Changelog
- đ§Linux
- đReliable-Auto-Update
- Windows
- đ§ąWAF Rules
- đ ď¸Vulnerability Patches
bitninja (3.10.31) Frequent Beta Wed, 20 Nov 2024 09:49
- IpFilter
- Proxyfilter reload added to CSF post script
- MalwareDetection
- CageFS added to exclude list
- SenseLog
- DirectAdmin log pattern added to SenseLog module
bitninja (3.10.30) Frequent Beta Mon, 04 Nov 2024 10:22
- SqlScanner
- Fixed an issue when workers didnât stop after disabling the module.
- SandBoxScanner
- Fixed an issue when workers didnât stop after disabling the module.
bitninja (3.10.29) Frequent Beta Wed, 09 Oct 2024 15:32
- MalwareDetection
- Fixed an issue that caused memory issues because of the CreateSignature command.
bitninja (3.10.28) Frequent Beta Wed, 09 Oct 2024 12:36
- MalwareDetection
- Fixed and improved a few things about our caching.
- Fixed issues with adding, publishing, and removing signature commands.
- Created a CLI command that can validate the draft signatures.
- Added the option to discard signature when restoring it with CLI command.
- Fixed issues with the create signature command.
- DataProvider
- Fixed issues with the message queue.
bitninja (3.10.27) Frequent Beta Mon, Sept 2024 14:48
- MalwareDetection
- Handle an error when the agent is unable to open the database file
- SenseLog
- Refactored the ApacheWpLoginReauth rule
- SpamDetection
- Fixed an issue that caused memory issues
bitninja (3.10.26) Stable Frequent Thu, 19 Sept 2024 13:14
- MalwareDetection
- Added a new middleware type, which is searching for RCE malware crons
- Handle an Uncaught PDOException correctly
- Process Analysis
- Fixed an issue with Redis message queue
- Shogun
- Iframely added to domain whitelist
bitninja (3.10.25) Fri, 30 Aug 2024 07:22
bitninja (3.10.24) Thu, 29 Aug 2024 12:54
- SslTerminating
- Fixed an issue that caused problems in the collection order of certificates.
- LogAnalysis
- Fixed an issue in reloading logic.
- MalwareDetection
- AuditD is now default file monitoring for new installations.
- Fixed an issue responsible for catching files.
- In the case when changing from Inotify to Auditd, purging all Inotify processes completely.
- After installation, MalwareDetection will start with Auditd if it is configured in CloudConfig.
- Fixed an issue with Audispd package install.
- Periodically check the inode values.
- Fixed an issue with reloading logic when changing between monitor types.
bitninja (3.10.23) Fri, Aug 2024 11:15
- MalwareDetection
- Added a new middleware type, which is searching for malware downloader crons
- WafManager
- Fixed an issue with configuration updating
- CloudConfig
- Fine-tuned default config options
- Changelog was added to the BitNinja package.
- From this version, BitNinja will automatically install BitNinja-Reliable-Auto-Update which is a self-updater software.
- Bitninja Reliable Auto Update 1.0.1
- This standalone service runs in the background alongside BitNinja, using minimal resources, and is responsible for keeping BitNinja up-to-date.
- Currently, it checks every 6 hours if there is an up-to-date version of BitNinja and updates it.
- This package is only available from the BitNinja Linux Agent 3.10.23 version.
bitninja (3.10.22) Tue, 16 July 2024 14:59
- SslTerminating
- Fixed an issue that cause invalid cert problems in cert collection ordering
bitninja (3.10.21) Thu, 04 July 2024 12:52
- Process Analysis 1.0.5
- Fixed some issues with shutdown
- Preparing to change the location of PID files
bitninja (3.10.20) Tue, 25 June 2024 11:11
- MalwareDetection
- Fixed an issue where a crash could have happened when new Yara rules added to the signature collection
- SslTerminating
- If the user manually adds certificates to the JSON file, those certificates will be used first.
- A new config option has been added to allow users to set the number of minutes to run the certificate check. This defaults to 5 minutes. Configuration name is: periodicCertCollection (Agent), Periodic SSL Certificate collection (Dashboard)
- Fixed an issue that caused app_ids to disappear.
bitninja (3.10.19) Wed, 12 June 2024 13:23
- SpamDetection
- Fixed an issue that caused an error in stopping SpamDetection
- DataProvider
- Fixed an issue in DataProvider, that caused, in the case of Enhance Control Panel, the domain not detected correctly
- MalwareDetection
- Added a new CronInjector signature to the MalwareDetection
- Fixed some issues with the hosted user counter script
bitninja (3.10.18) Wed, 29 May 2024 10:23
- ConfigParser
- Fixed some bugs in the Enhance service detector
bitninja (3.10.17) Wed, 22 May 2024 22:15
- MalwareDetection
- Fixed a bug where time zone mismatches could occur.
- IpFilter
- Fixed a problem where an IP address could be on both a global allow list and a global challenge list at the same time.
bitninja (3.10.16) Mon, 13 May 2024 15:32
- CloudConfig
- Minimum resource usage changed (System): 40 â 60
- Minimum malwareDetection memory limit changed (MalwareDet): 100 â 600
- Minimum scan niceness changed (MalwareDet): 0 - 1 â 0 - 0.1
- MalwareDetection
- Added config option to scan or not scan
/var/spool/cron
periodically. - IpFilter
- When an IP address is put on the allow list, it is removed from the challenge list, avoiding the case where an IP address cannot be on both the allow list and the challenge list.
