Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Bitninja Abuse Reports - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Bitninja Abuse Reports

245678

Comments

  • @BogiAngalet said:
    The pup's cute, that's true. :D

    " I can confirm that bitninja program is written only in PHP. Anyone can check the source and use it in a bad way. For instance false abuse reports." - We think that there's no unhackable system, no matter what language was used to create it. For the mentioned case, we have server side tools against compromising the PHP code to use it for sending out fake reports.

    Just please keep in mind that we are always happy to help. If you feel you got any false positive reports, just contact us ([email protected]) so as we can provide more details about the incidents we received.

    Honestly what the fuck did you just write.. I'm really considering the fact that you're either not part of Bitninja or you are and you're stupid as fuck.

    Thanked by 1k0nsl
  • alexvolk said: Clowns. I can confirm that bitninja program is written only in PHP. Anyone can check the source and use it in a bad way. For instance false abuse reports.

    Do you think it would be more secure to use any other programming language? Of course not. We do not trust the incidents sent by the servers, but we trust in the power of the community. We only send out a report if there are incidents about an IP from different users, different servers, different IP subnets.

    Anyway if you received a report you believe is false positive, please feel free to send it to me or my colleague.

  • AnthonySmithAnthonySmith Member, Patron Provider
    edited December 2015

    I don't respond to bitninja abuse reports, their whole business model is to report a load of bollocks to get big DC's to sign up with them, they even spamvertise in their own abuse reports.

    And the only way to whitelist is with paid membership, this is a blacklist setup with nothing but commercial gain in mind, absolute clowns.

    Ignore them.

  • agoldenbergagoldenberg Member, Host Rep

    I still have received no detailed report from @bitninja_george for those interested but yup pretty much 100% bull shit.

  • Hi all,

    @agoldenberg pmed one of his IP. I have sent him all the reports with full domain and IP details. So here is what we have found regarding @agoldenberg without any details.
    Originally the IP was greylisted because of these logs:


    *******.hu ..214.10 - - [ +0100] "GET /wp-admin/network/system.php?450699=1&babaraba=vb&php4=1&root=1&upl=1&wphp4=1&abdullkarem=1&wp=1&module=1&php=1&php5=1&wphp5=1 HTTP/1.0" 404 3924 "-" "-"
    *******.hu ..214.10 - - [ +0100] "GET /wp-content/uploads/2015/system.php?450699=1&babaraba=vb&php4=1&root=1&upl=1&wphp4=1&abdullkarem=1&wp=1&module=1&php=1&php5=1&wphp5=1 HTTP/1.0" 404 3931 "-" "-"
    *******.hu ..214.10 - - [ +0100] "GET /wp-includes/system.php?450699=1&babaraba=vb&php4=1&root=1&upl=1&wphp4=1&abdullkarem=1&wp=1&module=1&php=1&php5=1&wphp5=1 HTTP/1.0" 404 3923 "-" "-"
    *******.hu ..214.10 - - [ +0100] "GET /wp-includes/images/system.php?450699=1&babaraba=vb&php4=1&root=1&upl=1&wphp4=1&abdullkarem=1&wp=1&module=1&php=1&php5=1&wphp5=1 HTTP/1.0" 404 3931 "-" "-"
    *******.hu ..214.10 - - [ +0100] "GET /wp-includes/simplepie/parse/system.php?450699=1&babaraba=vb&php4=1&root=1&upl=1&wphp4=1&abdullkarem=1&wp=1&module=1&php=1&php5=1&wphp5=1 HTTP/1.0" 404 3923 "-" "-"
    *******.hu ..214.10 - - [ +0100] "GET /wp-includes/images/smilies/system.php?450699=1&babaraba=vb&php4=1&root=1&upl=1&wphp4=1&abdullkarem=1&wp=1&module=1&php=1&php5=1&wphp5=1 HTTP/1.0" 404 3924 "-" "-"

    Then we received more than 350 malicious requests from 2015-10-27 11:24:11 to 2015-10-30 11:24:26 on 18 different servers from different customers. Geographically totally different places like Canada, USA, Greece, Hungary, Netherlands, etc. It is impossible and also makes no sense to forge this traffic. Many of the incidents were collected from apache logs on customers servers, not even by our honeypot system. We have sent 3 incident reports about this IP.


