USA: +1 805-628-4196
EU: +44 20 3974 2242
Security advisory and consultation: [email protected]
Support: [email protected]
FREE TRIAL

WEB ATTACKS

Websites are the main point of weakness for shared servers. Many botnets specifically target and exploit website vulnerabilities to gain control of a server and use it to launch their automated attacks. 

Outdated CMS systems (WordPress, Joomla, Drupal, Magento, etc.) make servers more vulnerable to many different kinds of cyberattacks, such as SQL injection, cross-site scripting (XSS), remote and local file injections, and more. Cleaning infected files can quickly become a full-time job for IT teams managing shared servers, overwhelming their support teams with requests.

Symptoms

“Before using BitNinja, we used to get at least 4-5 customer complaints every day about how their sites or emails were hacked. Now that number has been 2-3 per month. This also has reduced the amount of time needed for our support to answer tickets and our technical team to clean up the compromised sites.” 

Rabi Hanna

Miss Group

INFECTED WORDPRESS, DRUPAL, JOOMLA SITES
FORUM AND BLOG COMMENT SPAMMING
WEBSITE DEFACEMENT
IT TEAM CLEANING INFECTED WEBSITES ON A DAILY BASIS

THE POWER OF THE WAF 2.0

Shared hosting companies have special needs when it comes to server security. With hundreds or thousands of domains hosted on a single server, it can be hard to filter out malicious requests while allowing genuine visitors to connect to your hosted sites. 

The most effective way to block website cyberattacks is at the application layer using a Web Application Firewall (WAF). The BitNinja WAF 2.0 operates between visitors’ web browsers and your web server. It’s a very fast reverse proxy which filters all incoming web requests, automatically rejecting any attacks.

The BitNinja WAF 2.0 makes it easy to manage all your firewall settings from one location, and you can also configure the filter level by domain. By using domain-based patterns you can change the strictness level by domain or by URL, blocking malicious traffic and allowing genuine traffic to reach each hosted site. This unique feature is only available with BitNinja and makes life a lot easier when managing shared servers.

To keep you secure from the latest threats, we are constantly patching new kinds of CMS vulnerabilities by adding new WAF rules to the rulesets. We also include automated false positive reporting which allows you to fine-tune the settings if needed, and we guarantee a low false positive rate with the pre-defined rulesets.

How is it different against other WAF solutions?

DOMAIN PATTERNS

Besides the server-based settings, you can set the filtration level and the strictness for each domain.

CONSTANT PATCHES

We are constantly creating new WAF rules to patch the different kinds of zero-day CMS vulnerabilities.

FULL TRANSPARENT PROXY

The BitNinja WAF 2.0 module is easy-to-use and doesn’t require any pre-configuration or constant intervention.

LOW-FALSE POSITIVES

The pre-defined ruleset ensures a very low false positive rate. False positive statistics are available for each domain pattern.

WHY DO OUR USERS LOVE THIS MODULE?

“Before using BitNinja, we used to get at least 4-5 customer complaints every day about how their sites or emails were hacked. Now that number has been 2-3 per month. This also has reduced the amount of time needed for our support to answer tickets and our technical team to clean up the compromised sites.” 

Rabi Hanna

MISS GROUP

“The biggest success we achieved with BitNinja is that we haven’t had a single website attack since we introduced BitNinja. Therefore, our IT team hasn’t had to do a single malware cleanup, which was a daily job for them before.

Madelene Karlsson

BEEBYTE HOSTING

“We were getting a lot of complaints about website hacking, code injections, vulnerability exploits or compromised mail servers sending out spam and getting blacklisted, so we needed to find a way to protect them, and fast. That’s when we started using BitNinja and all complaints stopped. The results are amazing: we don’t get any more complaints from customers, our IT engineers’ workload has been reduced, servers are using less resources and uptime has also improved.” 

Demetris Valiandes

Valicom Net Cloud Services

FREQUENTLY ASKED QUESTIONS

Can I use the BitNinja WAF 2.0 with NGINX?
As BitNinja WAF 2.0 is a local reverse proxy, it can be used with any backend server. We regularly test this module with Apache, NGINX and Litespeed servers to confirm compatibility. Our customers have also achieved great results with other types of backend servers, such as nodeJS, too.
Where can I find the technical documentation?
You can find more technical details about the BitNinja WAF 2.0 on our documentation site. If you have any questions or need assistance, feel free to contact our team via the chat in your BitNinja Dashboard or simply email us: [email protected]
Does the BitNinja WAF 2.0 work with HTTPS connections too?
Yes, with the help of our special SSL Terminating module which automatically offloads the HTTPS connections without any pre-configuration. This way, BitNinja helps decrease the load of the backend server.
How do you keep the false positive rate low?
After several months of testing, we developed a pre-defined ruleset which achieves the perfect balance between maximum protection and minimum false positives. We also rigorously test each new WAF rule before we release it and our system continuously analyzes every rule to keep the false positive rate low. The false positive rate is determined by the number of successful CAPTCHA challenges.
How do I know which rules need to be enabled?
There are 3 pre-defined rulesets available with different strictness levels, and you can create custom ruleset templates too. Rules can be managed for the whole server or you can create exceptions to configure the WAF rules by specific domains and URLs.
Does the BitNinja WAF 2.0 require any pre-configuration?
By extensively testing with different web servers and confirming each new rule we add to the BitNinja WAF 2.0, it is ready to go “out of the box” without any further configuration needed.
What happens if the WAF blocks a human visitor?

When a request triggers a firewall rule on a specific domain, the IP address of the request will be greylisted to prevent any immediate attacks on your server. If it is a genuine request made by a human visitor, they will see the BitNinja confirmation page where we inform them about what happened. They can then visit the original website with one click and their IP address will be removed from our greylist. If you see repeated requests in the WAF logs, you can fine-tune the settings by creating a domain pattern and disabling the associated WAF rule for that domain.

BUILD YOUR SECURITY

START THE 7-DAY FREE TRIAL WITH FULL FUNCTIONALITY 
WITHOUT SPENDING A CENT.

7-DAY FREE TRIAL

(No credit card required)

© 2021 BitNinja. All rights reserved.