Skip to main content

Bitninja Data policy

BitNinja is GDPR compliant. You can read more about our privacy policy here: Privacy Policy.

Data transferred to the BitNinja datacenter

The BitNinja agent filters traffic locally on the server, so traffic data or access log is not sent to the central database only if there is a detected attack.

If enabled, BitNinja’s SpamDetection module provides us with data about the emails, such as the subject and sender of the emails. This module is enabled by default. It can be disabled, however. We are using the data to improve our Outbound SPAM protection module; the data will not be shared with any third party. Also, if enabled, the Backup module can send up any directory/file whose path is added to the module's config file. There are also other data transferred to the central database for statistical purposes, such as:

  • initialBadBotCount: sent at the first agent startup
  • List of detected services: for statistic and development purposes
  • List of Linux usernames
  • Server load data
  • Network Interface Card data
  • Basic Network traffic statistics

The agent sends up crash reports to the central database. We also store data about the server's hardware, Operating system, and Kernel version.

info

The above data is not shared with any third parties and is only used to improve the agent's stability.

Log obfuscation

The agent also sends logs about blocked connections/incidents to the central database. Each of our users can see logs fully uncensored regarding their servers. They can also see incident logs generated on other users' servers censored. The level of the log obfuscation depends on the settings of the user's profile. There is an option to obfuscate every part of the logs.

Obfuscation levels:

  • Show log as is:

    • All data will be displayed as they have been collected.

  • Moderated (###.so###in.com)

    • Rewrite domains and IP-s moderately.
    • www.somedomain.com → ###.so###in.com
    • 12.34.56.78 → 12.#.#.78

  • Heavy (###.#######.###)

    • Hide all domain names and IP addresses.
    • www.somedomain.com → ###.#######.###
    • 12.34.56.78 → #.#.#.#

  • Paranoid (###.#######.### + hide POST)

    • Hide all domain, IP, and POST data.
    • www.somedomain.com → ###.#######.###
    • 12.34.56.78 → #.#.#.#`
    • POST{'id' => 123} → POST {hidden}

Malware source codes

The content of files used to generate Malware signatures is also transferred to the database. These files are only transferred if the SandboxScanner(which is disabled by default) or the DefenseRobot module (enabled by default) traces back the file to a malware upload. Or if the file was uploaded to the Captcha page or the CaptchaFtp module. These files are visible on your dashboard, so you can publish the signatures matching the files if you decide they are malicious. We are also using these files to expand our Malware database. The contents of the files are not used in any other way. During the the remote malware scan, the contents of the files are not transfered only the MD5 hashes, and the files' sizes and other metadata regarding the file.

Contact us

If you have any questions regarding our data policies or anything else, do not hesitate to contact us at info@bitninja.io.