HTTP/2 support with BitNinja WAF 2.0
Zoltan Toma

HTTP/2 support with BitNinja WAF 2.0

HTTP/2 support with BitNinja WAF 2.0 The version of bitninja-ssl-termination 1.1.0, which is practically a HAProxy (1.8.9), can handle HTTP2 connections. It will be installed automatically by BitNinja (v 1.20.10) and it will reconfigure the configs for HTTP/2. It only affects the HTTPS connections. HTTP2 over TLS (h2) is supported by all of the modern browsers. Why HTTP/2?  HTTP/2 compared to HTTP/1.1 is far more powerful, it can broadcast requests and answers in parallel, so the browser needs to open only 1 connection to the server instead of 6-8. This connection is far more...
Read more
Hot new feature - Goodbye CAPTCHA! Hello Browser Integrity Check!
Anita Batari

Hot new feature - Goodbye CAPTCHA! Hello Browser Integrity Check!

How would you imagine a world where annoying CAPTCHAs are not the first line when it comes to identification of botnets and human visitors? Here at BitNinja we thought big and made it come true. Let us show you a security solution where the visitors with suspicious incidents in their past don't have to type anything, moreover, they don't have to click anywhere either. It sounds too good to be true, isn't it? Some of our users (you know, big players who) run into this issue when their end-users - who would like to surf on sites - were afraid of filling CAPTCHAs. We couldn...
Read more
New versions released
Eniko Toth

New versions released

Eniko Toth
In the last 2 weeks, we released 2 new versions of BitNinja. Let’s take a look at the novelties:    BitNinja version 1.12.10: CaptchaChallenge pages now use 403 status code instead of 200. Good bots will notice it and leave it. This means, that the good bots will recognize our captcha pages, and won’t walk around them. Causing that our already low false-positive rate will be further reduced. WordPress wp-login filter threshold increased to 100 attempt. Our log analyser module (SenseLog) perceives a wordpress page update as a wp-login.php request, so we increa...
Read more
Release note on 1.12.5 version
Nikoletta Szabo

Release note on 1.12.5 version

Nikoletta Szabo
Today (2016, 07 Nov) we released the newest version of BitNinja. Let’s see what has changed: SenseLog supervisors can be disabled in /etc/bitninja/SenseLog/config.ini CaptchaHttp now checks remote address at connection time From now on the BitNinja captcha is able to determine the performer of the connection in the exact moment when the connection has been established. DosDetection LocalIp filter undefined interface address bug fixed Turkish translation added to CaptchaHttp You can configure your own captcha with the use of our documentation site. Joomla Brute for...
Read more
Traffic Exchange Service- HitLeap and its consequences
Nikoletta Szabo

Traffic Exchange Service- HitLeap and its consequences

Nikoletta Szabo
Recently our support team has received questions about a highly controversial topic, a traffic exchange service, because these server owners started to receive incident reports from us about DoS attacks coming from their servers. We decided to write this blog in order to dissolve any possible concerns and doubts about BitNinja’s reaction to this service and its consequences. HitLeap is a traffic exchange service, which is mainly used by those who would like to boost their own marketing and have their site ranked somewhere at the beginning of Google’s search list. This counter-marketing serv...
Read more

0-Day Attack – How to protect?

Viktoria Vereb
The holidays are over already, and hackers didn’t sleep at all during that time. Yeah, a critical Joomla vulnerability is on board again. To tell the truth, this 0-day remote command execution vulnerability is already 3-weeks old, but it can still cause headache for owners using versions from 1.5 to 3.4. It is a quite dangerous security hole, maybe the worst type of attack you may face, as hackers can easily manipulate your server this way. And even worse: the patch was released only after 2 days. It has been exploited in the wild. As the BitNinja security system is continuously moni...
Read more

Release note on BitNinja 1.9.2

Boglarka Angalet
Happy Holidays everyone! Most of us are tuned for Christmas time already, but ninjas don’t know free days, as hackers are just getting in their element in the busiest days of the year. So we haven’t wated our time in the last few weeks, but developed some new features and useful things for you. Grab the latest version of BitNinja (1.9.2) and enjoy the hacker-free holidays! Brand new documentation site First of all, an old deficiency was eliminated lately. We released our new documentation site which contains more information about the mechanism behind BitNinja. IP reputation meth...
Read more

Release note on BitNinja 1.7 | OpenVZ/Virtuozzo support

Boglarka Angalet
Right after HostingCon, we are full of newer and newer function ideas to BitNinja. But now we made something ready for you, that has been promised for some weeks. Enjoy! Features and fixes IPfilter module has been completely refactored Now we have a basic support for OpenVZ/Virtuozzo based VPS DoS Detection has been boosted, now it’s even faster than it used to be Some minor fixes in CaptchaHTTP Fixes in DataProvider module SenseWebHoneypot fixes   Auto-release will be rolled out on Tuesday. Automatic updates are scheduled for Tuesday. But if you can’t w...
Read more

Release note on BitNinja 1.5 | DoS Detection update

Boglarka Angalet
We’ve been through some busy weeks again, full of excitements and DoS-improvements. We’d like to say thank you again for all the supportive bugfix and development tickets, sent by you all. We can bring the best out of BitNinja together, no doubts about it. ;) Let’s see the new features and bugfixes which gave birth to BitNinja 1.5.   Features DoS Detection has been refactored. Now it supports exceptions for local and remote ports. For remote port 25 the new threshold is 200 connections. For local 22 port the new threshold is 40 connections. Auto...
Read more

Knock, knock, the latest version update of year 2014 has arrived

Boglarka Angalet
Last – in this year – but not least, we brought you version 0.31 for BitNinja. This is because the holidays are not really holidays for hackers. We keep you being prepared all the time as you know. Here are some of the new features that you can find in BitNinja 0.31:   * UDP reject upon greylisted IP-s except port 53 * Cached host resolution on whitelists * New filter for DoS detection for bitninja dns requests. * Bugfix to prevent process kills on CloudLinux * You can disable ipset lists using /etc/bitninja/IpFilter/config.ini * Bugfixes about Debain6 ipset handling and s...
Read more