Introducing BitNinja: The All-in-one Security Suite to Defend Your Websites

Security is a top priority in hosting, and we ensure that every possible measure is taken to protect your website and your data. Thus we’re super excited to announce that we’ve added a black belt to our cyber defenses! As of today, all FastComet shared hosting clients are protected by one of the most advanced security systems available – BitNinja. By taking advantage of machine learning and the web traffic information of tens of thousands servers, BitNinja creates a global defense network that counteracts botnet attacks with a shield of protection for all servers and their hosted websites.

But before we go any further into the technical details, let us introduce you to the reasons why we decided to step into this partnership. As most solutions, this was a decision made out of necessity. With the increasing rate and intelligence of attacks, some of our customer’s sites that ran on vulnerable code or out of date software were nonetheless being compromised. This was largely due to the growing sophistication of the attacks, making them increasingly difficult to detect. Not only that, by also with the rapid growth of our customer base we needed to scale not only in terms of hardware infrastructure but also improve the tools and software we use. After an in-depth evaluation of the most common security and performance issued we determined that the concept of protecting hosting nodes individually is a major bottleneck for the scaling process. We needed a centralized system that can learn and record infrastructure-wide incidents in order to protect all servers proactively – a system that can prevent attacks before they reach our infrastructure instead of trying to mitigate them.

Let’s talk about BitNinja

During our research on the subject, we were pleasantly surprised to discover that not only others had already expanded this idea into a strong security concept, but a few great teams have already developed sophisticated products in this niche. After extensive testing and evaluation, we came to the conclusion that the BitNinja product is very mature and provides all the tools we wanted to build our infrastructure. The most impressive feature of the BitNinja security system is the shared knowledge about attacks and malicious traffic around the world. We quickly realized that building such system on our own will protect our servers only from attacks that occur in our network. On the other hand, joining the BitNinja eco-system will give us access to the shared “knowledge” of tens of thousands servers worldwide so we can proactively block malicious traffic before even reaching our clients’ websites – a globally distributed security system with machine learning algorithm to protect all servers from malicious traffic worldwide – a beautify idea made a reality by the BitNinja team.

So what exactly is BitNinja?

BitNinja is an integrated set of modules that protect servers from various malicious attacks on multiple protocols, all at the same time. Each module uses different techniques to prevent and/or detect an attack as soon as possible.

  • The IP Filtering Module: Highly developed Botnet Protection which not only blocks access to malicious domains to limit the risk, it also prevents infected systems from connecting back to the botnet’s control servers. It works in the deep of your OS, so you will not notice when BitNinja is working.
  • The DoS Protection Module: A network supervising module that can suppress excessive malicious traffic to prevent the most common DoS attacks.
  • The Web Application Firewall (WAF): This module protects our clients’ websites from the most common attacks like cross-site scripting, SQL injection, buffer overflowing or data thefts. It monitors, filters and blocks incoming malicious traffic on HTTP protocol in real-time.
  • The Log Analyzer: This automatic module is responsible for analyzing log files in real time (access logs, error logs, auth log, control panel login logs, MySQL, Nginx, and FTP) and takes the necessary actions if any malicious activity is detected.
  • Malware Detection: Up-to-date detection technologies are combined with traditional methods to help increase the efficiency of malicious object detection and support proactive protection against new hostile programs.
  • The Captcha Module: The concept behind this module is actually what makes BitNinja great. The system monitors and maintains a reputation database of more than 4 million IPs in real time. This reputation is based on the previous history of each IP activity to prevent false-positive blocks with its 4-level reputation ranking:
    • No threat reputation – It’s a harmless IP, that hasn’t got into any recent incidents. In the past, it may have generated some issues, but it has been solved successfully and doesn’t treat anybody now.
    • Low threat reputation – This IP is on the Greylist because it has generated some suspicious requests against our protected devices. We inform the IP owner about their IP’s suspicious behavior and grant them a possibility to remove themselves from our Greylist by completing the Google Captcha verification.
    • Medium threat reputation – These IPs made more than 500 different suspicious incidents without any human validation (CAPTCHA). When an IP reach this number of incidents it’s categorized as a harmful device. It is no longer provided the possibility to remove themselves via CAPTCHA because they are not allowed to connect to a BitNinja protected server.
    • High threat reputation – Ip’s categorized with High Danger Level, are really heavy attackers. The BitNinja blocks them in all possible ways.

Thanks to this reputation system even if a visitor is graylisted because of a dynamic IP with previous incidents, they can remove themselves from the list by filling the captcha:

And your legitimate traffic will be no longer blocked by the hosting server firewall and brute force protection service. It’s important to note, that it will be an extremely rare case for you to actually see the captcha page, but if that does happen, BitNinja will provide you with a method of de-listing immediately.

The net result of implementing BitNinja

Set aside all technical information, as a FastComet client you should know that this new system does not require any changes on your end or site modifications. You can focus on your website while the system protects both your website and hosting account. Additionally, you should observe a more stable hosting experience, reduce resource usage by your website and relax as no search engine bots are blocked by the system. Despite this huge security improvement, we still recommend making sure that all of your web applications, plugins, extensions, and themes are up to date to make sure your site is safe from known exploits.

For those of our readers who would like to learn more about the BitNinja security system, we are preparing an interview with the BitNinja CEO which will be published in the upcoming days. Additionally, the new security system will be available to our clients on VPS and Dedicated Servers in the upcoming week as well as some other great addons.

As always, you can contact our 24/7 Technical Support team if you have any questions about the new security system. If you’re not hosting with FastComet, and have had problems with hacked or unsecured websites – why not take a look at one of our hosting plans – we’d love to welcome you!

George

George has a decade of experience as an executive and entrepreneur in the infrastructure and web hosting space. He is responsible for leading FastComet’s evolution of our scalable cloud, powering the business with Big Data, and linking the latest advances in technology to FastComet’s cloud and IT strategy. As a technical guy, he used his expertise to collect the know-how of creating a reliable and customer friendly hosting company to satisfy the increasing demand of clients.