Are you tired of the never-ending malware infections? Would you like to get rid of the nightmare of the long hours spent troubleshooting? Do you still seem to get repeatedly infected regardless of how often you make malware removals? It’s enough of the reactive protection!
What would usually happen when a server became infected? People had to buy special security tools, which had really high prices to find malware. If it succeeded, the sysadmins had to spend plenty of hours (or in worse cases several days) to remove the malware. The other option was to pay for someone to do the system cleaning instead of you, but again it also required money. Malware removal can even cost 180 USD for only one domain.
Ok, yes the malware was removed but what guarantees that it won’t happen again? If someone could upload an infected file why would she/he not try it again? Only removing the malware will not fix the problem itself because it means there is a weak point in your system. So it’ll only take a little time for this point to be found by other hackers too.
So, what came next to avoid further infections? Finding the backdoor and the attacker’s IP, then blocking it. Our web hosting company had a well-working procedure for doing this, but it still required time from our sysadmins. Eventually, we had enough of it, so we thought a big and developed a breakthrough feature.
We wanted to have a more comprehensive and automated tool, so we made it. The BitNinja Defense Robot is the only one real-time malware root cause analysis solution on the market. This module identifies backdoors and attacking IPs at each malware upload attempts. It doesn’t require any manual intervention. Instead, the Defense Robot will auto-greylist the attack source and set up customized WAF patterns, so the hacker won’t have the opportunity to upload a malware again.
We brought a brand-new concept to the market with our Defense Robot, which will not only harden your defense shield, but it also saves you time and money.
Let’s see how the Defense Robot grants you powerful security by the co-operation of 4 active protection modules.
If the Malware Detection module is enabled on your servers, it’ll monitor the file changes. If there is a malware upload attempt, the file will be quarantined, and the module will alert the Defense Robot.
Here is the step when the Defense Robot identifies the date of the attack and the source IP helped by our SenseLog module.
After these filtering procedures, there should be only 1 logline, which contains the attacker’s public IP and the path where the malware was uploaded. What will happen with this piece of information?
The malicious IP address will be automatically added to the global greylist, so it won’t be able to connect your servers as well as all the other BitNinja protected servers.
After the log filtration, we will also know the path of the malware upload attempt, so we can automatically honeypotify the abused domain/URI. It means that another malware upload cannot happen in the same path. It’s an upcoming feature which will be implemented soon.
(Another option that’s also coming soon: control panel/FTP user password will be changed automatically, then the hackers won’t be able to access your servers via that account.)
Check out our documentation site, if you need more technical details.
The Defense Robot will create BL_BN_LOG incident type, what you can find in the Dashboard. Simply go to the Network Attacks menu and list this kind of attack:
Search for those logs, which contain the DefenseRobot ID line. Here is an example:
There will also be a new folder created at: /var/log/bitninja/correlations/YYYY/MM/DD/hh_mm_uniqid
In this folder, you’ll find all the details such as:
Coming soon: The correlation information will be available under the Infected files menu. So you’ll also be able to access all the necessary information on the Dashboard.
After we carefully tested the Defense Robot on our servers, we offered a selected closed group the chance to join us and be a part of the testing stage. Over the past few weeks we received extremely great results, so now we have made this feature available for everyone who uses the BitNinja Pro.
From the 1.27.3 agent version, the Defense Robot is enabled by default, so you no longer have to deal with investigating and blocking the source of the malware infection anymore; this module will do it automatically rather than you having to do it manually.
Let’s take your server security to a new level and enjoy this unique, innovative protection system with BitNinja Pro.
Start the 7-day free trial with full functionality without spending a cent.
After the “Hello, Peppa!” zero-day botnet, our Attack Vector Miner detected another zero-day...
At the end of the last year, we made...