BitNinja – The road to success with the new Browser Integrity Check feature

One of our biggest challenges as a hosting company is keeping our servers and customer sites secured. We take security very seriously, implementing active and passive measures to stop attacks and malicious intent in its tracks. BitNinja is one of the security solutions we have implemented a few months ago on the FastComet platform and so far we are seeing great net results in terms of malicious traffic prevention. With the help of the integrated set of modules system, we have prevented countless potential exploits, malicious objects, unwanted bots but what is even more important – we have managed to save an enormous amount of server resources that can now be used for a meaningful and legitimate activity by our customers.

IP Reputation like never before

BitNinja inspects connections to our servers, looking out for obvious malicious activity, verifying whether any bots accessing the server are ‘good bots’ or ‘bad bots’, and logging all suspicious incident in a central database. This analysis is done in an intelligent way with lots of checks and balances that help ensure there are virtually zero false positives. It detects IP addresses with suspicious behavior, for example, if the visitor is accessing the same web page in short intervals, fills in an incorrect password multiple times and etc. BitNinja marks such behavior potentially dangerous for your website. The IP address is added to a ‘greylist’ which identifies it as potentially harmful. The log of the suspicious activity is recorded and the type of attack is categorized. The BitNinja greylist is a very precise list of the dangerous IP-s of the Internet containing more than 2.1 million IPs. This list is constantly fine-tuned automatically, and every BitNinja server automatically contributes information to this list.

It is the concept of ‘greylisting’ that what makes BitNinja particularly effective. Traditionally, a firewall will only ban or allow an IP address from reaching the server. The problem therein is that if there is even the smallest chance of a false positive, and the visitor was human, they will no longer be able to access the website. What BitNinja does differently is that if an IP address is listed on their greylist, they won’t block every connection from that address.

The CAPTCHA challenge problems

Up until now, greylisted IPs were presented with a ‘CAPTCHA’ page which allowed them to instantly unblock their IP address.

This however opened space for some very common issues. Even though the only action you had to perform was to click on “I am not a robot” icon and then have your IP address delisted, some of the website visitors found this too much of a challenge. They didn’t really know why they had to fill out a CAPTCHA despite the obvious fact that it was just one click. Some of the users were afraid of filling CAPTCHAs. Others did not see the CAPTCHA page at all. There were also those who proceeded through the CAPTCHA page but got the message: ERR_CONNECTION_TIMED_OUT. Whatever the reason was, there was an increasing amount of complaints that were filed to us by our customers as a BitNinja partner.

This made us take the decision to disable the IP Filtering module as the lesser of two evils to avoid any further confusion with the annoying CAPTCHA issues. It was obvious that a new security solution was needed where the visitors with suspicious incidents in their past don’t have to type anything, moreover, they don’t have to click anywhere either.

Why having a High threat IP reputation matters

Malicious traffic is a huge problem nowadays that probably affects every single website that is online. The time between a brand new website going live and the first malicious login attempts is a few weeks at most. This traffic comes from automated botnets that are programmed to crawl the internet for websites and locate their login panels using preset conditions. The attacks are not targeted and are not carried out manually. However, this activity is still a serious problem. In their login attempts, the bots use a huge amount of server resources. Due to the potential number of requests being sent, a brute force attack can actually function similarly to a DoS attack, taking many sites down due to high utilization of CPU/memory. Even if bot activity is not in big volumes resulting in a denial of service, it can still make your hosting more costly by causing you exceed your account resources. The reason for that is that the account has to handle not only your legitimate visitor’s traffic but unwanted bot traffic as well. The BitNinja IP Reputation system prevents this from happening by filtering requests and maintaining 4-level reputation ranking.

Goodbye CAPTCHA! Hello Browser Integrity Check!

It is commonly understood that one of the best ways to develop a successful product is to create something that solves real problems. With customers in mind, the ninjastic team of BitNinja decided to create an even more convenient way to validate browsers and valid traffic. So they came up with the idea to build in Browser Integrity Check (BIC) instead of using the reCAPTCHA alone. It does some background checking of the browser and after that, it automatically delists the IP address. Say Goodbye to the old CAPTCHA problems. This is a much more easy and convenient way to validate normal visitors and malicious attackers.

We wasted no precious time and we activated the new module right away. For you, as a FastComet customer, this means more stable hosting experience, reduced resource usage by your website and peace of mind knowing that no search engine bots are blocked by the system.

How does the Browser Integrity Check Work?

Connected to the IP Reputation module, the BIC will appear to those who are on the BitNinja greylist and connected to BitNinja-protected servers via HTTP or HTTPS (in case of the HTTP Protection module is enabled). After validation, the IP will be removed from the BitNinja greylist and requests to the BitNinja protected servers would not be blocked.

What it actually does is that it looks for common HTTP headers abused most commonly by spammers and denies access to your page. It will also challenge visitors that do not have a user agent or a non-standard user agent (also commonly used by abuse bots, crawlers or visitors).

Why is the BIC better than the CAPTCHA/reCAPTCHA?

The website visitors won’t have to fill or type anything, they just have to wait for 5 seconds while we ascertain by measuring some feedback information from the browser while we run some simple JavaScipt calculations in the background.

Will there be any exceptions?

It is important to note that BitNinja will keep the old method as well in some cases when there are too many incidents from an IP address, or for some reason this new method fails. This way you can avoid all the hassles with the CAPTCHA and hopefully, your website visitors will no longer complain about the captcha and they will rather get a feeling that we do care about security and we do it in a very convenient way.

We want to thank all customers, who have been among the first affected by the CAPTCHA issue for the patience and for helping us and BitNinja team become better in dealing with it. Of course, should you experience any issues with the incoming or outgoing connections, do not hesitate to contact our team of Technical Support experts. They would be glad to look into this.

 

Elena

Elena oversees all Marketing, Product Management and Community efforts for FastComet and is in charge of telling the brand's story. Always pitching, she’ll share the FastComet vision with anyone who’ll listen. Elena helps our customers make the most of their web sites' and focuses on our inbound marketing efforts; everything from developing new online growth strategies, content creation, technical SEO, and outreach within the FastComet community. Her background includes Sales and Customer Relationship development, as well as Online Marketing.