Skip to main content

DosDetection

BitNinja has a built-in module for monitoring current active connections and interfering in case of a potential denial of service attack. If there are more than 80 connections from a single IP, BitNinja detects it as an attack. The 80 threshold can be configured on a per port basis.

caution

BitNinja does NOT offer DDoS detection, however an indirect approach for protection is possible with the SslTerminating module's rate limiting and the core module IpFilter itself, which blocks many IPs.

Configuration

BitNinja Dashboard

You may also adjust the threshold from the Dashboard's Configuration - DosDetection page. Please note that, in such a case only the general threshold can be modified.

DosDetection Threshold

Configuration File Method

The thresholds can be changed in the config file: /etc/bitninja/DosDetection/config.ini.

    ;
; Thresholds set to DoS Detection
;
[tresholds]

general = 80
; Threshold for remote SMTP servers.
remote[25] = 200
remote[53] = 200
; Threshold for local ports
local[22] = 40

;You can set restrictions for remote and local ports. For example to change
;the number of connections allowed to the default IMAP4 port (143) you can do this:

local[143] = 150

When BitNinja detects a DoS attack, it will block the IP for 1 minute and then place it to the challenge list allowing the user to delist his/her IP. To change the default threshold, you can modify /etc/bitninja/IpFilter/config.ini or add this section with the proper value:

    [times]
;
; Temporary block list time in DoS suspicious requests; default: 60
;
tmp_bl_sec = 60
warning

Don't forget to sync your local configuration to the cloud with bitninjacli --syncconfigs after you have changed any settings in the configuration file.

You can read more about the challenge list on the Capthcha HTTP page.

Don't forget to restart BitNinja after creating the custom restrictions.

service bitninja restart