BitNinja Special Price: Page 2 - Enhance Control Panel

BitNinja Special Price

cPFence

Andrei
Hi! Thank you for reaching out. Our correct website is cpfence[dot]app.

cPFence

Also, I’d like to mention a few additional details that might address some of the concerns raised:

Our software is written entirely in Bash scripting, then obfuscated and converted to binary for code protection nothing fancy or complicated. No services or new users are installed on the server. Unlike other software based on PHP, our solution is generally lighter on system resources and can be easier to audit, especially for those familiar with Bash. It’s straightforward for any skilled security researcher to monitor its actions and ensure its security. Additionally, we don't store any information or maintain active connections between the host and our license servers. We’ve made it easy, simple, yet powerful.

nsevimov

cPFence This sounds really intriguing and I will certainly test your product and if it does satisfactorily I will migrate to it.

MediaServe

cPFence I'm gonna start with a 10 pack and give this a try. Just wish something other than Paypal was accepted!

cPFence

MediaServe I'm gonna start with a 10 pack and give this a try. Just wish something other than Paypal was accepted!

Thanks for giving cPFence a try! We do offer credit and debit card payments upon request. Please feel free to open a ticket, and we’ll provide you with the details and direct secured payment link. This payment option will also be available in the client area soon.

MediaServe

cPFence Thanks! Ticket #88 submitted.

cPFence

MediaServe

Thanks for your order. Your licenses are now activated. Let me know if you need a helping hand.

nsevimov

MediaServe Did you manage to find time to test it?
Because tomorrow morning I'm going to install a trial version and it would be great to exchange more information.

cosmoshosting

nsevimov

I'll certainly write up a full review after a month or so. Initial results are very promising and looking through my notes are:

Suspiciously easy one line install that 'Just Worked™' and had sensible defaults that didn't break anything.
Currently running on a dev VPS with just the web role installed, with no major ill effects so far when tested on OLS and Apache.
Accuracy of the blocking seems to be spot on and the IP's I'd block if I saw them in the logs. It did accuse two of my external upstream DNS servers of launching a DDoS and temporarily blocked them
Very light on resources, to the point its almost not there and suitable on even the smallest of web-servers. Night and day compared to bitninja
CPU/Memory usage ironically went down due it blocking such a number of attacks (confirmed in logs) and would likely pay for itself twice over in production
Thumbs up for the fact it includes a 'notification email' if resources are becoming critical
MYSQL query limits is interesting and something yet to test
Apparently there is allot of magic in the email scanning to block for malware and phishing links
There is no web interface integration into enhance , only command line but is well documented on commands. Argument can be made that creating such a interface will only chew more resources and add more security risks.
Support responded very promptly and professionally to my ticket which had a few questions
Pricing is excellent for $5/mo per server for unlimited users (cheaper if you commit long term)
At the moment it feels very basic, but this is in no way a reflection on the capabilities behind the scenes of what its doing
Wishlist of features I'd like to see added or considered are:
1) bulk ip imports from file or can periodically update whitelist/blocklist from a URL such as https://www.cloudflare.com/ips-v4/
2) ability to block ASN, very similar to the current way to block country
3) More detailed statistics, even a daily/weekly report would be nice, essential if emails are being blocked and won't be going to the users inbox.
4) For the blocked ip statistics and in the logs, it would be great if it showed a reverse DNS of the IP, country and provider ie 123.123.123.123 | sr1.spammer.ru | Servers for Spammers INC (RU)
5) MYSQL heartbeat and watchdog would be good
6) Notification if MYSQL query list is high or MYSQL is down
7) Ability to detect, log and kill excessive numbers of sleep queries from a particular user
8) Ability to blacklist with a filter certain mysql commands being run, not just the user which is impractical
9) Notification if any of the dockers go down or is marked unhealthy, maybe try to restart it
10) Ability to block a certain user agents

A partial snippet of the stats the tool has blocked in a couple of days and a few of the IP's. This is only a test web-server with a few minor sites on it (Most of which are behind cloudflare and a hardware firewall already). No doubt a production server would be much higher!

|-----------------------------------------------+----------------------|
| Category                                      | Count                |
|-----------------------------------------------+----------------------|
| Total Web Attacks Blocked                     | 35322                |
| Total DDoS Attacks Blocked                    | 6                    |
| Total IPDB Protection Attacks Blocked         | 20561                |
| Total Attacks Blocked by WAF                  | 14755                |
| Total Malwares & Viruses Blocked              | 0                    |
| Total Slow Blacklisted Queries killed         | 0                    |
|-----------------------------------------------+----------------------|
Top 50 IPDB Protection Attacker IPs : (Already Permanently Blocked - No Actions Needed)
--------------------------------------
Attacker IP          | Count
---------------------+------
80.94.95.215         | 1783
80.94.95.239         | 1605
194.169.175.65       | 721
35.196.21.185        | 242
3.253.143.187        | 143

Still evaluating head to head against its direct competitor cPGuard which we use already and is priced very similarly, but has significantly more maturity and features like a unified web management interface for all the connected servers.

