Top Linux Server Security Suites: BitNinja or Imunify360

As you may have already seen from one of our previous posts this quarter, we have deployed a new addition to our Security measures on all shared servers – Imunify360. While it is true that BitNinja is no longer available for shared hosting customers, we wanted to expand in detail on what are the differences between both tools. Furthermore, we wanted to answer the question of why you should consider one or the other for your particular situation if you are a VPS or Dedicated Server FastComet user/power user in general.

How BitNinja and Imunify360 stack against each other:

• General Differences
• Malware Scans and Cleanup
• Server-side Configuration
• Outdated Software Checkup
• Expenses
• User Interface
• Spam and Bot Detection
• IP Management
• Resource Usage

General Differences

While both BitNinja and Imunify360 are suits of various security measures, there are differences in the customization, and utilization of measures by each of the packages. Being made by the CloudLinux team, Imunify360 is more closely integrated with systems inside the most popular control panels – cPanel and Plesk. Imunify360 is also more complex and covers more angles of attack but at the same time this requires more resource allocation. This product caters to a group of users and higher number of websites (exactly what shared hosting servers are) and provides more modules that avert malicious activities.

BitNinja on the other hand uses less resources due to some of its less complex elements and has an arguably better automated IP block success rate. It is a product more suitable for users with a low number of websites especially if they themselves are constantly maintaining them.

Malware Scans and Cleanup

Both products have all-around good malware detection and cleanup. However, in this category, we have to give the advantage to Imunify360. 

Thanks to the acquisition of Revisium several years back, Imunify360 was built on top of their world-leading malware scanning engine. However, since then, the product has expanded, as the CloudLinux team added more features to the detection system. Those include:

• In-house WAF rules to prevent known application exploits.
• Constant real-time scans of all file changes. Due to the excellent integration with cPanel and it’s service bundle, the real-time monitoring is detecting uploads through HTTP, FTP, and File Manager.

It also detects file modifications and scans for malware, removing it without affecting the state of the website (no unwanted file quarantine).The added ability for the user to go through the removed files and the ones which have been cleaned after the fact or initiate a restore in case the file was not suppose to additionally modified is something without analog from the competition.

It also offers detection and cleanup of malware stored inside databases (injections)**. Furthermore, Imunify360 not only finds the malware in real-time but also automatically cleans it up after the 3rd day. 

Additionally, Imunify360’s Proactive Defense allows the user to monitor attacks made towards their websites including the exact request and additional actions on the follow up. Such attacks are logged and auto immune rules are generated in order to stop them from recurring.

In contrast, Bitninja’s scans must be manually initiated by the server administrator and only quarantine the malware which may result in broken elements on a website (as the malware has already changed the underlying files associated with set elements and once quarantined, it is like disabling those elements partially or completely). 

One hidden positive of less automation is that you can write your own rules for detecting infections that are not cataloged in BitNinja’s database. So if you are being targeted by a specific type of malware, you can fight it head-on without any extra elements to scan – this is great when you have a lot of files and know which ones to check.

**While BitNina does not have a direct DB scanner, its WAF 2.0, captcha, and Real-Time IP reputation modules will filtrate most of the Automated (blind) SQL injection attempts. As writing custom SQL injections is time-consuming, the majority of these types of attacks are automated.

Server-side Configuration

Both packages offer plugins for cPanel, Plesk, and DirectAdmin. As Imunify360 is closely integrated with cPanels, here you will get some additional options with it. 

Imunify360 has a one-command installation process, CLI, and REST API for remote management and incident processing. You also get a File Manager integration with cPanel and the ability to use Hooks/callbacks for asynchronous notification. In short, Imnunify360 greatly eases the life of the average cPanel user in terms of access and use of the tool set.

BitNinja requires configuration for the exact hosting you are using. If you are a FastComet customer, this is of course done swiftly by our team, as we have fine-tuned configurations for every possible VPS/DS solution you may run, so you don’t have to worry. 

Note that BitNinja also blocks the most common ports used for attacks against cPanel which can be an inconvenience in some cases. However, you do get automated notification on detection and SOS service (Security advisory and consultation).

Outdated Software Checkup

As you may have noticed, we are very avid supporters of “running the latest version” mantra, as we have seen firsthand just how much time and effort this can save. 

In the battle for using the latest and greatest software, Imunify360 is one “click” ahead.

It offers real-time virtual patching of ALL web-applications (WordPress, Joomla, Drupal, etc) and plugins using a proactive defense WAF + specific rulesets for the most used CMS (WordPress/Joomla/Drupal). While your apps are kept up-to-date, the HardenedPHP module provides the PHP fixes for the latest vulnerabilities found in the wild. On top of that, KernelCare will patch the kernel of your server without rebooting.

