Portal Home > Knowledgebase > Articles Database > BitNinja
BitNinja
| Posted by MightWeb-Marcus, 08-19-2015, 03:33 AM |
| We've been trialling BitNinja lately, to see how it performs. As a relatively new product, it offers a rather promising featureset. We haven't tried it for long yet, so it's a bit early to say what it does and does not do.
Has anyone else here tried it? What were your results? Perhaps any active users today that could share their experiences?
|
| Posted by ReadySpace LLC, 08-29-2015, 02:05 AM |
| We're doing a trial now as well. Seems to be promising but however have not really experience its effects yet.
|
| Posted by Imthatguyhere, 08-29-2015, 02:18 AM |
| Tried it on a gameserver saw little to no effect over a properly secured server. (rarely ever get l7 attacks and I already check fail login attempts and ban them) .
It has good potential for for all the times they say advanced on the website the offering sare fairly basic and I'd love to see a free blacklist of their "honeypot results" come out to help everyone.
|
| Posted by Srv24x7, 08-29-2015, 10:14 AM |
| Hi,
It seems to be a very promising application to have on the server, but it has to be checked what incident information does this application transfers to their application from your server to their server, which they use for other bitninja users too.
|
| Posted by Imthatguyhere, 08-29-2015, 11:27 AM |
| IP and attack type from what I've seen. Though I haven't packet captured everything sent over a period.
|
| Posted by Srv24x7, 08-31-2015, 09:30 AM |
| Hi,
The transfer of data is 2 way in it, attack data from client server is transferred to the Bitninja server, and this data is again used and probably more data is also send to the client server, so it seems to be a 2-way communication.
What I was suspecting is whether this transfer is properly encrypted and what if anyone figures this out and sends some faulty data to the client server in the middle? although I am not sure whether they have managed to make a high level of encryption in the data flow. This is what has to be checked.
|
| Posted by mrgeekchris, 09-01-2015, 11:20 PM |
| I've tried it. I liked the weekly reports it gave me less pesky emails I get the better off but granted I'd have to say they got something lets hope they continue that path. I'd have to say my experience was good everything is very simple it's simple to install and uninstall they seem to be on top of bugs as well.
|
| Posted by xlightwaverx, 09-01-2015, 11:50 PM |
| It seems to work well.
I simulated a DDOS using Blitz.io and it caught it right away.
|
| Posted by bitninja_io, 09-03-2015, 05:02 AM |
| Hi,
We use standard 128 bit https encrypted connection for communication both ways, so man in the middle is not that easy ;-)
|
| Posted by Imthatguyhere, 09-03-2015, 05:30 AM |
| Glad to hear. Also welcome to WHT. This is a good place to get your software accepted and used. If it's very effective hopefully you'll see it around here as a standard.
|
| Posted by bitninja_io, 09-03-2015, 05:53 AM |
| Hi All,
Sorry for not introducing myself first :-) I'm George from bitninja.
Please feel free to ask me or my team about BitNinja here or via e-mail.
We are working hard to make BitNinja as effective and easy to use as possible to
protect your servers and all websites of your customers.
We have many plans for features and enhancement but if you have any idea, please
don't hesitate to share with us, so we can put it on our roadmap.
|
| Posted by Srv24x7, 09-03-2015, 09:41 AM |
| Hey George, welcome...! It was just my doubt that I shared.
Good to hear directly from the team itself. I have gone through the video on your site and the software looks absolutely promising and very interesting too. Man-in-middle attack could really be a pain, so its good to hear out directly from you about the encryption standard you are using.
|
| Posted by Imthatguyhere, 09-03-2015, 04:58 PM |
| I would say an awesome feature for this community would be integration into cpanel and a whmcs plugin that flags customers that match attack data (such as IPs used or something).
|
| Posted by bitninja_io, 09-03-2015, 05:25 PM |
| Hi Tyler,
We have a basic whmcs integration plugin. You can find more details about it on our blog. (sorry I can't send links yet :-) I'm too new )
The idea though is good to extend it and integrate deeper into whmcs and cpanel. We have something similar on our roadmap, but
I extend the request with your idea.
|
| Posted by Imthatguyhere, 09-03-2015, 05:32 PM |
| That's just pretty much the standard for around here so its good to have. Didn't notice whmcs integration though, I will check it out.
|
| Posted by MightWeb-Marcus, 09-04-2015, 04:32 AM |
| After testing this for quite some time, I have to say it does the job it advertises to do rather well. As more and more features are built in over time, I could definitely see this become an industry standard (mainly due to the simple fact that it's designed to be more or less a 1-click secure your network type of thing, which will appeal to a vast amount of people).
We decided to keep it on our hosting platform for the time being. I'd be happy to hear what others think after testing it!
|
| Posted by ReadySpace LLC, 09-10-2015, 08:54 PM |
| If it's a properly secured server, there won't be much effect. But it saves the time and effort to constantly monitoring for new attacks which really helps server admins to get a life.
|
Add to Favourites 
Print this Article
Also Read
