Our robust security solutions have played a key role in protecting servers worldwide - intercepting countless malware threats and helping create a safer digital landscape. Among the many threats we’ve neutralized, some malware types stand out for their persistence and impact. These threats often exploit weaknesses in WordPress setups, PHP scripts, and .htaccess files - […]

At BitNinja, we’re committed to continuous improvements - refining our security tools to be faster, smarter, and more efficient. These updates include improvements to our IpFilter, MalwareDetection, ProxyFilter - ensuring a more secure and seamless experience for all users. What’s New in BitNinja 3.11.4? IpFilter What’s New in BitNinja 3.11.3? IpFilter What’s New in BitNinja […]

Our robust security solutions have played a key role in protecting servers worldwide - intercepting countless malware threats and helping create a safer digital landscape. Among the many threats we’ve neutralized, some malware types stand out for their persistence and impact. These threats often exploit weaknesses in WordPress setups, PHP scripts, and .htaccess files - […]

At BitNinja, we’re committed to continuous improvements - refining our security tools to be faster, smarter, and more efficient. These updates include improvements to our IpFilter, MalwareDetection, ProxyFilter - ensuring a more secure and seamless experience for all users. What’s New in BitNinja 3.11.4? IpFilter What’s New in BitNinja 3.11.3? IpFilter What’s New in BitNinja […]

The “Hello, Peppa!” botnet and the /ept/out.php vulnerability were newly discovered attacks by our Attack Vector Miner. But now, it has recognized the reactivation of a forgotten IoT botnet. This botnet exploits the D-Link router DSL-2750B  remote command execution. What does the attack look like?  The discovered pattern is the /login.cgi?cli= as you can see below:  In the case of the D-Link router DSL-2750B firmware 1.01 to 1.03, there’s an option for remote command […]

In a previous article, we’ve discussed the BitNinja safe minimum ruleset for the BitNinja WAF, that consists of 15 rules from the OWASP Core Ruleset, along with 6 rules from the BitNinja rules category. These rules can be safely enabled on the root location pattern on your server. In the BitNinja Ruleset, there are 5 […]

After the “Hello, Peppa!”  zero-day botnet, our Attack Vector Miner detected another zero-day vulnerability.  Some vulnerable websites contain an /ept/out.php file, which can work as an open proxy. That’s why the attacker scans the /ept/out.php file. Let’s see an example:  The number of these attacks started to increase on July 11th, and as we can see in the diagram below, the botnet’s activity is slowing down […]

Our Attack Vector Miner (based on AI) is a very effective tool to identify 0. day attacks. Here comes the first catch! Discovery of a New Botnet At the beginning of July, our Attack Vector Miner created a new cluster, filled with logs about a new type of botnet. We perceived the first incident on […]

In the preceding articles, I’ve talked a lot about the BitNinja safe minimum ruleset template and how you should enable it on your “/” location (or on “*/wp-admin/*” if needed) if you’re hosting mainly WordPress websites. So I’d like to give you a little more explanation about the rules that are part of the safe […]

Content Management Systems (CMS) are highly vulnerable to zero-day attacks recently. Lately, the Drupal was picked on by the hackers. Now the ModX CMS is in the target. CVE-2018-1000207: The new MODX vulnerability Two critical vulnerabilities have been found in MODX Revolution <= 2.6.4 in the past few days. Exploiting it, the hackers can remote […]

We are checking in with an unusual article. We would like to share an upcoming story about a great Journey, which will start on 28th of July. Why is it worth mentioning? Well, one member of this great Adventure is one of our Ninjas, and we’re really proud of him. They will travel around Northern […]

Artificial Intelligence (AI) is spreading quickly in many industries, and we can gladly announce the Attack Vector Miner, one of our latest developments based on AI. But before we tell you more about that, let’s get a bit more familiar with AI. If you’re an AI expert, know everything about it, and are only curious […]

Last time we finished off with the advice that if you’re hosting mainly WordPress websites, you should only enable the BitNinja Safe Minimum ruleset for the “/” location or any other domain pattern that contains “/wp-admin”. So let’s talk a bit more about domain patterns With the BitNinja WAF, we’d like to give you the […]

As part of our ongoing commitment to seamless integration and top-tier security, BitNinja fully supports Enhance 12.0.0 and all newer versions. This update ensures that our security suite continues to work flawlessly with the latest changes in Enhance, providing uncompromised protection for your hosting infrastructure. What Changed in Enhance 12.0.0? Enhance has made significant updates […]

At BitNinja, we’re committed to continuous improvements—refining our security tools to be faster, smarter, and more efficient. Our latest releases, BitNinja 3.10.39 & 3.11.0, focus on enhancing filtering efficiency, improving process analysis, and refining system performance. What’s New in BitNinja 3.11.0? IpFilter: Optimized for Speed & Maintainability Process-Analysis: Now Configurable in Cloud-Config What’s New in […]

Are you a hosting provider or reseller looking to offer more value to your customers? With BitNinja’s Website Security Dashboard, you can provide real-time security insights, giving your clients full transparency into their website protection—while creating new revenue opportunities for your business. Two Powerful Reporting Tools to Drive Growth As a BitNinja reseller, you have […]