- Process Analysis 1.0.3
- Add new php binaries path
- Validating exist binary path
- Remove Goroutine for new running processes, caused a concurrency
- Auditd monitor handling Enable and Disable
bitninja (3.10.15) Tue, 30 Apr 2024 09:42
- MalwareDetection
- Fixed an issue where 400 Bad Request errors could have been happened when hashes uploaded to the API.
- Vulnerability Patcher
- Added new patches to the data collections, against the following CVE vulnerabilities: CVE-2023-6985, CVE-2024-0699, CVE-2024-0668, CVE-2024-0428, CVE-2024-0761,CVE-2024-0842, CVE-2024-1072, CVE-2024-0685, CVE-2023-6875, CVE-2023-6933
Details
- Patcher
- Fixed an issue where some information could be missing while sending information to the API.
- Added a new rule against WP-Core cross-site scripting (XSS) vulnerability
- Process Analysis
- A new module is included in this package: Process Analysis module capable of finding malware that only exist in memory. It is disabled by default and can not be enabled from the dashboard, as it's in a closed Beta state for now.
bitninja (3.10.14) Thu, 25 Apr 2024 18:40
bitninja (3.10.13) Tue, 09 Apr 2024 13:56
- Patcher
- Fixed an issue regarding the cloud-config when BitNinja is installed.
- IpFilter
- Fixed an issue where a crash could have happened.
bitninja (3.10.12) Tue, 09 Apr 2024 13:56
- CloudConfig
- Fixed an issue regarding the cloud-config when BitNinja is installed.
bitninja (3.10.11) Tue, 09 Apr 2024 13:56
- The Agent is now compatible with native OpenLiteSpeed
- SslTerminating
- Fixed some problems that significantly increased the start of SslTerminating for large certificate volumes
- MalwareDetection
- Implemented config options that significantly reduce the resource consumption of MalwareDetection. At the same time, the scan time is increased. It only works with AI Scan and when the Optimize for low server performance impact option is enabled.
- load_friendly_timer - sets the amount of delay in milliseconds when processing files - Default value of the config option is 20000
- high_server_load_divider - sets the divisor of the hashes sent per batch (the original value of the hashes sent is 500) - Default value of the config option is 10
- IpFilter
- Added ipset_timeout config option to IpFilter to manually set the TTL in seconds of the IP addresses in the challenge list. The default value is 0, which means that no TTL is manually set.
bitninja (3.10.10) Wed, 27 Mar 2024 16:34
- Malware Detection
- Fixed an issue which sometimes made false positive md5 catches
bitninja (3.10.9) Wed, 20 Mar 2024 13:05
- Malware Detection
- Fixed an issue where a crash could have happened when the type of upload permission file was incorrect.
- Vulnerability Patcher
- Fixed an issue where a crash could have happened when the Vulnerability Patcher did not get the patches.
- SQL Scanner
- Fixed an issue where a crash could have happened when the SQL Scanner collected database information.
bitninja (3.10.8) Wed, 13 Mar 2024 12:25
- Malware Detection
- Fixed an issue where a crash could have happened when the AI Scan did not get the upload permission from the API.
- Fixed an issue regarding the validating malware signature types in case of the AI Scan where the signature state could have been missing and instead of log-only action quarantine or clean could happen.
- Config Parser
- Changed the new config check interval from 60 minutes to 1 minute.
- SQL Scanner
- Added two new SQL malware signatures to the ruleset.
- SslTerminating
- Added maxconn HAProxy config option to Cloud Config. Default value:
4000
- Spam Detection
- Fixed an issue where the
sendmail_bitninja
wrapper file permissions and group were not set to the same as the original sendmail permissions and group. - Added a fallback logic to the module in case there is an active CageFS service present on the server.
- Added
use_wrapper
config option to the Cloud Config which will force the module to use the sendmail wrapper if there is no active CageFS service present. - Changed the sendmail wrapper setup script to reload the webservers instead of restarting them.
bitninja (3.10.7) Fri, 08 Mar 2024 12:25
- Fixed an issue regarding a dependency version which could have caused the IpFilter module to get stuck and stop communication.
bitninja (3.10.6) Thu, 29 Feb 2024 09:45
- The Patcher (Vulnerability Patcher) module has been renewed, which is now able to fix various vulnerabilities.
- Two new CLI commands have been added regarding the Patcher module:
bitninjacli --module=Patcher --patch=CVE_EXAMPLE_2024_0101 --domainPath=/path/to/dir
bitninjacli --module=Patcher --restorePatch=/var/lib/bitninja/Patcher/backups/2024/01/01/example.php
- UI release is scheduled for a later date.
bitninja (3.10.5) Wed, 14 Feb 2024 10:30
- Fixed an issue regarding the Captcha HTTP where a wrong parameter type could throw a Request Exception in the module.
- Fixed an issue regarding the Malware Detection AI Scanner where the unknown file upload could cause out-of-memory crashes.
- Fixed an issue regarding the Malware Detection quarantine mechanism where during the quarantine process the unlink of the original failed and threw a warning message that it failed to rename the malicious file.
bitninja (3.10.4) Wed, 06 Feb 2024 13:50
-
Fixed an issue regarding the SpamDetection module where a combination of settings and software could lead to the temporary disruption of mailing services. - The issue could only occur where CloudLinux and Cagefs were present, and ea-php was used instead of alt-php.
-
Fixed an issue regarding the self-update mechanism on RPM-based systems where BitNinja would not auto-start after an update in some cases.
bitninja (3.10.3) Thu, 01 Feb 2024 15:25
-
Fixed an issue regarding the MalwareDetection scan command when it would not scan the path if it was a single file.
-
Fixed some custom log and certificate collection issues regarding the Config Parser module.
