Introduction

Servers are the core for your business operations as they store data, running applications and more. They are important – but not impenetrable, and hence, can fall victim to hackers. This means it is no longer under your control, and this spells trouble on so many levels like performance, data security, downtime, and others. Being fully-protected cloud-server means having multiple levels of security in place. With each level addressing a different type of threat – and combining to form an impenetrable barrier. This becomes a difficult task because just uncovering and blocking individual threats isn’t enough. It’s also important to defend against complex threats and take preventative action all the time. To effectively manage hackers, botnets, attackers, and malicious activities using BitNinja modular security system. Here we’re going to explain how this each module can help you enforce the to stay secure.

What is BitNinja?

BitNinja is an easy-to-use server security tool mixing the most powerful defense mechanisms. Every BitNinja protected server learns from every attack and the system applies this information automatically on all BitNinja enabled servers. This way the shield is getting more and more powerful with every single attack. BitNinja has different modules for different aspects of cyberattacks. It is super easy-to-install, requires virtually no maintenance and able to protect any server by providing immediate protection against a wide range of cyberattacks.

Anyone who wants to secure the server from different kinds of attacks can use it. Mostly, Website Developers, hosting providers, Digital Agency and anyone who owns servers and wants to keep them safe on the Internet can use it as it is a maintenance-free security solution.

Modules

There are 3 module categories. There are general modules
for system functionalities, detection modules for detecting different threats your server faces, and captcha modules for providing self-removal functionality for users if their IPs are greylisted for any reason.

Features

Honeypots

  • Port Honeypot: In this, BitNinja opens 100 honeypots randomly chosen unused or closed ports while taking into account the existing services you are running to avoid any interruptions. It detects if someone does a deep port scan on your server (except syn stealth scan and some others) for possible vulnerabilities. That time, these open ports act like honeypots and expose malicious IPs, it will be automatically greylisted so they can’t infect your server. Some of these honeypots will behave like real services, for instance.
  • Web Honeypot: Web Honeypot works like Port Honeypot, with one important exception – you can replace any compromised file with honeypot scripts. You get the same benefits, plus additional customization to trap hackers and prevent further attacks.

Intrusion Detection

  • Web Application Firewall: Web Application Firewall (WAF) constantly scans and analyzes the incoming traffic flow to your server, looking for malicious content based on different factors. Used in conjunction with Log Analysis, WAF guarantees an extremely low false-positive rate while stopping attacks against the applications running on your server:
  1. BitNinja provides automatic updates and firewall rules. We constantly patch new vulnerabilities for you.
  2. For custom needs, you can easily set up a list of whitelisted domains or URLs.
  3. In case of a suspicious web application, you can switch the WAF into a strict mode with tighter rules to avoid any further infection.
  4. BitNinja’s Web Application Firewall is a zero-configuration service, so you don’t need to waste time setting up your WAF and configuring rules.
  • Log Analysis: BitNinja constantly monitors your server logs. As soon as it detects any suspicious behaviour, it blocks further malicious actions. BitNinja is designed for ease of use, you don’t have to worry about specifying the path of your logs, our zero-configuration setup finds them automatically. Log Analysis goes a step further and checks events logged prior to the installation of BitNinja, in order to identify previous attack attempts and at the same time, to greylist hackers. We automatically update the rules for detecting malicious behaviour from server logs – BitNinja does the lion’s share of the work instead of you.

Malware Detection and Removal

  • Malware Detection and Removal: BitNinja has an excellent module for file-based malware detection. If attackers can break through the defense line of honeypots and the web application firewall (see our other detection modules here: Detection modules), malware detection is the next line of defense to stop them infecting your server. After malware removal, BitNinja replaces the file with a honeypot to entrap the Command & Control (C&C) server. The new malware definition files automatically push so BitNinja is always up-to-date, and your server is always protected against the latest threats.

IP Reputation

  • CAPTCHA: CAPTCHA is the abbreviation for Completely Automated Public Turing Test to Tell Computers and Humans Apart. BitNinja uses CAPTCHA to distinguish between human and bot-generated traffic, streamlining the handling of false positives. As a result: Botnets are immediately blocked, you are relieved from the everyday burden of managing false positives, and the number of complaints from legitimate human visitors to your site is reduced.
BitNinja provides validation on different protocols, such as HTTP, HTTPS and SMTP. In the case of HTTP or HTTPS, web visitors are redirected to a CAPTCHA page. For SMTP, an email is sent with a confirmation link. Human visitors can remove themselves from the greylist with ease, while bots will remain blocked.-
  • Collective Intelligence: Servers protected by BitNinja collect and share attack information with each other. Together, they form a global defense network, which becomes more intelligent and more powerful with every single attack.
This means when any BitNinja protected server detects an attack, your server is immediately vaccinated against the malicious IP at the source of the attack. With our all-in-one security suite and global defense network, BitNinja also discovers and eliminates zero-day attacks and automated exploits – before they occur. Collective Intelligence creates a set of manageable IP lists. These sets grant security on three different levels:
  • Black/Whitelist management: You can use BitNinja to maintain user-defined blacklists and whitelists on your servers via CLI or our user-friendly Dashboard.
  • Basic IP reputation: Essential list-based protection against only the most vicious IPs. These IPs are used by the most aggressive hackers all around the world. When an IP generates more than 5000 malicious requests, BitNinja places it on this list.
  • Advanced IP reputation: The proprietary greylist is the most important asset in the BitNinja global defense shield. This list contains suspicious IPs that clients handle with special care. Advanced IP reputation gives you unparalleled protection, securing your server against more than 6 million attacker IPs.

