BitNinja has a built-in module for monitoring current active connections and interfering in case of a potential denial of service attack. If there are more than 80 connections from a single IP, BitNinja detects it as an attack. The 80 threshold can be configured on a per port basis.


To change the default thresholds create a config file at /etc/bitninja/DosDetection/config.ini

An example content for the config.ini file:

; Thresholds set to DoS Detection

general = 80
; Threshold for remote SMTP servers.
remote[25] = 200
remote[53] = 200
; Threshold for local ports
local[22] = 40

;You can set restrictions for remote and local ports. For example to change
;the number of connections allowed to the default IMAP4 port (143) you can do this:

local[143] = 150

When BitNinja detects a DoS attack, it will block the IP for 1 minute and then place it to the greylist allowing the user to delist his/her IP. To change the default threshold, you can modify /etc/bitninja/IpFilter/config.ini, or add this section with the proper value:

; Temporary blacklist time in DoS suspicious requests; default: 60
tmp_bl_sec = 60

You can read more about the greylist on the CaptchaHttp - Http Captcha module page.

Don’t forget to restart BitNinja after creating the custom restrictions.

service bitninja restart