-
Increased the MalwareDetection cache cleanup percentage from 1% to 2%.
-
Added a mechanism to the MalwareDetection module which forces the module to scan the /var/spool/cron directory every 24 hours.
-
Added a new positive incident type to the Captcha which will indicate the result of a BIC or Captcha.
-
Extended the SpamDetection detector in a way that it will work with every SMTP solution that uses sendmail.
bitninja (3.10.2) Fri, 19 Jan 2024 12:55
-
Fixed the issues regarding the increased messaging error logs and stack traces introduced by the 3.10.1 version.
- Minor changes in our logging system.
bitninja (3.10.1) Tue, 16 Jan 2024 11:45
-
Fixed an issue regarding the SslTerminating module where the 60414 and 60415 ports were open after starting BitNinja despite the Close Direct Access config option being turned on.
-
Fixed an issue regarding the MalwareDetection module where the AI scanner did not send the files to the AI for further analysis.
-
Fixed an issue regarding the WafManager module where some ModSecurity log files were not deleted after 1 day.
-
Fixed an issue regarding the WafManager module where it could run out of memory because of oversized request logs.
-
Fixed an issue regarding the SqlScanner module where if there were some errors during the scan it could crash.
-
Fixed an issue regarding the SqlScanner module where it could crash if there were multiple webservers present on the server.
- Minor fixes regarding the error logging.
-
Finetuned the log detection patterns and extended the log detection paths in the SenseLog module.
-
Finetuned the PHP cache file detection pattern in the Malware Detection module.
bitninja (3.10.0) Thu, 14 Dec 2023 12:50
-
Added RHEL 9 support (Alma Linux 9, Rocky Linux 9, and Centos Stream 9 are now officially supported.)
-
Added tar as a dependency. (There were some cases where tar was missing.)
-
Changed the old BitNinja Site Protection logo to the BitNinja Server Security logo on the captcha page.
-
Fixed an issue regarding the Defense Robot module where the cleanup of the correlations could cause overload on the /tmp folder.
-
Moved the WordPress integrity check from Site Protection to the Data Provider module.
bitninja (3.9.2) Mon, 22 Nov 2023 15:02
- Extended the resource limitation with cgroup v2 support.
-
Fixed an issue regarding the Malware Detection module filesystem cache cleaner where it could clean the database more often than it should.
-
Fixed an issue regarding the Malware Detection module where the incident queue could not be flushed if bitninja-mq was restarted.
bitninja (3.9.1) Tue, 05 Dec 2023 10:35
-
Added an automatic cleanup for correlations to the Defense Robot module. This cleanup solution ensures that only the last 7 days of correlations are being kept.
-
Fixed an issue regarding the SystemD service file, where the Type=fork could cause problems starting the BitNinja Agent automatically.
-
Fixed the user page redirection and the display of the logo in the DirectAdmin plugin.
bitninja (3.9.0) Mon, 30 Nov 2023 12:35
-
Fixed an issue where we used apt-key and it caused a deprecated GPG key location warning.
- Changed the service manager from init.d to systemd.
bitninja (3.8.9) Mon, 22 Nov 2023 15:12
- Extended the resource limitation with cgroup v2 support.
-
Fixed an issue regarding the Malware Detection moduleâÂÂs filesystem cache cleaner where it could clean the database more often than it should.
-
Fixed an issue regarding the Malware Detection module where the incident queue could not be flushed if bitninja-mq was restarted.
bitninja (3.8.8) Mon, 20 Nov 2023 14:50
- Added WP Integrity Check command option to SiteProtection module
bitninja (3.8.7) Mon, 20 Nov 2023 12:10
-
The Malware Detection module now invalidates the Log Only results if the Log Only mode is turned off.
-
Fixed an issue where the redirections were wrong if a custom interface was added in Cloud Config.
-
Fixed an issue where an already established connection was not interrupted when the given IP was added to the greylist or to the blacklist.
-
Changed the SiteProtection plugin to open the login page and the dashboard on another page.
-
Fix an issue regarding the SiteProtection plugin where our login response handling was incorrect.
bitninja (3.8.6) Wed, 15 Nov 2023 07:10
-
Fixed an issue where the Malware Detection Active Scan could not start without the AI Scan enabled.
bitninja (3.8.5) Wed, 08 Nov 2023 16:10
- Added Active AI scan.
- Fixed several 400 Bad Request issues regarding the AI Scan.
-
Fixed an issue where there was an error regarding our UFW handling during the stopping of the IpFilter module.
-
Changed the minimum value of the resource limitation from 20 to 40 in Cloud Config.
bitninja (3.8.4)Tue, 17 Oct 2023 13:30
-
Fixed an issue regarding the Shogun when it lost connection to the message queue, which caused incidents not to be sent to the API.
bitninja (3.8.3)
Fri, 06 Oct 2023 07:06
-
Fixed an issue regarding the Shogun optimization which caused some messages to get stuck in the message queue.
bitninja (3.8.2) Tue, 04 Oct 2023 14:34
- Optimized incident processing and sending.
-
Fixed an issue regarding the Malware Detection module where some files were scanned multiple times.
bitninja (3.8.1) Tue, 03 Oct 2023 14:34
-
Fixed an issue regarding the locally saved module status file creation.
- Fixed an issue with the AI Scan API communication error codes.
bitninja (3.8.0) Thu, 28 Sept 2023 15:26
- Phase 2 (Deep Scan) has been added to the AI scan.
-
Excluded directories in the Malware Detection module which caused the inotify to use up many resources.
