Bitninja – is it legit?

Does anyone know if Bitninja is a legitimate service? They purport to provide security services. I recently got an email from them with a link to some supposedly bad URLs that prove that a PC has malware. I’m a little skeptical. To get full details I have to pay. To request a delisting I have to pay.

To me it smells like some of those thinly veiled extortionist schemes that I come across in the mail world.

The particulars in this case consist of stripped access information (I can’t think of any good reason to strip some of the most useful information away) which look like this:

Bitninja stripped listing

Bitninja stripped listing

There is only one thing in my logs that that could be. They got the time very wrong. The host is It kind of looks like it may be a honeypot that they managed to sneak by Google and enticed some unlucky souls to use. Or not.

Or maybe I’ve got it all wrong. Does anyone else have experience with them?

This entry was posted in Admin and tagged . Bookmark the permalink.

35 Responses to Bitninja – is it legit?

  1. George says:


    I am George from Bitninja. I can assure you about our service is fully legitimate, tough our reports confuse people sometimes. I would like to clarify some aspects of our service. Our clients use bitninja to protect their servers against many threats like e-mail harvester robots, automatic forum spammers, botnets trying to expand or attack, brute force password hacks, etc.

    In the meantime we collect information from the suspicious connections, store it and report back to the owner of the IP. That’s how you got our Incident Report e-mail.

    Of course you can write us to stop sending you such reports and we put your IP on our ignore list for free so you won’t get any more emails. You can also ask us about details of the reports, an we will also provide it for free of charge. We also help people to understand our reports better and to solve their security issues if they have any.

    why we cover the important parts? Our clients asked us not to publish full logs as these can hurt. Every user of us can decide how much information they are willing to publish in our reports so we must respect this and cover part of the reports. But if you write us a mail, we can send you the uncovered logs.

    So if you need deeper info, just send us a mail, and we will be happy to help you!

    I hope that helped you to better understand our service.

    Best Wishes,
    George from BitNinja.IO

    • john says:

      Do you have any relation to WebIron? Because around the same time I saw essentially similar messages from them. They also seem to be a new service, probably doing similar things.

      As for getting the details, I’ll give it a shot.

    • Meliss Wright says:

      Can you please stop sending this fake emails. This is really annoying. I am using a link building software on my vps and I keep getting this emails from you. The Vps owner company have scanned by vps twice already because of you, result with 0 threats. I do everything on private anonymous proxies still they have my server IP which is strange. Stop annoying people for some clients.

  2. Gogou says:

    @Bitninja : could you please stop your annoying emails, you are a spammer too which is trying to promote your product

  3. kazy says:

    yea @Bitninja, stop sending those stupid emails, we already blocked you and we will report. We never have asked you to send them

  4. omar says:

    Do not install bitninja. They spam you endlessly (no unsubscribe link in most of their emails). I asked them to confirm that when I uninstall it they don’t leave any traces behind on the server, they never replied, just continued asking me to upgrade to a paid plan.

    Avoid like the plague.

  5. George says:

    Hi all,

    We send our reports behalf of our clients. If there is no malicious activity from a server we never send any report. Please take the necessary steps to clean your servers so we can stop sending the reports. Our reports are quite handy to help you to trace down the infected users/websites too, and obviously bitninja is an easy to user all in one kind of security tool to address server security issues. We have created some documentation to help you trace the infected users. Please feel free to use these resources:

  6. Larry says:

    1. These guys have my residential IP on their blocklist.
    2. An IP that hasn’t been in use for 8 years is blocked. It’s still not in use.
    3. They told me I had to pay to get full report details.
    4. A legitimate email was caught in their “Honeypot” – This was a password reset email.
    5. Dozen other things. Review coming soon on my experiences.

    I’d say these guys are a sham. Left them a disgruntled voicemail. They seem like they legitimately want to do “Something” – as to what, I don’t know. Amateurs.

    @George, get ready for some damage control. You’ve effectively wasted 2 hours of my life investigating false positives and cryptic reports. You’re in charge of reputation management I’d assume, otherwise you wouldn’t be on this site.

  7. Konrad says:

    Ive also see only false positives in reports from bitninja.

  8. Bitninja Is A Scam says:


    Any list that requires payment to delist is by definition a scam.