    ..214.10 - - [ -0400] "GET /wp-includes/simplepie/net/system.php?450699=1&babaraba=vb&php4=1&root=1&upl=1&wphp4=1&abdullkarem=1&wp=1&module=1&php=1&php5=1&wphp5=1 HTTP/1.0" 508 7287 "-" "-"
    ..214.10 - - [ -0700] "GET /wp-admin/network/system.php?450699=1&babaraba=vb&php4=1&root=1&upl=1&wphp4=1&abdullkarem=1&wp=1&module=1&php=1&php5=1&wphp5=1 HTTP/1.0" 404 20854 "-" "-"
    ..214.10 - - [ -0400] "GET /wp-content/uploads/system.php?450699=1&babaraba=vb&php4=1&root=1&upl=1&wphp4=1&abdullkarem=1&wp=1&module=1&php=1&php5=1&wphp5=1 HTTP/1.0" 403 - "-" "-"
    ****.com/wp-includes/simplepie/content/system.php?450699=1&babaraba=vb&php4=1&root=1&upl=1&wphp4=1&abdullkarem=1&wp=1&module=1&php=1&php5=1&wphp5=1
    *Url: [***.gr/wp-content/themes/yakimabait/download.php?file=./wp-config.php]
    ***.gr/wp-content/force-download.php?file=../wp-config.php
    ***.org/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php
    ***.gr/wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php
    ***.gr/wp-content/themes/markant/download.php?file=../../wp-config.php
    ***.biz/wp-admin/

    Do you guys really can't see the value about this report? This helps a lot to trace down the infection and clean the infected wp-s. We even plan to enhance the free version of bitninja with a module to auto trace such infections in the near future.

  • Your report is about as valuable as your scam company, which is worthless.

    Thanked by 2ATHK Scottsman
  • I was getting bitninja abuse reports every once or twice a month when I was hosting with my old provider. I had no idea what was going on. The server provider also failed to enlighten me about it. All he could tell me was that "something is happening which needs fixing". Server load was normal and there was nothing I could find in csf firewall. The server provider would direct me to bitninja logs page where I could see my IP but nothing else. Then I became suspicious that maybe the server provider want's me to sign up to something because he would always direct me to bitninja logs page(maybe it was his affiliate link) He didn't suspend my service but I was getting fed up with these reports so I changed the server and ever since I moved to my new provider never got any such reports. Its been almost 3 months. Which means there was no malicious activity going on my server.

    Thanked by 2GM2015 Scottsman
  • stallion said: Which means there was no malicious activity going on my server.

    Or it could mean that the new provider just deletes all bitninja reports instead of forwarding those to you :)

  • I wonder if the honeypots are putting the IP from X-Forwarded-For in the logs?

  • AnthonySmithAnthonySmith Member, Patron Provider

    The bottom line is you have to pay $20 to be able to de-list or view actual logs, the value of which is absolutely zero anyway, only a matter of time before they get hacked for running this scam and peoples info gets dumped then they lose the lot, including the credibility they seem to think they have.

    Thanked by 2GM2015 Pwner
  • dig bitninja.io a

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4000
    ;; QUESTION SECTION:
    ;bitninja.io.           IN  A
    
    ;; ANSWER SECTION:
    bitninja.io.        11763   IN  A   80.249.163.184
    

    Anyone want to send Alba Internet Ltd. abuse reports about spam mail coming from bitninja?

    Thanked by 1AlwaysSkint
  • Someone spamhaus them ^^ as soon as they delist spamhaus them again if you get another report.

    Is it in your favor @GM2015?

    Thanked by 1AlwaysSkint
  • What? I've never heard of spamhaus or bitninja.

    Hidden_Refuge said: Is it in your favor @GM2015?

  • @linuxthefish said:
    I wonder if the honeypots are putting the IP from X-Forwarded-For in the logs?

    Currently if there is a request from a proxy, we simply let the traffic in (for example traffic from CloudFlare, Incapsula, etc. ) or use the restrictions for the proxy server IP. With our WAF module it will change in the near future as we can use the X-Forwarded-For or similar header info and make decision and incidents based on the real IP. In case of log analysis if the http server is well configured (in case of apache you can use the RPAF module or clones) then you can see the real IP in the logs.

