What server and site protection options are best for protecting your project, and how BitNinja is organized out-of-the-box for VPS servers
In this article, we’ll analyze four ways to protect your production server and website. We’ll also describe one out-of-the-box solution in detail — the BitNinja server security platform. We chose BitNinja because there is less info about it out there than other solutions like DDoS Guard.
This will be useful for beginners and anyone who wants to understand how to protect your server and site with an out-of-the-box solution.
4 options to protect your server and site — the pros, cons, and cost
Configure your protection manually — for example, you’ll have to create new users, change the SSH port, and configure ModSecurity and Fail2ban. Pros — you can fine-tune everything for your project. Cons — not suitable for beginners — manual protection is labor-intensive and requires technical experience. Read more about how to configure protection for your server and site manually on Dev.to — “Using ModSecurity in Nginx — how to establish project security on WordPress.” |
|
Hire a system administrator or information security (IS) specialist. Pros — the specialist will establish comprehensive defense against threats as per your company's objectives. Cons — It will take time to find a suitable specialist and onboard them. | Cost — from €87,000 a year. |
Pros — great when you need to fine-tune protection for your project. Cons — You will need a system administrator or an IS specialist to maintain and offer support for the system. Enterprise products usually come with technical support — specialists are there to answer questions and help solve problems. | Cost — Depends on server specs — can cost up to €5,000 per year or more. |
Pros — You don't need a lot of technical experience or a team of specialists — even a beginner can handle this. You can enable or disable modules for your project and get help from tech support if something goes wrong. Cons — You can't do any fine-tuning. |
|
BitNinja is great for VPS servers. If you need a shared server with pre-installed protection against DDoS attacks and other threats, ispmanager’s partners are there for you. View our list of partners →
BitNinja’s Components
BitNinja consists of two components:
- The agent — an application that is installed on the server, filters traffic, and protects against attacks. The agent’s settings are stored in the cloud. It does not perform AI scanning.
- The SaaS interface — the “admin” for managing agents.
BitNinja has more than 20 modules for different purposes — proactive defense, protection against viruses, DoS, and outgoing spam. There are also modules that ensure the smooth operation of specific parts of the agent and the SaaS interface.
Let's see how the most important modules for server and site protection work.
Server security — filtering traffic and blocking intruders’ IP addresses
BitNinja has 4 modules offering proactive server protection.
IPfilter — the traffic filtering module. This module checks all the IP addresses that try to connect to your server against 5 databases listing millions of IP addresses and blocks attackers. The databases are all updated in real time.
The module blocks an IP address if:
- it finds an IP address in a blacklist database, it blocks it even before it attempts to connect to the server;
- the IP address is not in the databases, then BitNinja blocks the IP address at the moment of connection;
- the attacker tries to connect through a proxy server. BitNinja will identify their source address and block it if the IP address is in a blacklist.
BitNinja agents are trained to react quickly to attacks. If one module blocks an IP address, all the other servers under that BitNinja account will do the same.
BitNinja temporarily blocks an IP address if it detects more than 80 connections from one IP address. The particular number of connections can be configured from the BitNinja interface — see the next article on configuring modules for details on how to do so.
The Captcha module for popular protocols like SMTP, FTP, and HTTP. This module complements the traffic filtering module by strengthening its protection. If a user manually connects to the server using one of the protocols above and gets banned by mistake, they can unblock themselves through the Captcha module.
WAF (Web Application Firewall) — protects against SQL injection, XSS, and other vulnerabilities. We recommend not changing the module settings if you are unsure what will happen. Incorrect configuration can make the server completely inaccessible.
Port Honeypot — lay traps in your ports. This offers an additional degree of protection if an attacker bypasses the captchas, filtering, and even WAF. BitNinja places “traps” on 100 random ports out of 1000 of the most popular ones according to BitNinja’s estimates. The “trap” simulates a connection to the server and keeps the attacker out of harm's way.
If one of your applications is running on a server that uses a certain port, such as mail, BitNinja removes the trap from that port and moves it to another one.
Virus protection — an in-house module from BitNinja
BitNinja finds infected files on the server with the help of a built-in antivirus program. The antivirus databases are updated every day.
The antivirus program finds infected files and quarantines them. Here’s what BitNinja analyzes when it finds an infected file:
- The logs associated with that file for the last 30 seconds before the file was last modified. BitNinja then finds the attacker's IP address and blocks it.
- The basic application logs on the server: Apache, Nginx, OS logs, Exim, Postfix, and Dovecot.
For weaker servers, you can move scheduled antivirus scanning to the cloud with AI and reduce the load on the server. How to optimize BitNinja for weak servers →
Confidential data is not transferred to the server — only MD5 hash encrypted files. MD5 hash is a cryptographic hash function that converts data, such as text or a file, into a unique hash value. It is used to verify the integrity of a file. It is impossible to learn the contents of a file from the MD5 hash.
BitNinja will be able to find malware even if it is in a MySQL database. There is no support for other databases in the vendor's documentation. The ability to scan databases in BitNinja is turned off by default.
Protection against spam and CVE vulnerabilities
BitNinja protects against spam and CVE vulnerabilities using the following modules:
Spam Detection. This module analyzes the email header, sender, and recipient, and uses AI to recognize spam. BitNinja will immediately recognize if one of the forms on the site has been hacked and is being used to send spam. It will then highlight the problem on the dashboard and in the next notification newsletter. This module is disabled by default
Vulnerability Patcher — protects against CVE vulnerabilities. CVEs are a list of commonly known vulnerabilities and security issues found in common systems, such as CMS. BitNinja will report any CVE vulnerability it finds on the dashboard.
Checklist: important things to know about BitNinja
BitNinja is great for projects where you need to protect a VPS server. For a shared server, we recommend choosing pre-installed protection from ispmanager’s partners.
- BitNinja agents are trained and react to attacks quickly — if one module blocks an IP address, all other servers in the account will do the same.
- We recommend not changing your WAF settings — there is a risk of losing access to the server.
- BitNinja does not transmit sensitive data to the server.
- BitNinja antivirus is developed in-house. The antivirus databases are updated every day.
- BitNinja will even detect malware in a MySQL database. Other databases are not yet supported.
How to install BitNinja and other FAQs →