AntiFlood
The duty of this module is to receive incidents from other modules and prevent attackers from flooding your system with incidents.
For example, the CaptchaHttp module shows a CAPTCHA screen for visitors if they are challenge listed. But what if an attack is ongoing against the CAPTCHA module? The AntiFlood module will find this flood attempt and temporarily block list the IP, preventing the overload of the HTTP CAPTCHA module.
The basic idea of BitNinja is to integrate different security tools into a single modular system. This way the modules can intercommunicate and use each other’s services. The AntiFlood module is also an often-used module for other BitNinja processes. Anything that can send incidents will send them to the AntiFlood module as well. This way if there are some trials the log analyzer, HTTP CAPTCHA, or SMTP CAPTCHA catch, this information will all be available locally for the AntiFlood module. This way it can detect the attack and prevent further overuse and scans.
Configuration
Threshold limits can be set in the config file: /etc/bitninja/AntiFlood/config.ini
or directly from the Dashboard's Configuration page -> AntiFlood (Advanced Modules).
;
; Limits for AntiFlood module
;
[limits]
;limit before getting on block list
blacklist=15
;limit before getting on challenge list
greylist=10
;1 hour
expiredtime=3600
;5 days
agedtime=432000
Don't forget to sync your local configuration to the cloud with bitninjacli --syncconfigs