sfw/fix
BitNinja BIC medium

BitNinja "site is protected by BitNinja" security check / challenge page

BitNinja greylisted the visitor's IP for suspicious behavior and is serving a challenge page instead of the site.

What you see

"This site is protected by BitNinja"
"We have detected suspicious activity from your IP address..."
[ Browser Integrity Check running / CAPTCHA ]

What’s actually happening

Instead of the site, the visitor sees a BitNinja interstitial that runs a Browser Integrity Check or asks for a CAPTCHA. Pass it and the site loads normally; the greylisting was per-IP, not a site outage. It hits people behind shared/NAT IPs, VPNs, or aggressive bots/scrapers - often a customer sharing an IP with something that misbehaved.

Common causes

  • The IP landed on BitNinja's greylist after an incident - rapid request bursts, brute-force/failed logins, probing for exploits, or matching a honeypot trap
  • A shared or carrier-grade NAT IP where another user (or malware on the same network) triggered the detection
  • The same IP generated incidents on four unique BitNinja-protected accounts, which globally challenge-lists it across every BitNinja server
  • A legitimate bot/scanner/uptime monitor hitting endpoints fast enough to look like an attack
  • Server-side: the site owner set the IP Filter/CAPTCHA module too aggressively

How to fix it

  1. As a visitor, just complete the checkSolve the CAPTCHA or let the Browser Integrity Check finish. Passing removes your IP from BitNinja's greylist and stops the challenge for connections to BitNinja-protected servers. If your browser blocks JS or third-party challenge assets, allow them and retry.
  2. Stop whatever tripped the greylistIf it keeps recurring, find the noisy source on your network - a script hammering the site, a misconfigured app retrying logins, or malware on a shared connection. A globally challenge-listed IP came from incidents on four separate accounts, so the behavior is real even if it isn't yours.
  3. Site owner: whitelist trusted IPsIn the BitNinja dashboard, add known-good IPs (your office, monitoring services, payment webhooks) to the whitelist so the IP Filter and CAPTCHA modules stop challenging them. Whitelisting overrides greylisting for that IP.
  4. Check status and let auto-delist runLook the IP up in BitNinja's checker. Blocklisted IPs that generate no new incident logs for more than 2 days are automatically moved off the blocklist to the challenge list, so the owner can self-delist by passing the check. For a stuck legitimate IP, open a delist request with BitNinja support.

Stop it recurring

If you run scanners or monitors, rate-limit them and ask the site owner to whitelist their source IPs so BitNinja doesn't read them as an attack.

Related errors

HTTP Error 403.6 - Forbidden: IP address rejected (IIS)

medium

IIS blocked the request because the client IP matches a deny rule in IP and Domain Restrictions.

Google Safe Browsing "Deceptive site ahead" warning

critical

Google Safe Browsing flagged the site for phishing or malware, so Chrome shows a full red interstitial before the page loads.

IP listed on Spamhaus blocklist (DNSBL)

high

Your sending IP is on a Spamhaus DNSBL as a spam source or compromised host, so receiving mail servers reject your messages.

Microsoft Defender SmartScreen "This site has been reported as unsafe"

high

Your URL matched Microsoft's reported-sites list, so Edge blocks the page with a SmartScreen interstitial before it loads.