After seeing increasing inbound attacks targeting our clients recently, we have implemented a new CloudLinux add-on dubbed Imunify360 on our shared servers. This plugin provides a hardened web application firewall and automatic malware scanning/cleanup. We’ve seen great results so far with its attack mitigation (referred to as “Proactive Defense”) and as an added bonus Imunify360 does not require any user setup to get started. For more information on this product, please see this page.
If you suspect there is a security issue with your site or that it is being targeted by hackers, you may want to check the Imunify360 interface in cPanel to review the recent logs.
From cPanel navigate to the “Security” section then choose the “Imunify360” icon to access the plugin:
When you first enter the plugin you’ll be presented with a list of recent malware findings and their status. Typically the files will have either been cleaned or their contents deleted as you can see from the screenshot below. If you select a given item you can click to view it under the available action column.
The next available tab is the History tab. This will show the same files listed as on the main “Files” tab, but with historical information on any actions taken for each file. If a given file has had recurring issues, this can provide further insight into the situation.
If you need to whitelist a file that is a false positive, this can be done via the “Ignore List” tab. Just navigate there, then click “Add New File or Directory”, then type in the full absolute path to the file and click “Add”.
The next tab “Proactive Defense” lets you view blocked incoming PHP based attacks. You can also toggle between “Kill Mode” (default and recommended) which terminates scripts as soon as an attack is detected, or “Log Only” if you suspect this feature is getting in the way of your legitimate scripts.
The cog in the upper right corner of the window can be clicked to bring you to an additional settings page where you can choose the default action to take for detected malware.
- Delete permanently – Recommended, this will auto-clean/delete any malware
- Quarantine file – Move any detected malware to a secure location for analysis via the “Files” tab.
- Just display in dashboard – Take no action for detected malware (not recommended)
From this page you can also optionally disable the “blamer” feature that is enabled by default as part of Imunify360’s proactive defense. This feature auto-reports suspicious activity to the CloudLinux team to help train and improve malware detection.
If you have any questions regarding use of this plugin, or if you suspect your site may have been compromised, please open a support ticket with us via your MyRochen portal and we’ll be happy to investigate further with you.