设为首页收藏本站

ZMX - IT技术交流论坛 - 无限Perfect,追求梦想 - itzmx.com

 找回密码
 注册论坛

QQ登录

只需一步,快速开始

新浪微博账号登陆

只需一步,快速开始

用百度帐号登录

只需两步,快速登录

搜索
查看: 7946|回复: 3

[软件] linux平台 一款免费的ddos cc waf一体化功能的安全防火墙bitninja.io,防注入,防攻击,支持云端黑名单等功能,基于ipset黑名单

[复制链接]
 成长值: 336

签到天数: 4737 天

[LV.Master]伴坛终老

发表于 2016/1/6 18:53 | 显示全部楼层 |阅读模式 |Google Chrome 47.0.2526.73|Windows 8.1
天涯海角搜一下: 百度 谷歌 360 搜狗 有道 雅虎 必应 即刻
注:新安装免费使用7天PRO专业版,如果不续费将会降级到免费版,如标题,是一款基于ipset黑名单打造的防火墙,通过云端分发黑名单列表, 插入系统的ipset当中。

一些载图:
1.jpg

2.jpg

3.jpg

4.jpg

官网:https://bitninja.io/pricing/

不支持ovz虚拟化的平台进行安装,安装后全自动化管理,无需人工操作,云端黑名单等分析识别,更精准,当然,要白名单的话还没找到。

以下安装命令会安装到我的账号下,当然,根据上图,无法操作到服务器的一些东西,只能控制WAF的开关,嘛,认为我的人格保证还是很好的,有需要可以用自己的账号注册获取安装命令。

一键安装命令:
  1. wget -qO- http://bitninja.io/install.sh | /bin/bash -s - --license_key=6043090A1ED6A387
复制代码


手动安装:
  1. rpm -Uvh https://rpm.bitninja.io/1.0/noarch/bitninja-repo-1.0-1.noarch.rpm
  2. yum -y install bitninja
  3. bitninja-config --set license_key=6043090A1ED6A387
  4. /etc/init.d/bitninja restart
复制代码


卸载方法:
  1. yum -y remove bitninja
复制代码


我通过这封来自服务器提供商的滥用邮件得知了他,视乎服务器提供商使用了这款软件来做监控。

不过我始终认为它是不可信的,感觉就是个巨坑。


"Hello,

I regret to inform you that we have received an abuse complaint regarding your service 198.71.82.124 - 96050. This violates our Acceptable Use Policy/Terms Of Service which can be found here https://www.budgetvm.com/legal.php . After investigation we have deemed this report to be by a credible, reputable source and require your immediate attention.

Our policies require us to suspend your service and to hear back from you within 7 business days or face termination.

The initial complaint is below.  We will await your response indicating that you have either complied with the order, dispute it, or request a reasonable extension of time to resolve the issue.

=====
Dear Provider,
The BitNinja team would like to inform you about an INCIDENT, COMING FROM YOUR NETWORK. (IP address 198.71.82.124). It means someone intruded into your system, so please examine the case and do the neccessary security steps.
You can find the detailed logs about the detected malicious attempt in the incident report:
http://bitninja.io/incidentReport.php?details=1e40a87278e30146c2
This IP address 198.71.82.124 has been placed to our greylist and all the servers protected by BitNinja will reject any communication from this IP address. If the attacks keep coming, the IP will stay in our greylist or will be placed to our blacklist for a longer period.
If you need further information about the issue, or you think this IP is listed incorrectly, do not hesitate to contact us at info@bitninja.io.

To prevent incidents (e.g. incoming and outgoing hacker attacks, cms /joomla, wordpress, drupal/ hacks, forum spammer bots, email harvesters and other harmful botnets) in the future, please take a look at our SERVER DEFENSE NETWORK. It works with no redirection and can be installed with one-line code. For more information about our server defense solution, visit our website: http://bitninja.io
_______________________________________________________________
Additional information:
Attackers usually use backdoors or proxy scripts and use the victim server’s resources for cybercrime activities like DDoS attacks and spamming. Your system or a website you host, probably have been compromised this way.
Please consider this particular machine may have a rootkit installed. So simply deleting some files or dirs or disabling cgi may not really solve the issue.
The server owner should be warned about this incident also, so please forward this message to the administrator of the server with 198.71.82.124.

