the Browser Integrity Check (BIC) to improve the automatic delisting process. Our BIC can replace CAPTCHA for HTTP(S) connections, so visitors don’t have to complete any challenges. Instead, they simply wait a few seconds before they are redirected to the website they want to visit.

Can I customize the CAPTCHA/BIC pages?

Yes, you can personalize the CAPTCHA and BIC pages shown on your servers. Feel free to add your brand design or custom text to make the IP delisting process even more user-friendly for your visitors.

Can I check the IP history?

Using the BitNinja Dashboard, you can see the history of IP addresses and search for any IPs to check the attack information about them. However, some details (such as the server name, affected domain, etc.) can be obfuscated for security reasons. Each BitNinja user can decide on how much identifying information about their server is shown in those logs.

Can I disable the CAPTCHA for specific domains?

The BitNinja greylist is a core part of the protection of your server, so it can’t be disabled for specific domains. As a result, you currently cannot turn off the CAPTCHA module. However, in the future, delisting will be made by haproxy on the HTTP protocol, so the option of disabling the CAPTCHA/BIC for specific domains is coming soon.

How large is the BitNinja IP Reputation List?

We have information on 70 million IP addresses worldwide. Currently, there are more than 3 million suspicious and malicious IP addresses on our global grey- and blacklists.

Can I add IPs/countries/ASNs to my lists from the CLI or through the API?

Yes, you can add IPs to your user-level black-, white- or greylist in 3 ways:

Any changes are processed immediately, and your server is instantly protected with the updated security settings. If necessary, you can also handle IP ranges, block countries and even ASNs with customized time frames to eliminate attacks from specific regions.

If I whitelist or blacklist an IP does it automatically do it for all of my servers?

When you add or remove an IP on a list, changes are automatically applied to all the servers managed under that particular account.

Do you support IPv6?

IPv6 support is still in alpha version at this time. We are maturing the product and working towards a public release.



(No credit card required)