To protect our clients from inbound attacks, we use the best tools in the industry. One such tool that we have deployed on our shared servers is Imunify360 from CloudLinux.
What is Immunify360?
Immunify360 provides a hardened web application firewall as well as automatic malware scanning and clean-up. It’s a great security tool for users of any experience level because it doesn’t require any setup to get started and is easy to use.
If you suspect a security issue with your site, or if you think that it may be getting targeted by hackers, you can check the Imunify360 interface in cPanel to review the recent logs and to clean up any malware.
How does Imunify360 work?
From cPanel, navigate to the Security section, and then choose the Imunify360 icon to access the plugin:
Files tab
On the Files tab, there is a list of any recent malware findings and their statuses. Typically the files will have been cleaned or had their contents deleted, as you can see from the screenshot below. If you select a given item, then you can click to view it under the available action column.
History tab
The next tab is the History tab. It shows the same files as the Files tab, but with historical information about previous actions taken for each file. If a file has had recurring issues, then the History tab will provide further details about them.
Ignore list tab
Go to the Ignore list tab to whitelist a false positive file. Click Add New File or Directory. Then, type in the full path to the file, and click Add.
Proactive Defense tab
The next tab, Proactive Defense, shows blocked incoming PHP-based attacks.
This tab also two addtional options as well:
- Kill Mode (default and recommended), which terminates scripts as soon as an attack is detected
- Log Only which you can use if you suspect Kill Mode is getting in the way of your legitimate scripts.
Click the cog in the upper right corner for action options to choose as default settings for handling detected malware:
- Delete permanently – Recommended, this will auto-clean/delete any malware.
- Quarantine file – Move any detected malware to a secure location for analysis via the “Files” tab.
- Just display in dashboard – Take no action for detected malware (not recommended.)
On the same page, you can also disable the blamer feature of Imunify360’s proactive defense. Blamer, enabled by default, auto-reports suspicious activity to the CloudLinux team and helps improve malware detection.
If you have any questions about Imunify360 or need help with a suspected compromise, please open a support ticket, and we’ll be happy to help.