Why We Built a Chatbot for the BitNinja Console? In the fast-paced world of server security, getting answers quickly can make a real difference. That’s why we’ve launched the BitNinja Chatbot, a new tool built directly into our console interface to help you get instant support for your technical and product-related questions. While our team […]

Introduction User enumeration and guessable user accounts are critical security concerns for web applications. Attackers often exploit these vulnerabilities to gain unauthorized access. Understanding how to identify and mitigate these risks is essential for developers and security professionals. What is User Enumeration? User enumeration occurs when attackers can identify valid usernames through an application’s authentication […]

Why We Built a Chatbot for the BitNinja Console? In the fast-paced world of server security, getting answers quickly can make a real difference. That’s why we’ve launched the BitNinja Chatbot, a new tool built directly into our console interface to help you get instant support for your technical and product-related questions. While our team […]

Introduction User enumeration and guessable user accounts are critical security concerns for web applications. Attackers often exploit these vulnerabilities to gain unauthorized access. Understanding how to identify and mitigate these risks is essential for developers and security professionals. What is User Enumeration? User enumeration occurs when attackers can identify valid usernames through an application’s authentication […]

Content Management Systems (CMS) are highly vulnerable to zero-day attacks recently. Lately, the Drupal was picked on by the hackers. Now the ModX CMS is in the target. CVE-2018-1000207: The new MODX vulnerability Two critical vulnerabilities have been found in MODX Revolution <= 2.6.4 in the past few days. Exploiting it, the hackers can remote […]

We are checking in with an unusual article. We would like to share an upcoming story about a great Journey, which will start on 28th of July. Why is it worth mentioning? Well, one member of this great Adventure is one of our Ninjas, and we’re really proud of him. They will travel around Northern […]

Artificial Intelligence (AI) is spreading quickly in many industries, and we can gladly announce the Attack Vector Miner, one of our latest developments based on AI. But before we tell you more about that, let’s get a bit more familiar with AI. If you’re an AI expert, know everything about it, and are only curious […]

Last time we finished off with the advice that if you’re hosting mainly WordPress websites, you should only enable the BitNinja Safe Minimum ruleset for the “/” location or any other domain pattern that contains “/wp-admin”. So let’s talk a bit more about domain patterns With the BitNinja WAF, we’d like to give you the […]

New LogAnalysis with 109x speed The former version of SenseLog (which serves our robust LogAnalysis module) has processed the files at the start and observed them if there were any changes in them. It has used a lot of sources for the dates in the log rows. In this version it was necessary because SenseLog […]

A new flaw on the horizon! A new flaw has been discovered in phpMyAdmin, in which an attacker has the possibility to include files on the server. This vulnerability is caused because of a portion of a code where the pages are redirected and loaded in phpMyAdmin. Here are the steps, how it can be […]

We know that our customers care a lot about their own customers, too. Just like we care about you, and about making the internet a safer place. So, with the following series of articles titled “Wordpress hosting and the BitNinja WAF - how to do it right?”, I’d like to help those who work in WordPress hosting, […]

HTTP/2 support with BitNinja WAF 2.0 The version of bitninja-ssl-termination 1.1.0, which is practically a HAProxy (1.8.9), can handle HTTP2 connections. It will be installed automatically by BitNinja (v 1.20.10) and it will reconfigure the configs for HTTP/2. It only affects the HTTPS connections. HTTP2 over TLS (h2) is supported by all of the modern […]

Riskware – a thin line between benign and malicious programs Programming is something that can be used for good and also for bad reasons. We can write software with the sole purpose of causing harm, or we can be developers whose aim is to make things better and easier. Nowadays we can hear a lot […]

What is Forum Spam? Forum spam refers to unwanted messages posted on internet forums. These posts typically contain advertisements, links to malicious websites, or trolling content. Spammers aim to get their messages in front of users who would not typically engage with such material. Types of Forum Spam Advertisements: These messages promote products or services […]

How CAPTCHA Works CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It presents challenges that are easy for humans but difficult for bots. The BitNinja CAPTCHA verification page uses different types of tests to block malicious bots effectively. The Importance of CAPTCHA Verification Implementing CAPTCHA verification can significantly reduce […]

Patator was developed out of frustration with existing tools for password guessing attacks such as Hydra, Medusa, and Metasploit modules. It aims to offer a more reliable and flexible approach without merely repeating the shortcomings of its predecessors. Patator is a multi-threaded tool written in Python, designed to facilitate various types of password brute-forcing attacks. […]