IP reputation scoring system

Estimated reading time: < 1 min
BitNinja will log every request from a challenge listed IP address until the IP address is not delisted. Every request from a challenge listed IP address will be considered as an incident because a human visitor would have already delisted the IP address via one of the CAPTCHA page.
  1. If BitNinja detects a malicious request from an IP address, then it will be on the account-level challenge list
  2. After 100 incidents the IP address will be globally challenge listed
  3. If there are more than 50 incident logs about a globally challenge listed IP address we will send an abuse email to the email address associated with the IP address
  4. After 500 incidents the IP address will be blocklisted globally
  5. After 5000 incidents the IP will be listed on the Essential list, which means that the IP address can not be delisted and BitNinja won’t log the requests from this IP address.

Any manual IP delisting gets broadcasted automatically, BitNinja agents do refresh automatically every 10 sec, so this process takes around this amount of time.

Automatical delist processes:

We automatically move IP addresses from the blocklist to the global challenge list which generates no incident logs for more than 2 days. So the owner can delist the IP address.

If there are no logs about a challenge listed IP address it will be delisted:
– Static IP addresses: 3 months without logs
– Dynamic IP address: 7 days without logs

Was this article helpful?
It was not helpful
Views: 851