    There’s no unlist/remove and every time yo uwere contacted you requested money.

    You are, by definition, scam artists. I hope you die a horrible death which I can’t describe here.

  9. Yannis says:

    Bitninja is a legitimate and quite well working server security service, which we have been using for more than 3 years now.
    Just visit their website to verify this.
    Some people are too easily offended and judgemental as I see.

    • Bitninja Is A Scam says:

      Pay me or stay listed is not legit; it’s the way scammers operate. These people spam, scam, and you trust them with your security? Eek.

  10. Jamie (the grumpy one) says:

    Bitninja are scam artists. I am leaving Hostinger because they are using Bitninja who are costing me customers. They have even blocked me, the owner of the VPS and I have to apply to access my own VPS! Customers do not want to deal with scam artists like this and just move on to the next site. Avoid all contact with such companies and avoid companies that use such people.

    • Sandor K says:

      …because your VPS were infected. …and VPS providers and “Customers do not want to deal with” owners of infected VPS renters.
      Bitninja is a legitimate company with well working server security technology. I can recommend to everyone!

    • Sreeandh OG says:

      I am leaving TMDHosting because they are using Bitninja who are costing me customers. My customers using dynamic IP addresses when visit my site, are faced with a captcha solving page by BitNinja and puzzled the customers will leave the site and I lose both customers and money! BitNinja use by the hosting provider costs users badly. So better reject ANY Hosting provider who users BitNinja. Simply put BitNinja is a plague, avoid them and their allies. Rightly said – Avoid all contact with such companies and avoid companies that use such people.

  11. LJ says:

    Having read through this reddit page:
    And then finding out how deep you actually would need to look for the possible issue the bitninja is reporting you as malicious (down to the closing comment on the reddit page) makes me wonder how many pretentious asshats are in this discussion, with shallow knowledge at best…

  12. Ricardo says:

    Their detection methods are spurious at best.

    – Alternating user agent? Your ISP is emailed. You are ‘attacking’ their server
    – Visiting your own site too much? Your ISP is emailed. You are ‘attacking’ their server
    – They server 200 responses, hijack content and serve a bitninja captcha page whenever they see fit. This is a totally inappropriate response.

    The worst part about their service is their choice of wording to other providers. They can make their false positives sound like you’re breaking the law. They are overly aggressive at blocking user agents (such as majestic’s international scale web crawler), and generally are overstepping their remit with regards to server security and freedom to use your own purchased service.

    I am hopeful that the ‘service’ is contained to within

  13. Jimmy says:

    I love how bit ninja’s team is so crack on top of stuff they were the first to reply to this post. I use them on my server., saves me so much headache to not only know., but to see what is going on. if the server i restart it., i get an e-mail from the the second it happens. If you install it on your server and don’t even pay for it., it’s worth FREE but do consider paying them to monitor and help because it’s worth the money just not worth security 25 servers at $30 an month unless you got clients like that on you server.

  14. Jody says:

    One of our clients uses exchange on a small business server. Their ISP forwarded an e-mail from bitninja re greylisting. There was an issue on the exchange server which was remediated by Symantec technical support. (This client had just purchased the Symantec e-mail suite because of the increased threat level.) We know the server is clean. Bitninja admits there have been no more incident reports, BUT (first big but), they will not remove the greylisting for a MONTH. BUT (second big but), they will remove the greylisting IMMEDIATELY if you will purchase and install their software. I call this unethical. A form of blackmail. I can understanding waiting a bit to remove the greylisting, but a month is way beyond reason, especially combined with “buy our software and we’ll remove the greylisting now”.

    • john says:

      Thank you for that anecdote. That is disturbing behavior and, indeed, unethical. I never took it that far. So now we see their true colors…

  15. joop says:

    I have a big site on my Vps sever ,about my idol my favorite celebrity that I like very much 🙂

    I don’t want my site to be hacked in this dangerous online world.

    I like Bitninja because its very easy just install that’s all.

    Bitninja is much better then cloudflare , you not need change the dns settings , you can upload more then 100 mb files or videos. etc etc

    I had many problems with cloudflare it make me crazy , was looking for something else.

