NINJA BLOG

Akos Molnar | 2021.12.01. |
header

Serious Vulnerability Patched by the WAF and UX Update

We have successfully patched a serious vulnerability that affected over a million websites and improved our UX by updating the table on the Console. Thanks to Rack911 Lab’s bug report, we fixed several issues.

Let’s see in detail what happened over the last couple of weeks.

Patched OptinMontster Vulnerability

BitNinja’s WAF has patched a serious vulnerability within a WordPress plugin named OptinMonster, affecting over 1,000,000 websites.

With a carefully crafted request, an unauthorized party could bypass authentication when calling some endpoints provided by the plugin.

The team has patched it with a WAF rule (Rule ID 406002) that is available for every BitNinja user worldwide, preventing a possible exploit of this vulnerability.

waf rule

 Improved UX: Table Updates

On the Console in the Servers section, you can choose the table view. From now on, you can customize it easier because:

Bug fixes

At BitNinja, our goal is to make the Internet a safer place for everyone, together! To achieve this, it’s essential to have a safe platform. Thanks to RACK911 Labs, who have reported vulnerabilities to our team, we have been able to fix security issues related to our agent, making it safer than ever!

We are happy to announce that thanks to the report, we have made the following improvements:

  • Fixed an issue where BitNinja would install even if there are pre-existing usernames present on the server, such as ‘bitninja’ or ‘bitninja-waf’.
  • Fixed an issue that enabled a malicious local user to cause any IP to be grey/blacklisted from the server.
  • Fixed an issue where BitNinja would not check for symlinks if a Malware Restoration occurs.

We are looking for your help in protecting and securing our online assets. BitNinja has a Bug Bounty program through Hackrate with money rewards. Help us to find vulnerabilities and report them according to the defined expectations. You can find the program description here.


To learn more about the new features, visit our Documentation page, check out our Knowledge Base, or write to us directly.

Do you have ideas for new features or some suggestions on how we could improve BitNinja? Don’t hesitate to share it with us.

Cybersecurity is not optional anymore. It is a must! If you haven’t tried BitNinja yet, don’t forget to register for the 7-day free trial! No credit card needed!

Free Trial

Let’s make the Internet a safer place together!

BUILD YOUR SECURITY

Start the 7-day free trial with full functionality without spending a cent.

TOP ARTICLES