  • AnthonySmith said: The bottom line is you have to pay $20 to be able to de-list or view actual logs, the value of which is absolutely zero anyway

    You don't have to pay. We provide logs and delisting for free to anyone.

  • localidiotlocalidiot Member
    edited March 2016

    vnt

  • FoulFoul Member

    localidiot said: Do you not know how ignorant you are?

    Nice Necro.....

    @jarland pls close

  • jarjar Patron Provider, Top Host, Veteran

    localidiot said: Do yourself a favor and check yourself

    Before he wrecks himself?

    Thanked by 3KuJoe linuxthefish GCat
  • Lol I like his username, at least he knows he is an idiot

  • @BogiAngalet said:
    The pup's cute, that's true. :D

    " I can confirm that bitninja program is written only in PHP. Anyone can check the source and use it in a bad way. For instance false abuse reports." - We think that there's no unhackable system, no matter what language was used to create it. For the mentioned case, we have server side tools against compromising the PHP code to use it for sending out fake reports.

    Just please keep in mind that we are always happy to help. If you feel you got any false positive reports, just contact us ([email protected]) so as we can provide more details about the incidents we received.

    Contact ? Seriously ?
    Do you guys even reply ?

    PS : The best way to tackle bitninja is to get ur provider talk on behalf of you. Or get a Paid Plan from bitninja.

  • GCatGCat Member

    I get tons of bitninja reports, they always end up in spam with a filter of "went full retard"

    Thanked by 1Scottsman
  • GCat said: "went full retard"

    That is not fair to those that are mentally challenged.

  • AnthonySmithAnthonySmith Member, Patron Provider

    I just setup a rule, their reports are deleted at the server after being forwarded back to their info address, when I get them from upstream I simply give a stock reply that it is not abuse, please ask the reporter to fully qualify the abuse type for every date in the semi obfuscated log, about 100 reports later not a single reply from bit ninja.

    Complete scam and a joke of a blacklist.

  • Having read through this reddit page: https://www.reddit.com/r/sysadmin/comments/384q3b/my_server_was_just_suspended_because_of_a/
    And then finding out how deep you actually would need to look for the possible issue the bitninja is reporting you as malicious (down to the closing comment on the reddit page) makes me wonder how many pretentious asshats are in this discussion, with shallow knowledge at best…

  • ScottsmanScottsman Member
    edited November 2016

    Funny enough, my host suspended my dedi for a retardedninja report.
    @BrianHarrison this is what your staff/colleagues suspended my server for :)

    Thanked by 1PieHasBeenEaten
  • Hello,
    We don't want to bother any innocent server owner. If you have a problem with greylisting, feel free to contact us. Please write to [email protected], and we will help. :)

  • AnthonySmithAnthonySmith Member, Patron Provider
    edited November 2016

    @BitNinja said:
    Hello,
    We don't want to bother any innocent server owner. If you have a problem with greylisting, feel free to contact us. Please write to [email protected], and we will help. :)

    You absolutely do want to do that, this is what generates your revenue.

    You essentially ignore that email address completely.

    Commercial blacklists are scum, I hope your business fails, soon.

    I have already convinced 3 DC's to put all bitninja crap on the ignore list or report the the abuse reports as abuse reports/phishing attempts so now I don't need to deal with you at all.

  • XSXXSX Member, Host Rep
    edited November 2016

    bitninja == SPAMER && powerful kidnapper

    It's interesting.

  • stefemanstefeman Member
    edited November 2016

    The abuse reports I get from bitninja are automatically forwarded straight to /dev/null

    I also adviced my host to do the same.

    This company has a business stradegy to generate reports and mail them to host's abuse inbox. In the mail they force you to purchase one of their plans to remove that "infection". If you dont comply with that scam, they will soon re-send the email with an attempt to get you suspended.

    Anyone who gets these reports should ignore them and NOT forward them on to the customers so these scammers wont get any more money or reputation in the hosting industry.

  • time4vpstime4vps Member, Host Rep

    @BitNinja said:
    Hello,
    We don't want to bother any innocent server owner. If you have a problem with greylisting, feel free to contact us. Please write to [email protected], and we will help. :)

    Could you please clarify why do you send reports regarding HitLeap? It's nothing illegal, nevertheless we are getting reports from you regarding it...

Sign In or Register to comment.