Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Bitninja Abuse Reports
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Bitninja Abuse Reports

agoldenbergagoldenberg Member, Host Rep

Has anyone ever received any of these?

I keep getting these against the main IP of one of my shared hosting servers. The IP in question is only used for the root domain and I have had several techs look through the logs for any traffic to where they are claiming to be receiving malicious packets.

Does anyone have any experience with these people?

I'd like to have someone take a look through my server who has experience with this garbage and nip it in the bud.

Thanks guys!

Thanked by 1inthecloudblog
«1345678

Comments

  • I get them quite a bit, something about google maps API abuse and it's normally someone scanning for exploits on an IP range

    Thanked by 1doghouch
  • agoldenbergagoldenberg Member, Host Rep

    Thing is there is 0 outbound or inbound to any of their servers! We've checked all the logs countless times and yet still nothing.

  • What logs have you checked? Do you have full packet / netflow logs?

  • They're not credible. I've seen a bunch of people's providers taking those clowns seriously.

  • linuxthefishlinuxthefish Member
    edited November 2015

    What does it say you are listed for?

    The worst that happens if you stay listed is your IP gets blocked on other peoples's servers who use bitninja, so it's not the end of the world.

  • agoldenbergagoldenberg Member, Host Rep

    @linuxthefish They are saying their honeypot has detected malicious packets.

  • zafouharzafouhar Veteran
    edited November 2015

    @agoldenberg said:
    linuxthefish They are saying their honeypot has detected malicious packets.

    their honeypot has usually no idea what its detecting, i've experienced loads of false positives.

  • Used to get them all the time when working abuse@ for a past provider. Folks are in the "third party alert" / blacklist business.

  • agoldenbergagoldenberg Member, Host Rep

    Kinda what I figured... They're based in Hungary...

  • GM2015GM2015 Member
    edited November 2015

    Yeah, but that doesn't mean Hungarians live off blackmailing others.

    What can they do to you? No sane person take them seriously.

    agoldenberg said: They're based in Hungary...

    Send them some "packets" of these http://dicksbymail.com/

    linuxthefish said: Could be anything or even spoofed traffic I guess, bit of a silly detection thing for just "packets" :/

  • @agoldenberg said:
    linuxthefish They are saying their honeypot has detected malicious packets.

    Could be anything or even spoofed traffic I guess, bit of a silly detection thing for just "packets" :/

  • NyrNyr Community Contributor, Veteran

    They are selling "server security as a service". They only want you to buy their shit.

  • Well i have received several reports in the past about some IP trying to bruteforce other people's wordpress installs and it turned out to be true - there was some malware uploaded on that server via some compromised site. So you need to check all the websites you host, there is a high chance there is some insecure wordpress / joomla / whatever.

  • I've also received them .

  • agoldenbergagoldenberg Member, Host Rep

    @rds100 we've run clamav and rootkit checker and have manually checked all hosted WordPress files. They all are 100% pure WordPress. Definitely nothing out of the ordinary.

  • What did you receive yours for? Connecting to the internet?

    inthecloudblog said: I've also received them .

  • DennisdeWitDennisdeWit Member
    edited November 2015

    Swiftway passed an Abuse Report of BitNinja to me about a month ago. The only way to solve your problem, is to buy their product. You don't have to take these clowns seriously. It's just a new way of spamming sys-admins.

    However, since you are hosting Wordpress, I can give you 2 more advises

    Thanked by 1GM2015
  • DennisdeWit said: However, since you are hosting Wordpress, I can give you 2 more advises - Use Maldet - Download Web Shell Detector (http://www.shelldetector.com). I found it a very useful tool!

    Uhh...are you really running that webshelldetector? Did you checkout the github's comments? https://github.com/emposha/PHP-Shell-Detector/issues/24

    It looks pretty shady

  • I can recommend Aibolit. More informatio is here: https://www.revisium.com/aibo/

  • Hello everyone! :) I'm Bogi from the BitNinja team. And I'd just like to confirm that the reports we send out are to draw the attention or server/site owners to hidden vulnerabilities that are used for cyber attacks secretly.

    The information in the reports are real and real time. Please, don't hesitate to contact us ([email protected]) when you get reports like these, we'll help you finding problem and analyze the attacks.

    And for the sceptical minds: we are not clowns at all. We are ninjas who fight to make the internet a safer place. ;)

  • image

    https://en.wikipedia.org/wiki/Ninja

    The functions of the ninja included: espionage, sabotage, infiltration, assassination and guerrilla warfare.[1] Their covert methods of waging irregular warfare were deemed "dishonorable" and "beneath" the samurai-caste, who observed strict rules about honor and combat.

    https://bitninja.io/pricing/

    I see nothing else than your reports drawing attention to your pricing.

    Spamvertising.

    BogiAngalet said: we are not clowns at all

    BogiAngalet said: We are ninjas

  • @BogiAngalet said:
    And for the sceptical minds: we are not clowns at all.

    Clowns. I can confirm that bitninja program is written only in PHP. Anyone can check the source and use it in a bad way. For instance false abuse reports.

    Thanked by 2GM2015 doughmanes
  • @BogiAngalet clown much

    Thanked by 1GM2015
  • VirpusVirpus Member, Host Rep

    Up selling.

  • NyrNyr Community Contributor, Veteran

    BogiAngalet said: hidden vulnerabilities that are used for cyber attacks secretly

    The only problem here are clueless providers taking you seriously and acting based on your bullshit.

  • doghouchdoghouch Member
    edited December 2015

    @linuxthefish said:
    I get them quite a bit, something about google maps API abuse and it's normally someone scanning for exploits on an IP range

    For me, they said that my shared server was infected with a "PUP" that was "backdooring" one of their servers... thank goodness I was on CC at the time or else their fake reports would get me pulled offline. (again, if this is offensive to CC, @jbiloh can remove this)

  • GM2015GM2015 Member
    edited December 2015

    You don't have pups on your servers?
    image

    Our pup comes in the front door, no need for backdoors. Quite the reverse actually, the dog's not allowed to go out the front door and can only go outside via the backdoor.

    Our dog is a bitnija.

    doghouch said: For me, they said that my shared server was infected with a "PUP" that was "backdooring" one of their servers... thank goodness I was on CC at the time or else their fake reports would get me pulled offline.

  • doghouchdoghouch Member
    edited December 2015

    @GM2015 said:
    You don't have pups on your servers?
    image

    Our pup comes in the front door, no need for backdoors. Quite the reverse actually, the dog's not allowed to go out the front door and can only go outside via the backdoor.

    Our dog is a bitnija.

    Aw... that "PUP" is cute :)

  • yeah, it probably uses backdoors if you leave the doors open.

    https://duckduckgo.com/?q=pup&iax=1&ia=images

    doghouch said: that "PUP" is cute :)

  • The pup's cute, that's true. :D

    " I can confirm that bitninja program is written only in PHP. Anyone can check the source and use it in a bad way. For instance false abuse reports." - We think that there's no unhackable system, no matter what language was used to create it. For the mentioned case, we have server side tools against compromising the PHP code to use it for sending out fake reports.

    Just please keep in mind that we are always happy to help. If you feel you got any false positive reports, just contact us ([email protected]) so as we can provide more details about the incidents we received.

Sign In or Register to comment.