Cybersecurity Performance Report 2021/Q3 by BitNinja

We believe it is important to show you how BitNinja performs on Linux servers globally because the crowdsourcing method makes our security system unique and efficient. With every new server and attack, our Defense Network grows stronger, and this kind of synergistic effect provides real value for shared hosting providers. Let’s see in numbers how the Ninjas worked in 2021 Q3!


The award-winning Anti-Malware System protects your servers from backdoors. It detects infected files and goes a step further, placing them in quarantine to prevent any further damage to your server.

The symptoms of backdoors: the server gets blacklisted, outgoing spam, Google alerts, high resource usage, suspicious files, and outbound attacks.

We added 875 new global blacklisted malware signatures, and by the end of Q3, we had 18 350 global blacklisted malware signatures in our database.

3300 of these are SA-MD5 signatures. One of these signatures equals thousands of traditional malware signatures.

The Most Wanted Malware was the PHP Backdoor FLLI8ILI88. This type of malware tried to infect servers ~ 1 434 656 times.

anti-malware stats

We were working really hard to take our Malware Detection Module to the next level, and the results are here. We removed ~ 130 500 000 malware from shared web hosting servers in Q3. This is twice as much as in the previous quarter.

Real-time IP Reputation

The real-time IP reputation module protects your servers from botnets. Our IP Reputation list is continuously updated. When any BitNinja-protected server is attacked, the malicious IP is immediately added to our blacklist.

The symptoms of botnet attacks: high load on the server, suspicious connections, and slow websites.

ip reputation stats

In the third quarter of 2021, we stopped ~ 185 700 000 incidents in the scan phase (before they reached the server). It is a 25% increase compared to Q2. There were ~ 1 260 000 IP addresses on our global greylist and blacklist average.


The CAPTCHA module defends your servers from botnet attacks also. It is used to identify false positives on the greylist and allow human users to remove themselves from the greylist easily. We have three kinds of CAPTCHA for different types of connections.

Thanks to the CAPTCHA HTTP we blocked ~ 197 700 000 botnet attacks. The CAPTCHA SMTP had ~ 58 800 000 incidents and the CAPTCHA FTP recorded ~ 152 000 attempts. The CAPTCHA module blocked 28% more botnet attacks than in the year's second quarter.


The honeypot module prevents vulnerability scanning. The Port honeypots trap suspicious connections, so cyber criminals won’t be able to access the valid services on your servers, only the fake ones which are set up to trap them.

The symptoms of scanning: data leakage, hackers can scan your servers, and connections to open ports.


The port honeypots prevented ~ 520 000 000 vulnerability scans. It's 7 000 000 more than it was in Q2.

Other Modules

other modules

Log Analysis

The Log Analysis module mainly blocks brute force attacks but defends against many other attack types, such as SQL injection, spamming attempts, WordPress user enumeration attacks, reflective DDoS, and even more.

The symptoms of brute force attacks: Hacked FTP, SSH, CMS, and email accounts; a lot of failed login attempts, user complaints about locked accounts.

In Q3, the Log Analysis module blocked ~ 6 500 000 attacks. It is a 22% increase compared to the previous quarter's statistics.

Web Application Firewall

The WAF module defends the BitNinja-protected servers against web attacks.

The symptoms of web attacks: infected WordPress, Drupal, Joomla sites; forum and blog comment spamming; website defacement; IT team cleaning infected websites on a daily basis.

In Q3, the WAF module defused ~ 3 160 000 attempts. It means a 34% increase compared to Q2.

Denial of Service Detection

The symptoms of DoS attacks: high server load, high memory usage, and slow or inaccessible services.

The DoS Detection module defended against ~ 2 500 000 DoS attacks in the previous quarter.

Defense Robot

The Defense Robot module is against backdoors. It can automatically find and patch vulnerabilities. The symptoms are the same as we mentioned above regarding the malware removal module.

The Defense Robot discovered and patched ~ 193 000 vulnerabilities in Q3. Thanks to the upgrade, the Defense Robot is twice effective as it was in Q2.


The BitNinja modules had a 0,51% false-positive rate and blocked ~ 1 105 000 000 cyberattacks on web hosting servers altogether in the last quarter. This is 18% more than it was in Q2.


The Defense Network gets stronger day by day and thanks to you, our databases are growing rapidly. Don't forget to add your malware signatures and validate them on the Console.

Brace yourself! Festive Season is coming, and Q4 is the most dangerous time of the year. Cybersecurity is not optional anymore. It is a must! If you haven't tried BitNinja yet, don't forget to register for the 7-day free trial! No credit card is needed!

Free Trial

We are always happy to help you! If you have any questions, check out our Knowledgebase, feel free to ask at, or you can even reach us on the Dashboard chat!

Let's make the Internet a safer place together!

If you have no more queries, 
take the next step and sign up!
Don’t worry, the installation process is quick and straightforward!
AICPA SOC BitNinja Server Security
Privacy Shield BitNinja Server Security
GDPR BitNinja Server Security
CCPA BitNinja Server Security
2024 BitNinja. All Rights reserved.
Hexa BitNinja Server SecurityHexa BitNinja Server Security