-
Changed rule 80_1_023 (SpamBots) to be turned off by default in SenseLog due to false positives.
bitninja (3.7.8)
Wed, 21 Sept 2023 15:06
- Added .discord.com to the reverse DNS whitelist.
-
Fixed an issue regarding the LiteSpeed config parsing where config files were not parsed correctly in the case of Enhance.
bitninja (3.7.7) Wed, 06 Sept 2023 14:12
-
Fixed an issue regarding the AI Scan where there were cases when empty files were uploaded for scan.
-
Fixed an issue where the Config Parser module did not parse the LiteSpeed configurations properly in the case of the Enhance Control Panel which caused invalid SSL Certificate errors.
-
Reintroduced the certMapping feature. From now on it can be used while the Cloud Config is enabled.
-
Cert mapping can be set in the /etc/bitninja/SslTerminating/certMappings.json manually as well as with the two new commands that have been added to the SslTerminating module.
-
bitninjacli --module=SslTerminating --add-cert --domain=<domain> --certFile=<certFile> --keyFile=<keyFile> | optional --chainFile=<chainFile>
-
bitninjacli --module=SslTerminating --del-cert --domain=<domain>
-
After modifying the cert mapping (even after using the add-cert and del-cert commands) a force-recollect will be needed.
- Known Issues:
-
The certMapping feature does not support wildcard domains (*.example.com) for now.
bitninja (3.7.6) Fri, 01 Sept 2023 20:44
-
Fixed Captcha showing server's IP address in certain server environments.
bitninja (3.7.5) Thu, 31 Aug 2023 10:47
- Fixed an issue regarding the module restart command which caused the module to stop and not start it back.
- Fixed the issue which caused the DirectAdmin plugin not to install.
- Added exclusion for Docker IPs during private IP auto-configuration.
- Added a configuration option to the IPFilter module (enableIpsetMode ) for turning CSF into IPSet mode during integration. This option is ON by default.
- The csf config location can also be set with a new config option called csf.conf. By default it is set to the default csf config path: /etc/csf/csf.conf.
bitninja (3.7.4) Wed, 23 Aug 2023 15:02
- Fixed an issue where delisting blocklisted IPs did not work.
- Fixed an issue regarding the Shogun where it was crashing when there were many incidents.
- Fixed an issue where the Shogun could not keep up with incidents from Malware Detection.
- Fixed an issue where Malware Detection could not add a signature and caused errors.
- Added a new command to the Malware Detection
remove-cache
which adds the ability to remove a file or directory from the filesystem cache. Usage:bitninjacli --module=MalwareDetection --remove-cache=<path> --file | --dir
bitninja (3.7.3) Wed, 16 Aug 2023 09:36
- Our service ports now automatically opened in UFW if it is enabled on the server.
- Private IP ranges are now automatically added to the Trusted Proxy.
- Private IPs are now auto-configured for WAF.
- Fixed an issue where the WAFHoneypot could not turn off properly because the honeypot files were not removed.
- Fixed an issue that caused redirect loops with WordPress sites behind Cloudflare.
- Fixed an issue regarding the disappearing WAF and Trusted Proxy redirections.
- Fixed an issue that caused changes to the WAF redirection mode not to apply immediately.
bitninja (3.7.2) Wed, 09 Aug 2023 14:22
- Fixed an issue regarding the first startup sync to the cloud-config.
- Fixed a Config Parser issue where the SSL certification was set in the main nginx configuration.
- Fixed an issue that prevented the IpFilter module to apply changes to allowed ports when set from Cloud Config.
- Fixed an issue that prevented the SslTerminating module to apply Cloud Config changes to the HAProxy configs.
bitninja (3.7.1) Wed, 02 Aug 2023 09:30
- Extended the filesystem cache cleaning mechanism, ensuring the database size is kept within limits.
- The filesystem cache is now re-enabled if the size is below the filesystem cache size limit.
- Fixed an issue regarding the filesystem cache when the database file was not found.
- Fixed an issue regarding the WAF when HEAD requests were hanging. (Also solves the Enhance file management issues.)
- Added .wordpress.org to the reverse DNS whitelist.
bitninja (3.7.0) Mon, 19 Jul 2023 14:53
- Added a config option called cpuUsageLimit in the System module, under the resources section.
- Fixed an issue regarding the crash report uploading.
- Fixed an issue regarding the SslTerminating cert mining when no certs were found.
- The Nginx process and its configuration are now reloaded in case of Cloud Config changes.
- Startup error logs are now more verbose instead of "Failed to access the API server" log.
bitninja (3.6.3) Mon, 10 Jul 2023 12:53
- Removed HTTP fallback from the agent.
bitninja (3.6.2) Tue, 4 Jul 2023 14:20
- Fixed the issue where users could not delist themselves if there were more than 1 IP addresses present in the X-Forwarded-For header.
- Fixed the issue where sometimes the file sizes were not saved properly in the filesystem cache during the AI scan.
- The CaptchaHttp page should now properly show the client IP.
- Added worker_connections as a config option to the WAFManager module which sets the worker_connections config option for Nginx.
- If this option has already been overridden in the local Nginx configs, the agent will automatically migrate it to the WAFManager config.
bitninja (3.6.1) Thu, 29 Jun 2023 14:25
- Fixed an issue regarding the Malware Detection scans which caused the scans to start multiple times with AI scan.
bitninja (3.6.0) Wed, 28 Jun 2023 15:22
- MalwareDetection
- Added the AI scan feature. Can be enabled via the enable_ai_scan option in the config. Disabled by default.
- Fixed a bug which caused AuditD to find files but the agent did not quarantine them.
