Why do we need an SSL certificate miner?
The WAF module can only listen on HTTP but it needs the SSL Terminating module to be able to listen on HTTPS as well. This module can do this only if it has the SSL certificates of the domains at its disposal. BitNinja has such a cert miner by default ...
If you would like to store the BitNinja logs you need to compress the logs and move it to another location so the log rotation won’t delete the log files. Also, you might need to share logfiles with your sysadmin or with our support ninjas.
You can download WinSCP that lets you exchange files ...
Description
Suppose an IP-based access control solution is implemented in your web server (back-end server). In that case, the Haproxy used by BitNinja's SslTerminating module can be exploited to push an arbitrary IP address to the backend webserver behind our WAF module, thus bypassing the afor...
You can make the BitNinja captcha page more user-friendly by customizing it. For example, you can include your company logo. This way, users will be more familiar with it The captcha page can be customized on a per-server basis.
The default captcha page is stored in the /opt/bitninja/modules/Ca...
The Close Direct Access option is enabled by default.
The setting can be modified from the Dashboard by navigating to the Configuration menu -> Advanced Modules -> IP Reputation -> Advanced Settings tab.
Network aliases are virtual interfaces that allow a single network interface c...
Solution
Just echo an empty string to the file. echo "" > /var/lib/bitninja/blue.pid.Try to start the BitNinja agent with service bitninja start command
If that does not work for some reason:
Delete the whole file with the following commandrm /var/lib/bitninja/blue.pid -y&...
The server’s box is red or yellow on the Dashboard.
This means that the BitNinja health checking service could not reach BitNinja on the server
Check if BitNinja is running
We need to check if BitNinja is running on the server with service bitninja status command
BitNinja is runni...
Our developers have added a new tool to our BitNinjaCLI arsenal. The bitninjacli --stats command can show basic statistics about the BitNinja agent. Its intended use is for integration with monitoring solutions.
Usage
Issue the command in your terminal as bitinjacli --stats this will show ...
With the 2.29.0 version of BitNinja, we introduced the rate limiting feature. This is based on the WAF and SSLTerminating modules. In order to use this feature make sure that the WAF module is enabled and working on the domains, you wish to protect with this feature.
You can set a limit for the...
What process is responsible
We need to check what process is responsible for the increased load.
To do so:
Run htop or top command, htop is more user-friendlySort the processes according to memory usagein htop press F6 and select the PERCENT_MEM option at the left side with the arro...