Do show @cPFence some love for supporting the Enhance Community and checking out the cPFence website and his blog which has some very good enhance specific information in it. Certainly a very worthwhile and powerful tool to consider if you don't have any security solutions or firewalls in place .
Disclosure: I am both an active cPGuard customer and on the cPFence free monthly trial. I am not getting paid or affiliated with either company. Please consider this post preliminary.

cPFence

cosmoshosting

Thanks for the detailed review. I really appreciate you taking the time to write it.

cosmoshosting 1) bulk ip imports from file or can periodically update whitelist/blocklist from a URL such as https://www.cloudflare.com/ips-v4/

This is already done automatically. You can confirm the currently whitelisted Cloudflare IPs using "sudo ipset list cPFence-whitelist". If any additional IPs need to be whitelisted, simply add them to the file /opt/cpfence/user-config/cpfipdb/whitelistips.txt, then run cpfence --restart, and the software will ensure they remain whitelisted even across updates. Editing this file is only recommended for bulk IP whitelisting. If you need to whitelist a single IP, feel free to use the command "cpfence --add-whitelist-ip 192.168.1.1/23".

cosmoshosting 7) Ability to detect, log and kill excessive numbers of sleep queries from a particular user

This is already done for blacklisted users. It's recommended to add only users known for poorly written PHP scripts (plugins, themes, etc.).

cosmoshosting 10) Ability to block a certain user agents

This is already possible by editing the cPFence WAF configuration files, but changes won’t be saved across updates. Considering that cPFence is frequently updated, it's not recommended for now. Keeping custom user agent edits and preserving them through updates will be possible soon. It's also worth mentioning that the software currently blocks about 600 bots while leaving the most well-known ones intact (to prevent support ticket issues from users upset about Moz and Ahrefs being blocked on their websites). Additionally, the software will automatically detect and block bots pretending to be Google.

Your other feature requests have been noted, and we will consider them for future updates. Thanks once again for your review.

cPFence

cosmoshosting 1) bulk ip imports from file or can periodically update whitelist/blocklist from a URL such as https://www.cloudflare.com/ips-v4/

cosmoshosting 10) Ability to block a certain user agents

Those two feature requests have now been added in the latest version, 3.1.3.

You can now bulk whitelist or blacklist IPs across all your servers in one step. For example, use:
cpfence --bulk-whitelist-ip https://a.com/custom_whitelist.txt.
You can also automate this process with a cron job to keep all your servers synced with your custom rules. For instance:
0 * * * * /usr/local/bin/cpfence --bulk-blacklist-ip https://a.com/custom_blacklist.txt.

This feature supports both full paths and valid URLs.

Additionally, we've added the ability to block or whitelist certain user agents and preserve them across cPFence updates. Please check our changelogs for more information.

Thanks for the great suggestions!

P.S. For those running Ubuntu 22.04, you’ll need to run the installation command again to force an update to the latest version, 3.1.3, and choose to back up the current installation when prompted.

cosmoshosting

cPFence

Thank You for so promptly responding to this feedback and adding in these new features so fast. You need your own thread!

That will be a big help managing the whitelists and adding more aggressive blocklists such as IPsum.
Appreciate the user agents also, will come in handy to block certain DDoS attacks and pests.

Some other features that would be nice:

An easy command to check if an IP is being blocked and if so, show any logs for it,
ie cpfence --check-ip 123.123.123.123
Email notification whenever a module/modules are disabled/enabled or whenever an update occurs
In light of the update issue, some sort of watchdog or cron that will detect if the installation is damaged and attempt to reinstall it, even send an email if an error is detected

MediaServe

Working well

nsevimov working great so far on 10 servers!

cPFence

MediaServe
I'm glad it's working well for you. Feel free to get in touch if you need any help.

cosmoshosting In light of the update issue, some sort of watchdog or cron that will detect if the installation is damaged and attempt to reinstall it, even send an email if an error is detected

Yes, that is coming this week. To avoid these kinds of issues, if the update fails, it will automatically failover to the previous version. Stability is our top priority now.

cPFence

cosmoshosting Email notification whenever a module/modules are disabled/enabled or whenever an update occurs
In light of the update issue, some sort of watchdog or cron that will detect if the installation is damaged and attempt to reinstall it, even send an email if an error is detected

Both of your suggestions have been incorporated into version 3.1.4, which was released today:

Automatic Fallback on Update Failure – We’ve introduced a robust fallback mechanism that automatically restores the previous version of cPFence if the update process fails. This ensures that cPFence remains operational even in the event of an update error.

Email Notification on Successful Update – An email notification feature has been implemented that sends a confirmation email upon successful cPFence updates. This notification can be enabled or disabled via the SEND_CPF_UPDATE_NOTIFICATION setting in the configuration file. The default setting is enabled.

Keep the suggestions coming! We value good, useful ideas. Thanks.

AdamM

cPFence Maybe it's better to create your own thread?

cPFence

AdamM
Good point. When I get some time, I'll start a new thread to announce the Free Forever Antivirus for all Enhance users. Thanks!

Shaijee

I tested BitNinja on two VPS servers. Before installation, the RAM usage was 19% and 42%. After installing BitNinja, the usage jumped to 59% and 74%, which is an increase of 40% and 32%. This shows a significant rise in RAM consumption.

Also, BitNinja only supports EXIM right now, so it won't effectively detect outbound spam for users using other mail transfer agents, like Postfix on the Enhance cluster.

ClouderNode

Shaijee

I see a lot of people mention they get higher resource usage.

you might get more initially but after a week I see the usage drop and stabilize and end lower then when i started with bitninja

Shaijee

ClouderNode you might get more initially but after a week I see the usage drop and stabilize and end lower then when i started with bitninja.

Are you sure? If Yes, we will keep it and continue monitoring.! Also, what are your thoughts on Outbound Spam Detection? Since BitNinja doesn't support Postfix, the Outgoing Email Analysis feature wouldn't be effective. Additionally, BitNinja currently only protects against outgoing SPAM and doesn't safeguard against incoming threats via email.

« Previous Page Next Page »