- ProxyFilter
- Fixed the bug which caused some firewall rules to get duplicated.
bitninja (3.5.4) Tue, 20 Jun 2023 13:28
- Fixed the issue which caused user level trusted proxies to get ignored by the WAF.
- Fixed the issue which prevented blocking and challenging IPs coming from user level trusted proxies.
- The MalwareDetection module now shows if scans are running in its process title.
- Added CLI command for force recollect: bitninjacli --module=SslTerminating --force-recollect.
bitninja (3.5.3) Wed, 14 Jun 2023 11:43
- General
- Added a CLI switch to the DataProvider module called send-diagnostics which sends performance related diagnostics to the cloud.
- Enhance control panel is now detected correctly on secondary servers in the cluster.
- Fixed some configuration issues related to logging.
- MalwareDetection
- PostDetection scripts now receive the state and list of the signature which triggered them.
bitninja (3.5.2) Tue, 31 May 2023 16:21
- MalwareDetection
- Fixed an issue which caused scans to scan excluded directories during a full scan.
- The honeypotify config option works properly now.
- Fixed an issue which caused the file system monitor to start when the module reloads even though the module is disabled.
- WAF
- Updated Nginx from 1.15.6 to 1.23.3.
- IPFilter
- Fixed an issue regarding the IP set hierarchy, where the user-level blocklist was stronger than the global whitelist.
bitninja (3.5.1) Tue, 31 May 2023 16:21
- Reloading the ConfigParser module on an Enhance server caused the module to not parse configurations properly, this has been fixed.
- Post Detection scripts received the quarantined file path instead of the real file path if the MalwareDetection module was not in log only mode, this has been fixed.
- Fixed memory issues with the ConfigParser module.
- Fixed a minor issue in SiteProtection.
- Hotfixing in Proxyfilter, iptables rules were created more than once.
bitninja (3.5.0) Tue, 25 May 2023 11:48
- IpFilter
- Fixed firewall-related issues when CSF is present on the server.
- Reworked CSF integration.
- ProxyFilter
- The --status command now reports the status of the redirections.
- If redirection creation fails, the module retries multiple times.
- Added health check which runs every 5 minutes. This includes checking the redirections. They are recreated if missing.
- Health check logs the status of the redirections.
- The module can now process commands even during its setup.
- SiteProtection
- Fixed an issue where the login failed on some WordPress sites.
- Added the ability to update/reinstall all SiteProtection related plugins.
- MalwareDetection
- Added the --force-clean switch to the scan command. If this is passed to the command, the module will clean malware even if it is in log only mode. This option can be passed when called from the API as well.
- SslTerminating
- Added tune.maxrewrite, tune.bufsize, and tune.h2.initial-window-size to the Cloud Config. These settings can be fine-tuned if you encounter any issues with upload speeds.
- General
- Fixed numerous firewall issues which caused the server to be unavailable for a short time.
- Removed the error Could not find executable for command
docker
which was thrown around randomly by all modules. This did not cause any specific issues but it cluttered the logs. - Fixed a bug that caused some modules to crash when sending error logs to the API.
- Fixed a bug that caused the agent to revert to HTTP on startup even if it was set to HTTPS.
bitninja (3.4.5) Wed, 10 May 2023 14:55
- Fixed the issue which caused the agent to report that it is running even if it was not.
- Added support for the auditd module.
- Fixed an issue which caused the module to consume a lot of CPU.
- Fixed an issue where the Ssh module was not respecting the config's setting for max password failures
- Fixed an issue which caused the process to crash when too many IPs were blocked.
- Fixed the issue where the Shogun module consumed too much CPU when there were many incidents.
bitninja (3.4.4) Wed, 03 May 2023 16:44
- Fixed an issue which caused the ConfigParser to not save the files, which resulted in the inability to fetch the configurations.
- Fixed an issue which caused the Network module to use a lot of CPU.
- Fixed an issue which caused the WAF to block some CDN IPs.
- Fixed an issue which caused the WAF to not log all requests.
- Fixed an issue which caused the DirectAdmin to crash during the cleanup phase.
- Fixed an issue which caused the WAF to sometimes not block IPs.
- The CaptchaHttp page now includes the client IP.
- Fixed an issue which caused the IPFilter to not reload properly.
- Fixed an issue which caused the SslTerminating to not reload properly.
- Fixed an issue which caused the SslTerminating to not respect the correct SSL files.
bitninja (3.4.3) Tue, 25 Apr 2023 16:21
- Fixed an issue which caused the Network module to crash during startup if the server had a lot of network interfaces.
- Fixed an issue which caused the ConfigParser to sometimes fail when reading configurations from the cloud.
- Fixed an issue which caused the agent to sometimes restart when applying Cloud Config.
- Fixed an issue which caused the WAF to block some CDN IPs.
- Fixed an issue which caused the WAF to sometimes not log all requests.
- Fixed an issue which caused the Ssh module to use a lot of CPU when there were many IPs blocked.
- Fixed an issue which caused the Shogun to use a lot of CPU when there were many incidents.
- Fixed an issue which caused the SslTerminating to not reload properly.
bitninja (3.4.2) Wed, 19 Apr 2023 15:10
- Added the config option cert.cglSishedDomains to the SslTerminating module, which allows defining multiple domains for a single cert. Each domain should be separated by a comma.
- Fixed an issue which caused the ConfigParser to sometimes fail when reading configurations from the cloud.
- Fixed an issue which caused the agent to sometimes restart when applying Cloud Config.
- Fixed an issue which caused the WAF to block some CDN IPs.
- Fixed an issue which caused the Network module to crash during startup if the server had a lot of network interfaces.
bitninja (3.4.1) Tue, 11 Apr 2023 10:35
- Fixed an issue which caused the Shogun to use a lot of CPU when there were many incidents.
