IP filtering - Blacklists, whitelists, greylists and the BitNinja logic
BitNinja Security Starting Point - A Short Educational Program
Here at BitNinja we think that cyber security should be simple. So, we’ve designed BitNinja to make your life easier. We’ve built features and capabilities that can greatly simplify your work.
Here is a short guide to our product with tips and helpful hints. These educational articles should help you properly utilise BitNinja's features to grow your company while having a clear understanding of how it works!
Our IP reputation system relies on a huge set of IP addresses. On average, BitNinja has around 1,300,000 actively greylisted or blacklisted IP addresses, In addition, BitNinja has historical information about 100,000,000 IP addresses.
So, we know A LOT.
Anyway, here are the basics:
Blacklisted IPs in our database will be unable to reach any server that runs BitNinja.
The whitelist works similarly to the blacklist, anything on the whitelist will bypass BitNinja. As an example, Google's servers are globally whitelisted so they can reach any server.
Greylisted IPs will be challenged by our CAPTCHA to inform the user regarding the block to the domain/website and give the opportunity to remove himself from the greylist.
📌 Good to know: There are domains whitelisted by default like Google crawlers, Yandex and Bing bots etc. You can find the complete list here.
Now, what are the pros and cons of whitelisting, blacklisting and greylisting?
Whitelisting allows an IP to bypass BitNinja and give easier remote access, however, it is a security vulnerability and can be problematic for dynamic IPs.
Blacklisting an IP address can give you better security against known threats. Maintaining it though might be a pain.
Greylisting IP protects your server from known threats, while still giving the owner of the IP a chance to flexibly delist his IP address.
With our Unified approach, if one of your machines gets attacked by a bad actor, all of your other machines will receive the necessary information and will gain protection against the attacker in a matter of seconds. This way, we can reduce the load by not wasting precious resources on malicious traffic.
How to search in the IP Reputation Database?
It's super simple. Just type or paste the IP address on admin.bitninja.io on the top and click "SEARCH IP ADDRESS". You can search for server hostnames and domains across your servers the same way by clicking on the down arrow.
After searching you will be redirected to our report page. Here you can see the details on the IP such as:
Global greylist status
Greylist by user
Number of incidents
Detailed information on historical attacks
How to delist an IP?
Whenever you believe an IP address is on the greylist, whitelist, blacklist search for the IP address on the top search bar.
In the results, you can see additional information such as when the first incident occurred, and what exactly happened. And of course, you can take action by delisting the IP from the graylist, blacklist or whitelist.
How to blacklist/whitelist?
Blacklisting/whitelisting normally happens in the firewall area. You can pretty much block/allow an entire country, ASN or just a simple IP address if you wish. This can be done to a specific server or even for a limited time.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.