If you need further information about our incident report, please do not hesitate to contact us.

Best wishes,
BitNinja Security team
Let’s make the Internet a safer place
=====

Thank you in advance for your compliance in this important matter.

不过后续联系,视乎是因为有人用了我的PAC代理服务器进行恶意扫描,攻击发包等。反正就觉得是个大坑就好了。。
Hello,

No. Did you look at the link that Bitninja provided at all? Bitninja is a honeypot; users of your proxy are attempting to access things that should never be accessed over the course of regular internet usage.

There's entries like this:

(GMT+1) 2016-01-04 22:58:08BL_BN_WAF
Query: [GET /wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php HTTP/1.1]

Someone is using your public proxy to attempt to hack other sites on the internet. This needs to stop.


Regards,
Damian

来自官方的邮件教程:
Ninja fightbook
You took the first step in our mission, to make the internet a safer place, by installing BitNinja. Let us give you a little gift as a special thank: please find attached our Ninja Fight Book to this email.
This server defense handbook shows you why hackers attack your server and how you can protect it. Their motivations, tools and how to avoid the threat they mean to your servers, your websites, and your business!

Learning by testing
Must be curious how BitNinja works when a hacker is trying to compromise your server. Try it yourself by a little comparsion test:
  • Setup wordpress or similar application on a server with BitNinja.
  • Generate a DoS attack to that site (for example using ab tool).
    Example:  # ab -c 90 -n 10000 URL_TO_THE_SITE

With BitNinja, the DoS attack will be detected under 30 secs, and the attacking IP address auto-blacklisted. Without BitNinja all the sites on the server will be slow or down. The choice is yours!

Basic commands
Feel free to try our basic command set to test ninja skills:
# bitninjacli –help  // This is how you can use our cli tool
# bitninjacli --blacklist --add=1.2.3.4   // Found a malicious IP?
                                                       // Blacklist it with the cli or using the dashboard
# bitninjacli --whitelist --add=1.2.3.4  // BitNinja blocked something it should not?
                                                       // Whitelist the IP easily with the cli or on the dashboard
// BitNinja will distribute your black/whitelist on all your servers automatically

If you aren’t afraid to jump a little braver to the Ninja’s working method, click on our introduction video that guides you through our basic processes:

In case of any questions, contact us by email at info@bitninja.io.
We are always happy to help.



https://www.youtube.com/watch?v=tlY2xyFlQMo

欢迎光临IT技术交流论坛:http://bbs.itzmx.com/
回复

使用道具 举报

签到天数: 74 天

[LV.6]常住居民II

发表于 2016/1/8 07:51 | 显示全部楼层 |TheWorld Browser|Windows 7
我这为什么没有中文的?你不会是用Google浏览器的那翻译吧!?
欢迎光临IT技术交流论坛:http://bbs.itzmx.com/
回复 支持 反对

使用道具 举报

 成长值: 336

签到天数: 4737 天

[LV.Master]伴坛终老

发表于 2016/1/8 21:11 | 显示全部楼层 |Google Chrome 49.0.2612.0|Windows 10
灵少 发表于 2016/1/8 07:51
我这为什么没有中文的?你不会是用Google浏览器的那翻译吧!?

是的。
欢迎光临IT技术交流论坛:http://bbs.itzmx.com/
回复 支持 反对

使用道具 举报

签到天数: 64 天

[LV.6]常住居民II

发表于 2021/6/15 20:12 | 显示全部楼层 |Google Chrome 91.0.4472.77|Windows 10
不错,一直找不到合适的防CC代码,或waf系统
欢迎光临IT技术交流论坛:http://bbs.itzmx.com/
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 注册论坛 新浪微博账号登陆用百度帐号登录

本版积分规则

手机版|Archiver|Mail me|网站地图|IT技术交流论坛 ( 闽ICP备13013206号-7 )

GMT+8, 2024/12/23 06:11 , Processed in 0.108387 second(s), 25 queries , MemCache On.

Powered by itzmx! X3.4

© 2011- sakura

快速回复 返回顶部 返回列表