- Fixed an issue which caused the Ssh module to use a lot of CPU when there were many IPs blocked.
- Fixed an issue which caused the SslTerminating to not reload properly.
- Fixed an issue which caused the Network module to crash during startup if the server had a lot of network interfaces.
- Fixed an issue which caused the WAF to block some CDN IPs.
- Fixed an issue which caused the WAF to sometimes not log all requests.
bitninja (3.4.0) Tue, 04 Apr 2023 16:21
- Added the logs of the PostDetection scripts to the audit logs.
- Fixed an issue which caused the agent to sometimes restart when applying Cloud Config.
- Fixed an issue which caused the ConfigParser to sometimes fail when reading configurations from the cloud.
- Fixed an issue which caused the Network module to crash during startup if the server had a lot of network interfaces.
- Fixed an issue which caused the WAF to block some CDN IPs.
- Fixed an issue which caused the WAF to sometimes not log all requests.
- Fixed an issue which caused the Shogun to use a lot of CPU when there were many incidents.
- Fixed an issue which caused the Ssh module to use a lot of CPU when there were many IPs blocked.
bitninja (3.3.5) Tue, 28 Mar 2023 16:21
- Fixed an issue which caused the agent to sometimes restart when applying Cloud Config.
- Fixed an issue which caused the ConfigParser to sometimes fail when reading configurations from the cloud.
- Fixed an issue which caused the WAF to block some CDN IPs.
- Fixed an issue which caused the WAF to sometimes not log all requests.
- Fixed an issue which caused the Network module to crash during startup if the server had a lot of network interfaces.
- Fixed an issue which caused the Ssh module to use a lot of CPU when there were many IPs blocked.
- Fixed an issue which caused the Shogun to use a lot of CPU when there were many incidents.
bitninja (3.3.4) Tue, 21 Mar 2023 16:21
- Fixed an issue which caused the agent to sometimes restart when applying Cloud Config.
- Fixed an issue which caused the ConfigParser to sometimes fail when reading configurations from the cloud.
- Fixed an issue which caused the WAF to block some CDN IPs.
- Fixed an issue which caused the WAF to sometimes not log all requests.
- Fixed an issue which caused the Network module to crash during startup if the server had a lot of network interfaces.
- Fixed an issue which caused the Ssh module to use a lot of CPU when there were many IPs blocked.
- Fixed an issue which caused the Shogun to use a lot of CPU when there were many incidents.
bitninja (3.3.3) Tue, 14 Mar 2023 16:21
- Fixed an issue which caused the agent to sometimes restart when applying Cloud Config.
- Fixed an issue which caused the ConfigParser to sometimes fail when reading configurations from the cloud.
- Fixed an issue which caused the WAF to block some CDN IPs.
- Fixed an issue which caused the WAF to sometimes not log all requests.
- Fixed an issue which caused the Network module to crash during startup if the server had a lot of network interfaces.
- Fixed an issue which caused the Ssh module to use a lot of CPU when there were many IPs blocked.
- Fixed an issue which caused the Shogun to use a lot of CPU when there were many incidents.
bitninja (3.3.2) Tue, 07 Mar 2023 16:21
- Fixed an issue which caused the agent to sometimes restart when applying Cloud Config.
- Fixed an issue which caused the ConfigParser to sometimes fail when reading configurations from the cloud.
- Fixed an issue which caused the WAF to block some CDN IPs.
- Fixed an issue which caused the WAF to sometimes not log all requests.
- Fixed an issue which caused the Network module to crash during startup if the server had a lot of network interfaces.
- Fixed an issue which caused the Ssh module to use a lot of CPU when there were many IPs blocked.
- Fixed an issue which caused the Shogun to use a lot of CPU when there were many incidents.
bitninja (3.3.1) Wed, 01 Mar 2023 16:21
- Fixed an issue which caused the agent to sometimes restart when applying Cloud Config.
- Fixed an issue which caused the ConfigParser to sometimes fail when reading configurations from the cloud.
- Fixed an issue which caused the WAF to block some CDN IPs.
- Fixed an issue which caused the WAF to sometimes not log all requests.
- Fixed an issue which caused the Network module to crash during startup if the server had a lot of network interfaces.
- Fixed an issue which caused the Ssh module to use a lot of CPU when there were many IPs blocked.
- Fixed an issue which caused the Shogun to use a lot of CPU when there were many incidents.
bitninja (3.3.0) Tue, 21 Feb 2023 16:21
- Fixed an issue which caused the ConfigParser to sometimes fail when reading configurations from the cloud.
- Fixed an issue which caused the agent to sometimes restart when applying Cloud Config.
- Fixed an issue which caused the WAF to block some CDN IPs.
- Fixed an issue which caused the WAF to sometimes not log all requests.
- Fixed an issue which caused the Network module to crash during startup if the server had a lot of network interfaces.
- Fixed an issue which caused the Ssh module to use a lot of CPU when there were many IPs blocked.
- Fixed an issue which caused the Shogun to use a lot of CPU when there were many incidents.
bitninja (3.2.6) Wed, 15 Feb 2023 16:21
- Fixed an issue which caused the agent to sometimes restart when applying Cloud Config.
- Fixed an issue which caused the ConfigParser to sometimes fail when reading configurations from the cloud.
- Fixed an issue which caused the WAF to block some CDN IPs.
- Fixed an issue which caused the WAF to sometimes not log all requests.
- Fixed an issue which caused the Network module to crash during startup if the server had a lot of network interfaces.
