In case bots are creating spam accounts on your website or trying to brute force an access page. You can just use BitNinja’s Browser Integrity Check to block the bots.
If the bots fail the Browser integrity check their IP will be greylisted on your account so they will not bother you anymore.
If you experience any issue with this module please let us know.
You can contact us at firstname.lastname@example.org or via live chat from 9 AM to 5 PM CET.
Or send us a ticket here.
What is Browser Integrity Check (BIC)
The BIC has the same functionality as the CAPTCHA module. It blocks bots and lets through normal users. BIC does this without requiring the users to type or click anything. Users just need to wait for 5 seconds to pass the Browser integrity check and ONLY at the begging of their session.
- Blocks bots
- Lets through valid users and whitelisted bots
- No need to do anything (besides waiting for 5s)
- Users get the BIC page once per session
This is how it looks like:
How to use BIC
From the Dashboard (New)
In the future, the feature will accept a “DOMAIN” parameter too so the rule will take effect on the matching domain only.
If you wish to set up the URL captcha feature for a specific domain only or for one specific server only, you can do that from the terminal via the bitninjacli.
You can find the instructions for that further below.
- Navigate to the Firewall menu point and select the URL captcha menu point at the top.
- Click on the “+ ADD new custom rule” button
- Add a name for the rule for identification at “Rule name”
- At the “PATH” text field add the URI you wish to protect on all domains and on all servers under your account
You can also use regular expressions e.g.: myform*
- Add a description (Optional but useful in some cases)
- Click on the Add rule button
You can later edit the rule from the Dashboard by clicking on the pen icon on the rule.
From CLI (for a specific domain or server)
You can enable this feature for a specific domain’s specific URI on a specific server by issuing this command:
bitninjacli --module=SslTerminating --add-domainuri --domain=<domain> --uri=<uri>
For example on example.com’s wp-login page:
bitninjacli --module=SslTerminating --add-domainuri --domain=example.com --uri=wp-login.php
bitninjacli --module=SslTerminating --add-domainuri --domain=*.example.com --uri=wp-login.php
In this case however the URL captcha challenge will not take effect on example.com.
You can also set BIC to be presented on every domain’s wp-login.php URI:
bitninjacli --module=SslTerminating --add-domainuri --domain=* --uri=wp-login.php
The CAPTCHA module can handle 20 000-30 000 requests/sec. If the number of requests processed is higher than this, the CAPTCHA module might break meaning legitimate users will be unable to delist their IP address and also bots will not be blocked.
If this happens Turn off the BIC module from the URI and restart BitNinja to fix the issue.
You can restart BitNinaj with the
service bitninja restartcommand
How to disable
From the Dashboard
Click on the trash bin icon on the rule.
From the terminal
To revert the changes a specific domain on a specific URI issue the command below:
bitninjacli --module=SslTerminating --del-domainuri --domain=<domain> --uri=<uri>
bitninjacli --module=SslTerminating --del-domainuri --domain=example.com --uri=wp-login.php
To revert the changes on all domains for a specific URI:
bitninjacli --module=SslTerminating --del-domainuri --domain=* --uri=wp-login.php