Updated December 28, 2017
BitNinja is an advanced security service for websites and servers, powered by machine-learning. It protects against 99 percent of attacks with the integration of modules installed with a single line of code, by leveraging a defense network approach to cybersecurity.
There are modules for:
- • IP filtering
- • CAPTCHA
- • denial of service (DoS) protection
- • Web Application Firewall (WAF)
- • log analysis
- • detection of malware
- • cross-site scripting (XSS)
- • spam
- • and other attacks
It has also been shown to be effective for reducing forum and contact form spam on WordPress and other content management systems.
As an innovative security tool, what BitNinja is and what it does is not necessarily obvious to those running the websites protected by it. For this reason, answers to some basic questions about this valuable service are provided below.
How can one line of code protect my website?
The single line of BitNinja code installs the integrated modules, which protect websites and servers by leveraging machine-learning and the company’s network of customers. Web traffic information is collected from all BitNinja-protected servers, and shared with all others to create in-depth threat knowledge that grows with each new attack.
But don’t worry about how to insert that line of code – we do all that as part of our fully managed hosting administration!
The modules call and interact with BitNinja’s cloud network, which does the heavy lifting, and warns the server about the latest attack types and sources. Each of the modules then applies a different detection or prevention method against all known threats.
What is machine learning?
Machine learning is defined by the Stanford University course on the topic at Coursera as “the science of getting computers to act without being explicitly programmed.” BitNinja constantly analyzes attack patterns to improve the algorithm which identifies and blocks threats before they reach protected websites.
The servers constantly send traffic data to the cloud network, where BitNinja analyzes and synchronizes it, and sends the resulting collective threat intelligence back to the servers. This allows each server to learn from all others through the cloud network, without direct communication between protected servers or creating demanding workloads on any of them.
How does it gather this information?
BitNinja uses a variety of methods to attract and analyze web traffic and identify threats.
It analyzes the many logs websites create, including:
- • access logs
- • error logs
- • control panel login logs
- • and databases logs in real-time
It also creates port and web honeypots, a proactive form of threat detection in which monitored resources are set up as traps or decoys to attract threats away from real systems.
How does an IP end up on the BitNinja greylist?
When malicious activity is detected by the BitNinja network, it tracks the activity back to a source IP, and adds it to the greylist, meaning BitNinja treats it as suspicious. BitNinja then blocks traffic from that IP until its user indicates that they are not a bot or malicious actor. Often, however, the IP user has unwittingly been serving malicious requests without even knowing it, such as through an undiscovered malware infection.
This system enables BitNinja to quickly identify and block malicious traffic, and to reverse blocks on legitimate traffic.
Is threat information-sharing safe?
Because the information shared on the BitNinja network is filtered and analyzed in the cloud, no identifiable information from the targeted server is shared. An organization suffering an attack contributes limited data to the network, relating to the threat and its source IP, but not the target, to protect other BitNinja customers. This means organizations incur no additional risk from threat-sharing; only the benefit.
If BitNinja protects against 99% of attacks, what’s the other 1%?
Even the most advanced threat protection technology does not guarantee security. Cybersecurity professionals refer to threat “layers,” and many popular security tools protect only the network layer. BitNinja also protects the server layer, which is part of how it protects against so many threats, but there are other layers as well. Organizations can also suffer breaches due to vulnerabilities at the physical and personnel layers. Security best practices and awareness are still necessary, and no technology can protect against bad habits like leaving a password written on a piece of paper beside the computer.
BitNinja is one of the cutting-edge technologies KnownHost leverages to keep its customers’ hosted IT systems secure and performing optimally, and is included with all KnownHost Managed WordPress packages.