DoS Protection

  • DoS Detection: BitNinja constantly monitors the number of simultaneous incoming and outgoing connections and blocks DoS (Denial of Service) attacks with our unique approach:
  1. Unlike other solutions, It doesn’t permanently block the source but drops the connections and greylists the attacker IP. This way, it reduces the number of false positives and complaints from clients behind proxy networks and NAT routers.
  2. You can create different thresholds for different protocols, and then fine-tune them to your needs. For example, you can set a maximum of 80 connections for HTTP and 150 connections for IMAP.
  3. BitNinja also helps prevent outgoing DoS attacks, so your provider won’t overcharge or block you.
  4. There’s no need to change any of your existing server applications to use our all-in-one security suite.
  • DoS Mitigation: All servers running BitNinja create a global defense network, sharing information about malicious IPs. With data on over 15 million IPs worldwide, plus honeypots to capture and analyze the latest threats, your server is protected against DDoS botnet attacks – before they happen.
  • AntiFlood: A chain is only as strong as its weakest link. Antiflood ensures that hackers cannot mount an attack against the BitNinja application and destroy your defense shield in the process. Antiflood works by aggregating information from the entire BitNinja security suite to prevent any individual module from overloading.

How is it different from other security solutions?

BitNinja is a hybrid of an on-premise and cloud-based solution. You can install it on your server and it gives the protection of a defense network using different modules to the different aspects of server security, which grant the 360° defense solution by communicating with the cloud. BitNinja provides all modules that can intercommunicate with each other to prevent, detect malicious attacks instead of dealing with security threats separately.
  • Moreover, while cloud-based security solutions require your traffic to be redirected through their servers, with BitNinja, you don’t have to do any configuration. Also, any failures of the cloud-based party can make your server unavailable, which is a huge risk to take. BitNinja security service runs on your own existing cloud server.

Activate BitNinja During Node Creation

  • Please go to ‘My Account’ and log in using your credentials set up at the time of creating and activating the E2E Networks ‘My Account’.
  • After you log in to the E2E Networks ‘My Account’, On the left-hand side of the MyAccount dashboard, click on the “Nodes” sub-menu available under the “Products” section.
  • You will be routed to the ‘Manage Nodes’ page. Now, you have to Click on the ‘Add New Node‘ button to create a node that takes you to the ‘Create Compute Node’ page.
  • Please select the Node image.
  • After selecting the Node image and plan, you need to click on the create button, It will take you to the final stage of the ‘Create Compute Node’ page.
../_images/bi1.png
  • Here, you can specify the node name and additional options for the Node you’re creating.
  • In the Node security section, you can Enable BitNinja Security tool which is used to protect your node against a wide range of cyber-attacks. You will be charged ₹ 760.00 per calendar month for the BitNinja license.
  • Click Create to create a node.
  • It will take a few minutes to set up the Node and you will take to the ‘Manage Node’ page. Bitninja License activation respective information will be updated in the Node detail tab.
  • Also, you will receive a notification email along BitNinja license activation key and details from BitNinja.
../_images/bi2.png

Activate BitNinja For Your Running Nodes

  • After the launch of an E2E node without enabling the BitNinja or for existing running E2E nodes, you still have the option to Activate BitNinja for your Node. For this, you need to follow the below steps.
  • Please go to the ‘Manage Nodes’ page.
  • Now, select the node for which you wish to enable BitNinja.
../_images/bi2.png
  • Click on the ‘BitNinja License is not activated. Click here to buy’ available in the node details tab.
  • The below confirmation window will open. click-on “Buy” button after reading the information on the pop-up box.
../_images/bi3.png
  • The below window will appear after BitNinja license activation is successful. You need to manually install the BitNinja agent in the respective node by executing the command shown in the message. The BitNinja license activation key and details will also be shared via mail from BitNinja.
../_images/bi4.png
  • In the Node details tab, BitNinja information is updated.
../_images/bi5.png

Stopping and Uninstalling

Terminate BitNinja

  • Please go to the ‘Manage Nodes’ page.
  • Now, select the node for which you wish to disable BitNinja.
  • Click on the ‘BitNinja License is activated. Click here to terminate’ available in the node details tab.
  • A confirmation window will open. click-on “Terminate” button after reading the information on the pop-up box.
../_images/bi6.png
  • In the Node details tab, BitNinja information is updated after successful termination of BitNinja license. If you have to stop BitNinja you can use the following command: service bitninja stop
  • Now, to uninstall BitNinja packages from your node you need to run commands mentioned in the below

Debian based distribution:

apt-get purge 'bitninja*'

Rpm based distribution:

yum remove 'bitninja*'

Removing kmod-ipset on Centos5

yum remove kmod-ipset

Removing ipset on Centos5

yum remove ipset

Debian based distribution:

apt-get purge 'bitninja*'

Removing BitNinja from WHM

wget -qO-
https://get.bitninja.io/bitninja-whm.tar.gz | tar -zx && ./bitninja-whm/uninstall

Removing BitNinja from ISPmanager

wget -qO- https://get.bitninja.io/ispmgr-plugin.tar.gz | tar -zx && ./ispmgr-plugin/uninstall

Use the following command to remove SSL certificates:

rm -R /opt/bitninja-ssl-termination

Use the following command to remove the BitNinja logs folder:

rm -R /var/log/bitninja