New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Bitninja Abuse Reports
agoldenberg
Member, Host Rep
in Help
Has anyone ever received any of these?
I keep getting these against the main IP of one of my shared hosting servers. The IP in question is only used for the root domain and I have had several techs look through the logs for any traffic to where they are claiming to be receiving malicious packets.
Does anyone have any experience with these people?
I'd like to have someone take a look through my server who has experience with this garbage and nip it in the bud.
Thanks guys!
Thanked by 1inthecloudblog
Comments
I get them quite a bit, something about google maps API abuse and it's normally someone scanning for exploits on an IP range
Thing is there is 0 outbound or inbound to any of their servers! We've checked all the logs countless times and yet still nothing.
What logs have you checked? Do you have full packet / netflow logs?
They're not credible. I've seen a bunch of people's providers taking those clowns seriously.
What does it say you are listed for?
The worst that happens if you stay listed is your IP gets blocked on other peoples's servers who use bitninja, so it's not the end of the world.
@linuxthefish They are saying their honeypot has detected malicious packets.
their honeypot has usually no idea what its detecting, i've experienced loads of false positives.
Used to get them all the time when working abuse@ for a past provider. Folks are in the "third party alert" / blacklist business.
Kinda what I figured... They're based in Hungary...
Yeah, but that doesn't mean Hungarians live off blackmailing others.
What can they do to you? No sane person take them seriously.
Send them some "packets" of these http://dicksbymail.com/
Could be anything or even spoofed traffic I guess, bit of a silly detection thing for just "packets"
They are selling "server security as a service". They only want you to buy their shit.
Well i have received several reports in the past about some IP trying to bruteforce other people's wordpress installs and it turned out to be true - there was some malware uploaded on that server via some compromised site. So you need to check all the websites you host, there is a high chance there is some insecure wordpress / joomla / whatever.
I've also received them .
@rds100 we've run clamav and rootkit checker and have manually checked all hosted WordPress files. They all are 100% pure WordPress. Definitely nothing out of the ordinary.
What did you receive yours for? Connecting to the internet?
Swiftway passed an Abuse Report of BitNinja to me about a month ago. The only way to solve your problem, is to buy their product. You don't have to take these clowns seriously. It's just a new way of spamming sys-admins.
However, since you are hosting Wordpress, I can give you 2 more advises
Uhh...are you really running that webshelldetector? Did you checkout the github's comments? https://github.com/emposha/PHP-Shell-Detector/issues/24
It looks pretty shady
I can recommend Aibolit. More informatio is here: https://www.revisium.com/aibo/
Hello everyone! I'm Bogi from the BitNinja team. And I'd just like to confirm that the reports we send out are to draw the attention or server/site owners to hidden vulnerabilities that are used for cyber attacks secretly.
The information in the reports are real and real time. Please, don't hesitate to contact us ([email protected]) when you get reports like these, we'll help you finding problem and analyze the attacks.
And for the sceptical minds: we are not clowns at all. We are ninjas who fight to make the internet a safer place.
https://en.wikipedia.org/wiki/Ninja
The functions of the ninja included: espionage, sabotage, infiltration, assassination and guerrilla warfare.[1] Their covert methods of waging irregular warfare were deemed "dishonorable" and "beneath" the samurai-caste, who observed strict rules about honor and combat.
https://bitninja.io/pricing/
I see nothing else than your reports drawing attention to your pricing.
Spamvertising.
Clowns. I can confirm that bitninja program is written only in PHP. Anyone can check the source and use it in a bad way. For instance false abuse reports.
@BogiAngalet clown much
Up selling.
The only problem here are clueless providers taking you seriously and acting based on your bullshit.
For me, they said that my shared server was infected with a "PUP" that was "backdooring" one of their servers... thank goodness I was on CC at the time or else their fake reports would get me pulled offline. (again, if this is offensive to CC, @jbiloh can remove this)
You don't have pups on your servers?
Our pup comes in the front door, no need for backdoors. Quite the reverse actually, the dog's not allowed to go out the front door and can only go outside via the backdoor.
Our dog is a bitnija.
Aw... that "PUP" is cute
yeah, it probably uses backdoors if you leave the doors open.
https://duckduckgo.com/?q=pup&iax=1&ia=images
The pup's cute, that's true.
" I can confirm that bitninja program is written only in PHP. Anyone can check the source and use it in a bad way. For instance false abuse reports." - We think that there's no unhackable system, no matter what language was used to create it. For the mentioned case, we have server side tools against compromising the PHP code to use it for sending out fake reports.
Just please keep in mind that we are always happy to help. If you feel you got any false positive reports, just contact us ([email protected]) so as we can provide more details about the incidents we received.