- Fixed an issue which caused the Ssh module to use a lot of CPU when there were many IPs blocked.
- Fixed an issue which caused the Shogun to use a lot of CPU when there were many incidents.
bitninja (3.2.4) Wed, 29 Mar 2023 11:37
- Fixed numerous errors related to messaging.
- The message queue and the Dispatcher should be properly restarted now if they are not running.
- Fixed a bug where the SiteProtection did not get the WordPress path correctly.
- Fixed a bug where the SiteProtection WordPress plugin could not be uninstalled correctly.
- Added more whitelisted files to the SpamProtection config.
bitninja (3.2.3)Thu, 16 Mar 2023 16:38
- MalwareDetection
Added a command to create a validating signature from a file (can be called from the API),
name: CreateValidatingSignatureFromFileCommand. Accepts a single argument, which is the file path.
- SslTerminating
Added tune.maxrewrite, tune.bufsize, and tune.h2.initial-window-size to the config in the haproxyGlobalSettings section. These settings can be fine-tuned if you encounter any issues with upload speeds.
- IpFilter
Added a CLI command to test an IP against the ipsets for convenience: bitninjacli --checkip=ip
bitninja (3.2.2)Wed, 08 Mar 2023 18:37
Bug in the messaging system config management while using remote config is fixed
bitninja (3.2.1)Thu, 02 Mar 2023 17:15
There was a bug in SpamDetection that did not always set the whitelists.
bitninja (3.2.0) Thu, 02 Mar 2023 16:15
- MalwareDetection module
- Added a new signature type: md5-clean.
md5-clean signatures will clean malware efficiently during scan phase 1.
- Currently, user-level md5-clean signatures only.
Real-time malware detection can be disabled with the enable_active_scan option.
The create_signatures_during_phase2 option enables the agent to create
- md5 and md5-clean signatures during the phase 2 scan.
- By default, the option is disabled.
- Added support for inotify versions newer than 3.14.
- A proxy_read_timeout option is now added to the WAFManager module.
- This is a timeout threshold in the Nginx proxy.
If the option was overridden initially in the local Nginx configs, then the agent migrates the overridden value to this option.
- Added whitelist to SpamDetection for sender scripts.
- There is an option to add scripts by path or by file name.
- Whitelisted files will not be flagged as sender scripts.
- bitninja dispatcher 1.0.1
- Now can restore API connection if it fails.
Logs are now moved under the /var/log/bitninja-dispatcher/ directory.
- Log rotation is separate. It depends on the log size.
- The current log is always indicated by current.log.
bitninja (3.1.1) Wed, 22 Feb 2023 16:06
The --create-signature CLI command sometimes did not work, this has been fixed.
bitninja (3.1.0) Wed, 22 Feb 2023 11:55
- Reworked cert watching in the SslTerminating module.
- This should fix most cert detection issues.
- Increased default timeout in HAProxy to 5 minutes.
- Added config option for manual cert mapping.
- HAProxy should no longer crash if we pick up bad certificates.
- Logs will indicate if a certificate is bad.
SiteProtection extensions are now properly installed for every web server on the users' server.
- Added ability to toggle Malware Source Sending remotely.
- Reworked config parsing.
- Include directives under virtual hosts are properly handled.
- Added support for LiteSpeed XML.
- Fixed some crashes in the SpamDetection module.
bitninja (3.0.1) Thu, 16 Feb 2023 08:55
Messaging error fixed that caused the Shogun module to sometimes crash upon an incident
bitninja reliable-auto-update (1.0.2) Thu, 19 Sept 2024 13:14
- From now clients being able to choose between Stable, Frequent, Beta versions
- If the clients choose the noUpdate option in the dashboard, RAU will ignore the automatic updater for 30 days. After that set back the Frequent update channel and search for updates every 6 hours.
bitninja reliable-auto-update (1.0.1) Thu, 08 Aug 2024 12:11
- This standalone service runs in the background alongside BitNinja, using minimal resources, and is responsible for keeping BitNinja up-to-date.
- Currently, it checks every 6 hours if there is an up-to-date version of BitNinja and updates it.
- This package is only available from the BitNinja Linux Agent 3.10.23 version.
bitninja (1.0.2) Mon, 06 Nov 2023 12:32
- Added Malware Detection feature which includes the following features:
- AI Scan
- Parallel malware scans (manual and scheduled)
- Windows Defender compatibility (quarantine folder added to excluded folders)
- Dashboard compatibility. Scans can be started and canceled through the dashboard.
- Changed error handling. If there is an unknown error, there will be a stack trace in the logs which will help to solve the issue.
- Installer changes:
- Uninstall optimization
bitninja (1.0.0.1)
Mon, 11 Sep 2023 14:33
- Numerous stability and performance improvements and fixes.
- Improved HTTP packet handling.
bitninja (0.0.1)
Tue, 29 Aug 2023 12:15
- Initial Release.
