Old IoT Botnet has been Revived
Eniko Toth

Old IoT Botnet has been Revived

The “Hello, Peppa!” botnet and the /ept/out.php vulnerability were newly discovered attacks by our Attack Vector Miner. But now, it has recognized the reactivation of a forgotten IoT botnet. This botnet exploits the D-Link router DSL-2750B  remote command execution. What does the attack look like?  The discovered pattern is the /login.cgi?cli= as you can see below:  In the case of the D-Link router DSL-2750B firmware 1.01 to 1.03, there’s an option for remote command execut...
Read more
New Zero-Day Vulnerability on the Horizon Again
Eniko Toth

New Zero-Day Vulnerability on the Horizon Again

After the “Hello, Peppa!”  zero-day botnet, our Attack Vector Miner detected another zero-day vulnerability.  Some vulnerable websites contain an /ept/out.php file, which can work as an open proxy. That’s why the attacker scans the /ept/out.php file. Let’s see an example:  The number of these attacks started to increase on July 11th, and as we can see in the diagram below, the botnet’s activity is slowing down now.  During the peak time, we experienced 15.000 attacks per day and most of them tar...
Read more
New Botnet Has Been Discovered – “Hello, Peppa!”
Eniko Toth

New Botnet Has Been Discovered – “Hello, Peppa!”

Our Attack Vector Miner (based on AI) is a very effective tool to identify 0. day attacks. Here comes the first catch! Discovery of a New Botnet At the beginning of July, our Attack Vector Miner created a new cluster, filled with logs about a new type of botnet. We perceived the first incident on 16th June from an Indian IP address (106.51.152.115). The first incident of the "Hello Peppa!" botnet Since then, we have detected more than 120.000 attacks of this botnet! The Behaviour of the “Hello, Peppa!” Botnet The specialty of this botnet is that the die ("Hello,...
Read more
Drupalgeddon 3 in retrospect
Nikolett Hegedüs

Drupalgeddon 3 in retrospect

As you know, recently we’ve released multiple security patches for the Drupalgeddon vulnerabilities. The last one was Drupal Remote Code Execution - SA-CORE-2018-004, CVE-2018-7602, patched only 2 days after it was first discovered. We’re very proud of our quick reaction time and would like to share some statistics with you about the attacks that were prevented since then - with the help of BitNinja. The data from the first incident that we’ve caught looks like this (the URL is masked for privacy purposes): Url: [###.hu//] Headers: [array ( 'User-Agent' => 'Mozilla/5.0 (X...
Read more
GDPR and BitNinja - Important updates
Eniko Toth

GDPR and BitNinja - Important updates

Eniko Toth
By now, you are likely aware that on May 25, 2018, a new data privacy law introduced in Europe called the General Data Protection Regulation (GDPR) will go into effect. GDPR govern how businesses collect, use and share personal data and it allows individuals to exercise their legal rights. Of course, we have taken the necessary steps to ensure that we are compliant with the GDPR. We updated our Privacy Policy and General Contract Terms and Conditions. Also, we created this separate section about the topic in order to keep you updated. The Data Processing Addendum ...
Read more
Watch the new WAF in action
Eniko Toth

Watch the new WAF in action

The beta version of WAF 2.0 is performing much better than we expected. The feedback we’ve been receiving about it is truly fascinating. More and more people are realizing just how powerful this module is. It’s already – effectively protecting – hundreds of servers against SQL injections, XSS attacks, command injections, directory traversal, data leakage and various other types of attacks. Now, we’d like to take the opportunity to show you a 5-minute video that demonstrates how the WAF 2.0 works in real time. Already using this module? That’s great! But maybe we can show...
Read more
Serious Drupal vulnerability alert! How to virtual patch it with BitNinja WAF?
Eniko Toth

Serious Drupal vulnerability alert! How to virtual patch it with BitNinja WAF?

2 days ago, a serious vulnerability, SA-CORE-2018-002 (CVE-2018-7600) has been found in Drupal 6, 7 and 8, which affects over one million websites. All the unpatched Drupals are in serious danger! An attacker can upload backdoors or malware via this newly discovered vulnerability. The vulnerability is scored 21/25 Highly Critical! Details of the vulnerability: This vulnerability has been categorized as a Highly Critical issue because… With a simple user visit, the hackers can easily leverage the SA-CORE-2018-002. There is no need for special privilege levels. All users or even an...
Read more
BitNinja Daily Routine - How to eliminate hackers on your servers completely?
George Egri

BitNinja Daily Routine - How to eliminate hackers on your servers completely?

We have collected the best practices of the most successful BitNinja customers. Would you like to completely eliminate hackers on your servers? Follow this guideline to achieve the most with BitNinja and stop all hackers. The initial steps When you first install BitNinja on your server, the best you can do is to enable all modules. All the beta modules are used in many production servers, it is safe in most of the cases to simply enable them all. If you have considerations about enabling all the modules, then here is a list of minimal modules to enable: IP reputation DoS detectio...
Read more
Web Application Firewalls: Choosing the Right WAF for Server Security
Anita Batari

Web Application Firewalls: Choosing the Right WAF for Server Security

Web applications pose a significant security risk to servers, and having a web application firewall (WAF) in place is vital to keeping your servers and your business running smoothly. The average web server faces thousands of attacks on a daily basis. There are a number of web application firewalls available to protect your server, and having the right security in place can mean the difference between just another “day at the office” and a dozen “sleepless nights” trying to maintain your servers’ uptime. Let’s take a look at why having a WAF is so important, how it works, and the op...
Read more
Shared hosting provider with 7,000 customers had 0 infections over the past  7 days
George Egri

Shared hosting provider with 7,000 customers had 0 infections over the past 7 days

Our Hungarian web hosting partner, web-server.hu had ZERO website infections – since enabling BitNinja’s new WAF 2.0 module. We caught up with the lead sysadmin to talk to him about his experience with BitNinja. What has been your experience with BitNinja overall? “Before we began using  BitNinja, we had to fight daily battles with hackers. Infected Wordpress, Joomla, Drupal and other accounts were the most commonly affected platforms. Because of the continuous battle with infections and DoS attacks, we hardly had any time left for servers and for development. Since we started using...
Read more