The CaptchFtp module is an FTP server capable of both active and passive mode, integrated into the BitNinja agent.
This module will check the IP addresses that try to connect to it, and detect if the IP is on the BitNinja greylist.
If the IP is greylisted, it will simulate the FTP connection and won't allow any real FTP operations for the malicious IP.
Using the simulated FTP connection, the owner of the greylisted IP will find a file named
This file contains instructions on how to delist the IP address. The instructions explain that the owner of the greylisted IP address should visit the IP of the server in a browser and resolve the CAPTCHA.
If the attacker with the greylisted IP address will try to upload a file using the simulated FTP connection,
the file will be saved only to the BitNinja quarantine folder. This folder is located in
For example if the attacker is trying to upload a file named
backdoor.php on 2nd January 2019,
the file will be saved to this location:
and will be renamed by the following pattern:
For even more information, you can read our blog article about the CaptchaFtp module on our website: https://bitninja.io/blog/2019/01/07/new-feature-available-ftp-captcha
The CaptchaFtp module is disabled by default. You can enable it using the following command:
bitninjacli --module=CaptchaFtp --enabled
Relations to other modules
Customizing the port of CaptchaFtp
You can customize the default port of the CaptchaFtp module in the
by modifying the port numbers in the configuration.
The default configurations are the following:
listen_addr = "0.0.0.0"
listen_port = 60210
low_port = 60211
high_port = 60250
max_conn = 10
max_conn_per_ip = 3
server_name = "BitNinja FTP CAPTCHA server"
If you want to change the default port from 60210 to something else, you should modify the value of
listen_port in the
If you want to change the default range for FTP passive mode from 60211-60250, you should change the values of
high_port in the
After you've changed the values in the config file and saved it, you should reload the CaptchaFtp module with the following command:
bitninjacli --module=CaptchaFtp --reload