Akos Molnar | 2021.04.14. |

2021 Q1 Cybersecurity Performance Report by BitNinja

We believe it is important to show you how BitNinja performs on Linux servers globally because the crowdsourcing method makes our security system unique and efficient. With every new server and attack, our Defense Network grows stronger, and this kind of synergistic effect provides real value for shared hosting providers. Let’s see in numbers how the Ninjas worked in 2021 Q1!

Malware Removal

The award-winning Anti-Malware System protects your servers from backdoors. It detects infected files and goes a step further, placing them in quarantine to prevent any further damage to your server.

The symptoms of backdoors: the server gets blacklisted, outgoing spam, Google alerts, high resource usage, suspicious files, outbound attacks.


We removed ~ 6 520 000 malware from shared web hosting servers in Q1.

We added ~ 38 000 000 new signatures to the Malware Database. Beside these our users have created ~ 3 900 signatures, that had at least 1 malware catch.

We put the undangerous WordPress, Droopal, Joomla, etc. files to our Malware Whitelist. With this solution, we can reduce the number of false positives in the malware removal module. We added ~ 723 000 files to the database in the past 3 months.

The Most Wanted Malware was the PHP Malware WP Botnet. This type of malware tried to infect servers ~ 325 000 times in Q1.

Real-time IP Reputation

The real-time IP reputation module protects your servers from botnets. Our IP Reputation list is continuously updated. When any BitNinja protected server is attacked, the malicious IP is immediately added to our blacklist.

The symptoms of botnet attacks: high load on the server, suspicious connections, slow websites.


In the first quarter of 2021, we stopped ~ 156 400 000 incidents in the first phase (before they reached the server) and there were ~ 1 900 000 IP addresses on our global greylist and blacklist averagely.


The CAPTCHA module defends your servers from botnet attacks also. It is used to identify false-positives on the greylist and allow human users to remove themselves from the greylist easily. We have 3 kinds of CAPTCHA for different types of connections.


Thanks to the CAPTCHA HTTP we blocked ~ 582 000 000 botnet attacks. The CAPTCHA SMTP had ~ 122 000 000 incidents and the CAPTCHA FTP recorded ~ 1000 000 attempts.


The honeypot module prevents vulnerability scanning. The Web and Port honeypots trap suspicious connections, so cybercriminals won’t be able to access the valid services on your servers, only the fake ones which are set up to trap them.

The symptoms of scanning: data leakage, hacker can scan your servers, connections to open ports.


The port honeypots prevented ~ 557 600 000, and the web honeypots ~ 50 500 vulnerability scans.

Othe Modules


Log Analysis

The Log Analysis module mainly blocks brute force attacks but defends against many other attack types, such as SQL injection, spamming attempts, WordPress user enumeration attack, reflective DDoS, and even more.

The symptoms of brute force attacks: Hacked FTP, SSH, CMS, and email accounts; a lot of failed login attempts, user complaints about locked accounts.

In Q1, the Log Analysis module blocked ~ 6 900 000 attacks.

Web Application Firewall

The WAF module defends the BitNinja protected servers against web attacks.

The symptoms of web attacks: infected WordPress, Drupal, Joomla sites; forum and blog comment spamming; website defacement; IT team cleaning infected websites on daily basis.

In Q1, the WAF module defused ~ 2 500 000 attempts.

Denial of Service Detection

The symptoms of DoS attacks: high server load, high memory usage, slow or inaccessible services.

The DoS Detection module defended against ~ 2 970 000 DoS attacks in the previous quarter.

Defense Robot

The Defense Robot module is against backdoors. It can automatically find and patch vulnerabilities. The symptoms are the same as we mentioned above, regarding the malware removal module.

The Defense Robot discovered and patched ~ 100 800 vulnerabilities in Q1.


The BitNinja modules blocked ~ 1 440 000 000 cyberattacks on web hosting servers altogether in the last quarter and had a 0,64% false-positive rate.


The Defense Network gets stronger day by day and thanks to you, our databases are growing rapidly. Don’t forget to add your malware signatures and validate them on the Console.

Cybersecurity is not optional anymore. It is a must! If you haven’t tried BitNinja yet, don’t forget to register for the 7-day free trial! No credit card needed!

Free Trial

We are always happy to help you! If you have any questions, check out our Knowledgebase, feel free to ask at [email protected], or you can even reach us on the Dashboard chat!

Let’s make the internet a safer place together!


Start the 7-day free trial with full functionality without spending a cent.