Skip to main content

Intro

Files

The agent is installed to C:\Program Files\BitNinja (Program Files (x86) on 32-bit systems). Under this folder there is only a single executable which is the agent itself and a config folder with a config file in it. This config should not be modified. Also, the agent should not be started manually via the executable, it is done by a service.

There are also other folders related to BitNinja:

  • C:\ProgramData\BitNinja\BitNinjaConfig

    • Currently, this folder contains a single JSON file which holds the license information related to the server.

  • C:\ProgramData\BitNinja\BitNinjaLib

    • This folder is a working directory and contains temporary files. There is no need to do anything with them.

The above folders should not be deleted.

Logs

The Windows agent has a single log file at C:\ProgramData\BitNinja\main.log.

Features

The first version of BitNinja for Windows implements the IP Reputation feature which works just like its Linux counterpart with a few limitations.

The Windows version supports the following lists:

  • Block list
  • Allow list
  • Challenge list (over HTTP only - We do block on HTTPS but no Captcha is present)
  • AntiMalware (new)

For IP addresses on the Challenge list, we display the same Captcha page as with the Linux version. After the visitor solves the Captcha, they will see a page which says “Reloading” for a brief period (2-5 seconds at most) because delisting takes more time on Windows.

When the Windows agent starts, these lists and their rules are immediately applied.

Current limitations

  • Any setting applied to a Windows server through the dashboard other than IP delisting (or adding an IP to a list) will not be applied to the agent.
  • Currently, the Windows agent can not be invoked through the CLI.
    • This means that any list manipulation (such as adding an IP to the white list) must be done via the Dashboard.
  • The loading of the IPs is single-threaded, resulting in varying load times and generated load depending on the single-core performance of the CPU.
  • As we are reconstructing the HTTP packages, running the service may result in slightly increased latency (depending on the single-core performance of the CPU).
  • BitNinja for Windows installs 2 services on the server:
    • BitNinja Service: Can be started/stopped/restarted if needed but wait a couple of minutes before stopping after it is started.
    • BnipfService: It is not recommended to stop or restart this manually as that might cause issues.
  • The Captcha will only be displayed through HTTP (port 80). Challenge listed IP addresses connecting through HTTPS (port 443) will be just blocked.
  • IPv6 is not supported.
  • Country blocking and IP ranges on any of our lists in general are not supported.
  • The challenge and block lists do not work with sites behind proxies (e.g. CloudFlare).
  • This version has no auto-update support, this will be supported in later releases.
  • Resolving a captcha might take a few seconds before the IP is removed from the Challenge list.