BitNinja WAF Rules 2.0.4 Mon, 26 Aug 2024 07:30
LiteSpeed Cache Incorrect Privilege Assignment
BitNinja WAF Rules 2.0.3 Tue, 28 May 2024 11:34
Block ClaudeBot User-Agent
BitNinja WAF Rules 2.0.2 Thu, 16 May 2024 11:34
Anti RCE Malware Rule
BitNinja WAF Rules 2.0.1 Wed, 10 Apr 2024 13:19
Wordpress Plugin Vulnerability Protection
BitNinja WAF Rules 2.0.0 Wed, 14 Feb 2024 10:30
Virtual Honeypot
400112
400113
400114
400115
400116
Wordpress Backdoor Protection
401001
401002
401003
401004
401005
401006
Drupal Remote Execution Protection
402001
402002
402003
Modx Revolution Remote Execution Protection
403001
Scanner Detection
404001
404002
404003
404004
Magento Remote Execution Protection
405001
405002
405003
405004
405005
405006
405007
405008
Wordpress Plugin Vulnerability Protection
406001
406002
406003
406004
406005
406006
406007
406008
406009
406010
406011
406012
406013
406014
406015
406016
406017
406018
406019
406020
406021
406022
406023
406024
406025
406026
406027
406028
406029
406030
406031
406032
406033
406034
406035
406036
406037
406038
406039
406040
406041
406042
406043
406044
406045
406046
406047
406048
Botnet Protection
407001
407002
407003
Symfony Protection
408001
AntiMalware Protection
409001
409002
409003
409004
409005
409006
409007
409008
409009
409010
409011
409012
409013
409014
409015
409016
409017
409018
Other Rules
410001
410002
410003
410004
410005
410006
410007
410008
410009
410010
410011
410012
410013
410014
410015
410016
410017
410018
410019
410020
410021
410022
410023
410024
Typo3 and Magento Exclusions
1040001
1040002
OWASP WAF Rules 2.0.0 Wed, 14 Feb 2024 10:30
Scanner Detection
913101
913102
913110
913120
Protocol Attack
921110
921120
921130
921140
921150
921151
921160
921170
921180
Local File Inclusion
930100
930110
930120
930130
Remote File Inclusion
931100
931110
931120
931130
Remote Code Execution
932100
932105
932110
932115
932120
932130
932140
932150
932160
932170
932171
PHP General Attacks
933100
933110
933111
933120
933130
933131
933140
933150
933151
Cross Site Scripting
941100
941101
941110
941120
941140
941150
941160
941170
941180
941190
941310
941350
SQL Injection
942100
942110
942120
942130
942140
942150
942160
942170
942180
942190
942200
942210
942220
942230
942240
942250
942251
942260
942270
942280
942290
942300
942310
942320
942330
942340
942350
942360
942370
942380
942390
942400
942410
942420
942421
942430
942431
942432
942440
942450
942460
Session Fixation
943100
943110
943120
Data Leakages
950130
Data Leakages (SQL)
951100
951110
951120
951130
951140
951150
951160
951170
951180
951190
951200
951210
951220
951230
951240
951250
951260
Data_Leakages_Java
952100
952110
Data_Leakages_PHP
953100
953110
953120
Data_Leakages_IIS
954100
954110
954120
954130
CVE-2023-6933 (WP Plugin - Better Search Replace )
Tue, 30 Apr 2024 10:21
- The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVE-2023-6875 (WP Plugin - The POST SMTP Mailer )
Tue, 30 Apr 2024 10:21
- The POST SMTP Mailer â Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.
CVE-2024-0685 (WP Plugin - Ninja Forms Contact Form )
Tue, 30 Apr 2024 10:21
- The Ninja Forms Contact Form â The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export.
CVE-2024-1072 (WP Plugin - The Website Builder by SeedProd )
Tue, 30 Apr 2024 10:21
- The Website Builder by SeedProd â Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23.
CVE-2024-0842 (WP Plugin - Backuply )
Tue, 30 Apr 2024 10:21
- The Backuply â Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.
CVE-2024-0761 (WP Plugin - File Manager )
Tue, 30 Apr 2024 10:21
- The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access.
CVE-2024-0428 (WP Plugin - Index Now )
Tue, 30 Apr 2024 10:21
- The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'reset_form' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2024-0668 (WP Plugin - Advanced Database Cleaner )
Tue, 30 Apr 2024 10:21
- The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVE-2024-0699 (WP Plugin - The AI Engine: Chatbots, Generators, Assistants, GPT 4 )
Tue, 30 Apr 2024 10:21
- The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2023-6985 (WP Plugin - 10Web AI Assistant )
Tue, 30 Apr 2024 10:21
- The 10Web AI Assistant / AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site.
CWE-79 (WP < 6.5.2 - Unauthenticated Stored XSS)
Thu, 25 Apr 2024 18:40
- WordPress does not escape the Author name of its Avatar block when some settings are enabled, leading to Stored Cross-Site Scripting. In a default setup, contributor and above users could perform such attack. However, if the blog is using the mentioned settings in the comment template, then unauthenticated users could exploit this
CVE-2023-5860 (Icons Font Loader Plugin for WordPress)
Mon, 22 Mar 2024 10:49:08
- Vulnerable to arbitrary file uploads due to missing file type validation.
- Allows authenticated attackers with administrator-level access to upload arbitrary files.
- Remote code execution may be possible.
CVE-2023-5815 (News & Blog Designer Pack WordPress Plugin) Mon, 22 Mar 2024 10:49:08
- Vulnerable to Remote Code Execution via Local File Inclusion.
- Allows unauthenticated attackers to include arbitrary PHP files and achieve remote code execution.
- Docker configurations may exacerbate the risk.
CVE-2023-5466 (Wp Anything Slider Plugin for WordPress)
Mon, 22 Mar 2024 10:49:08
- Vulnerable to SQL Injection via the plugin's shortcode.
- Allows authenticated attackers with subscriber-level and above permissions to append additional SQL queries.
- Can be used to extract sensitive information from the database.
CVE-2023-5465 (Popup with Fancybox Plugin for WordPress)
Mon, 22 Mar 2024 10:49:08
- Vulnerable to SQL Injection via the plugin's shortcode.
- Allows authenticated attackers with subscriber-level and above permissions to append additional SQL queries.
- Can be used to extract sensitive information from the database.