2021 Q2 Cybersecurity Performance Report by BitNinja

We believe it is important to show you how BitNinja performs on Linux servers globally because the crowdsourcing method makes our security system unique and efficient. With every new server and attack, our Defense Network grows stronger, and this kind of synergistic effect provides real value for shared hosting providers. Let’s see in numbers how the Ninjas worked in 2021 Q2!

Malware Removal

The award-winning Anti-Malware System protects your servers from backdoors. It detects infected files and goes a step further, placing them in quarantine to prevent any further damage to your server.

The symptoms of backdoors: the server gets blacklisted, outgoing spam, Google alerts, high resource usage, suspicious files, outbound attacks.


We added ~ 28 748 new signatures and by now we have 759 211 in our Malware Database.

We put thousands of undangerous WordPress, Drupal, Joomla, etc. files to our Malware Whitelist. With this solution, we can reduce the number of false positives in the malware removal module.

The Most Wanted Malware was the PHP Malware Tophead Botnet. This type of malware tried to infect servers ~ 3 100 000 times in the second quarter of the year.


We were working really hard to take our Malware Detection Module to the next level and the results are here. We removed ~ 57 764 000 malware from shared web hosting servers in Q2.

Real-time IP Reputation

The real-time IP reputation module protects your servers from botnets. Our IP Reputation list is continuously updated. When any BitNinja protected server is attacked, the malicious IP is immediately added to our blacklist.

The symptoms of botnet attacks: high load on the server, suspicious connections, slow websites.


In the second quarter of 2021, we stopped ~ 148 200 000 incidents in the first phase (before they reached the server) and there were ~ 1 500 000 IP addresses on our global greylist and blacklist averagely.


The CAPTCHA module defends your servers from botnet attacks also. It is used to identify false positives on the greylist and allow human users to remove themselves from the greylist easily. We have three kinds of CAPTCHA for different types of connections.


Thanks to the CAPTCHA HTTP we blocked ~ 149 000 000 botnet attacks. The CAPTCHA SMTP had ~ 51 000 000 incidents and the CAPTCHA FTP recorded ~ 185 000 attempts.


The honeypot module prevents vulnerability scanning. The Web and Port honeypots trap suspicious connections, so cybercriminals won’t be able to access the valid services on your servers, only the fake ones which are set up to trap them.

The symptoms of scanning: data leakage, hackers can scan your servers, connections to open ports.


The port honeypots prevented ~ 513 500 000, and the web honeypots ~ 10 000 vulnerability scans.

Other Modules


Log Analysis

The Log Analysis module mainly blocks brute force attacks but defends against many other attack types, such as SQL injection, spamming attempts, WordPress user enumeration attacks, reflective DDoS, and even more.

The symptoms of brute force attacks: Hacked FTP, SSH, CMS, and email accounts; a lot of failed login attempts, user complaints about locked accounts.

In Q2, the Log Analysis module blocked ~ 5 300 000 attacks.

Web Application Firewall

The WAF module defends the BitNinja protected servers against web attacks.

The symptoms of web attacks: infected WordPress, Drupal, Joomla sites; forum and blog comment spamming; website defacement; IT team cleaning infected websites on daily basis.

In Q2, the WAF module defused ~ 2 350 000 attempts.

Denial of Service Detection

The symptoms of DoS attacks: high server load, high memory usage, slow or inaccessible services.

The DoS Detection module defended against ~ 3 960 000 DoS attacks in the previous quarter.

Defense Robot

The Defense Robot module is against backdoors. It can automatically find and patch vulnerabilities. The symptoms are the same as we mentioned above, regarding the malware removal module.

The Defense Robot discovered and patched ~ 99 800 vulnerabilities in Q2.


The BitNinja modules blocked ~ 932 800 000 cyberattacks on web hosting servers altogether in the last quarter and had a 0,59% false-positive rate.


The Defense Network gets stronger day by day and thanks to you, our databases are growing rapidly. Don't forget to add your malware signatures and validate them on the Console.

Cybersecurity is not optional anymore. It is a must! If you haven't tried BitNinja yet, don't forget to register for the 7-day free trial! No credit card needed!

Free Trial

We are always happy to help you! If you have any questions, check out our Knowledgebase, feel free to ask at info@bitninja.io, or you can even reach us on the Dashboard chat!

Let's make the internet a safer place together!

If you have no more queries, 
take the next step and sign up!
Don’t worry, the installation process is quick and straightforward!
2023 BitNinja. All Rights reserved.