On the other side of the field, BitNinja will still provide you with a constant stream of patches for the newest CMS vulnerabilities by adding new WAF rules to its rulesets. It also includes automated false-positive reporting which allows you to fine-tune the ruleset settings if needed, with a guarantee of a low false-positive rate with the pre-defined “recommended” ruleset. However, BitNinja does not come with rebootless Kernel patches.

Expenses

If you are using our Cloud VPS or Dedicated Server options, you can add either Imunify360 or BitNinja capabilities to the server via the addon purchase option from within your Client Area, section Order. 

Imunify360 comes with different license types, depending on the number of cPanel accounts you have on your server. When deciding which license to get, you need to take that into consideration, so you can make sure Imunify360 protects all your clients and services.

BitNinja is priced “per server” so you only buy it once and it is available to all cPanel accounts situated on the server.

User Interface

While the User Interface will not be a make or break especially for an essential part of hosting such as security, a better UI will ease the use of the tools at your disposal and remove some actions which people find annoying.

Again, Imunify360 is a bit ahead, as its simple web-based UI and fully automated solutions make the entire setup and maintenance of security a smooth experience.

BitNinja doesn’t have a control panel UI by default and its UI must be enabled via its official portal. Still, you are secured by default as BitNinja’s out-of-the-box settings are both hardening your server’s defenses without introducing many false positives.

Spam and Bot Detection

Spam and bots can be annoying, and not only for the reason of creating additional work for you to clean your email from notifications of how many unsuccessful attempts to login in to your website have been made. Some bots are part of brute force attacks but others may try to probe your website’s comment section for a way to execute code on the server. Pair this with zero-day exploit blind attempts and bots turn into a very dangerous thing for your project’s well-being.

Imunify360 is covering all of the basics with its anti-bot protection, popular CMS brute-force attack detection and blocking. Furthermore, there is vulnerability scanner blocking, exploit scanner blocking, and zero-day exploiters blocking. 

Here we are talking about Cloud-based heuristics and WAF protection. This means that if at any moment there is a detection of a new type of attack going on a server protected by Imunify360, even if your server did not previously have the corresponding rules to fight off this attack, it will be “notified” on how to deal with it based on the experience of the cloud network as a whole.

BitNinja’s WAF 2.0 is using the Open Web Application Security Project (OWASP) Core Ruleset and in addition – custom-made BitNinja rules. While some OWASP rules have a high rate of false-positive the rules are time-tested and shown to stop a large number of various attack types. The only scenario in which OWASP is not recommended is when the server hosts multiple websites especially open-source ones like WordPress. That particular setup introduces the above-mentioned false-positive cascade.

BitNinja’s WAF module also managed a nginx + lib-modsecurity stack. This means it automatically installs, starts, configures, reconfigures and stops the nginx instance(s).

When nginx is started, the waf-manager module sets up the redirection rules to redirect incoming traffic to the WAF 2.0. Then WAF 2.0 uses the current HTTP server as a backend to pass the filtered traffic. Here, BitNinja provides a lot of configuration options, depending on how your server is set up. Of course, this may also prove a hassle as you will also need to deal with some incompatibilities – WAF itself is not compatible with some older distros:

• Ubuntu < 14.04
• Debian <= 6.0 (Squeeze)
• CentOS/CloudLinux <= 5)

If you don’t want to dabble too much into configuring trusted proxies, you can use the default BitNinja solution called “Transparent proxy”. It works by sitting between the user and the content provider. This module intercepts the request, so if the request matches with an enabled existing WAF rule, it gets blocked. Otherwise, the request is forwarded to its destination. The only downside of the “Transparent proxy” is that it does not support CloudLinux 5,6 and 7.

IP Management

Both products have a large database of IP addresses and records of activity towards their respective fleet of supported servers. They work in a similar way and have the 3 bases of filtering – whitelist, blacklist, graylist. 

Both also have reCAPTCHA capabilities, but Imunify360 also allows the use of Google reCAPTCHA. 

The reCAPTCHA option is essential in the graylists’ functionality in both, as it allows regular users that have had their IP detected as suspicious to verify themselves and not allow their IP address to later be added to the blacklist.

Resource Usage

As previously mentioned Imunify360 offers more modules and ways of tackling attacks which naturally uses more resources than BitNinja. However, it is important to note that Imunify360 can also be optimized in order to lower its resource usage. Inside it, there is the option to limit the resource usage in a certain range as well as enable or disable each of its modules.

As you can see, both products have their place in the hosting industry – an important place for that matter. Considering their different strengths in some fields, you may line more with one over the other. The most important thing is to consider all the available options and go with the product which is better tailored to your hosting and security needs. 

Closing Words

Of course, if you have other questions regarding the capabilities you can either check the official documentation of both products or contact our hosting specialists via the live chat feature on our website.