    Also you not can install cloudflare on your server , i feel more safe because Bitninja is installed on my server. 🙂

  16. Jager says:

    We are using a shared server to host our web site, and the provider is using BitNinja. There is no way of disabling it. So many false positives and so many IP addresses are blocked from accessing the web site… Even our chairman’s home IP address was banned several times!
    BitNinja is a way too aggressive with blacklisting, and this cause us big problems as our website is very often not visible from different parts of the world. There is no other way to solve this except to change the hosting company. Pity, as otherwise they are great…

  17. Robert William says:

    I work for an ISP based out of Los Angeles, with an IPv4 space just over a million IPs. We receive notices from BitNinja every day, and when I look in our monitoring system, I am consistently able to corroborate the data which they are sending us. They have never asked us for money nor tried to sell us something. I believe they are providing this data to us as a courtesy — and I do find this data useful when investigating security events on our network. From what I have seen over the past year or more I believe these guys are legitimate.

  18. Jo says:

    I have been blocked from viewing a laboratory tests website that I haven’t accessed for about a year! by BitNinja. Why would I be listed at my residential IP?

    • Giles says:

      Your residential IP would only be listed if something on your network (or perhaps whoever had the IP address before you) has attempted to attack a server protected by BitNinja.
      We have had a few false positives due to user error but you may well have some malware on your systems you are not aware of.
      You can contact the site administrator who will be able to tell you what the activity was from your IP that casued it to be blocked or you can ask BitNinja to remove your IP which they will do if there are no recent harmful events from your IP.

  19. Bit Ninja is something.. just don't know what says:

    They cut off my residential internet saying that my IP was attacking some company’s IP that’s protected by Bin Ninja. I have to talk to the leasing manager OR I can get the internet in my name and pay for it instead of having it as part of my Rent. Isn’t that something?

    IP Shut off because Bit Ninja said so.

  20. Manish says:

    I also got some emails from them. The content and language of the email made me search “bitninja claims false” and I came here.

    Going through the comments, what I found interesting is, after Larry wrote “(George) You’re in charge of reputation management I’d assume, otherwise you wouldn’t be on this site.” George never wrote anything and random people started praising the services.

    Maybe George is the only guy running the whole operations of Bitninja, it is from him I got the email.

    Another interesting thing is – first my provider straight asked for “$100/hr” and also the SSH details. Then after some hours, changes the statement and says, assistance is free and I will be billed only if it becomes time consuming for him.

  21. Brad Burns says:

    When I saw the random comment that BitNinja was better than CloudFlare I lollled hard, I’ve been a Level III Linux Systems Administrator for over 10 years, BitNinja is complete BS.

    CloudFlare and LiteSpeed LS Cache make BitNinja look like a special needs play toy, I went to school and have worked directly with CloudFlare, notice how CloudFlare is used on things like huge forbes websites, Wikileaks, etc and until today I had never heard about BitNinja, you cannot compare BitNinja to Cloudflare that is just downright stupid.

    The only thing BitNinja is doing is loosely identifying questionable context, wrapping it with fake BS, and then packaging for the unsuspecting low end user who doesn’t know anything about security, scaring them into paying for their bogus service. It’s no different than a windows security pop up to fix your non infected computer.

    • Orga Nico says:

      You seems do not know what that service is. Probably you are just stuck on Mod_sec and Fail2Ban.

    • Daniel says:

      Bitninja is using modsec and iptables, so if Bitninja is BS, then modsec and iptables is also BS. I have been using modsec before and I’m using Bitninja now, works more elegant and better now.

  22. Dianna says:

    bitninja put on too much work on my server, it was out of source for the very first time ever. So I uninstalled it and asked them to delete my account but it took them a week to do that which is odd. Why not delete it instantly? Plus they were asking me to pay using a language that made me feel threatened. I already asked them to delete, why charging me? There is no way to remove bitninja other than reinstalling the os.

  23. john59410 says:

    Bitninja is not legit and they are dishonest. I make purchases in the USA since a decade. I always buy items from same sellers and today I was accused wrongly by bitninja to attack a website where I make purchases since several years.
    I verified my computer with McAfee and I haven’t virus or spywire.
    I contacted the owner of this website and he was also blocked from his own website. This seller and me didn’t know this “service”
    Bitnija staff are liar incompetent and totally obvious.
    I strongly advise to avoid this “service”

Leave a Reply

Your email address will not be published. Required fields are marked *