How to Use Imunify360 for Your Shared Hosting Account?

What is Imunify360?

Imunify360 is security software developed by CloudLinux for Linux servers. It offers a broad range of features, such as antivirus, Web Application Firewall, and Intrusion Detection and Protection.

It provides a security solution to protect your website from various malicious attacks. It protects servers against threats that aim to gain access and cause vast amounts of damage.

At Accu Webhosting, the security of your website is a topmost priority. Therefore, we configured Imunify360 in shared hosting servers.

Imunify360 includes a bundle of security features developed to protect servers from malware, bad bots, attacks, and many other harmful events.

Imunify360 supports the following Linux operating systems and can be integrated with hosting control panels such as cPanel, Plesk, and DirectAdmin.

  1. CentOS/RHEL 6,7,8,9
  2. CloudLinux OS 6,7,8,9
  3. Ubuntu 16.04 (LTS only), 18.04, 20.04 (LTS), and 22 (Plesk, DirectAdmin, and standalone)
  4. Debian 9 (up to Imunify v6.11 (including)), 10 (requires buster-backports), and 11 (Plesk, DirectAdmin, and standalone)
  5. AlmaLinux 8,9
  6. Rocky Linux 8,9 (cPanel, Plesk, and standalone)

 

Features of Imunify360:

Malware Scanner: Imunify360 Malware Scanner scans server file systems for malware injection, and it can automatically clean up the infected files.

Web application Firewall and reCAPTCHA: Imunify360 WAF uses artificial intelligence to identify and stop web application attacks. It protects your server/website against web-based attacks, including brute force and bot attacks.

Add individual IPs or an IP subnet to a white or black list. It is also possible to whitelist or blacklist an entire country.

Suppose a user violates Imunify360 security rules, such as multiple failed login attempts. It will automatically block access to the user's IP address and add it to the Graylist. Subsequently, the user will be redirected to resolve a Captcha challenge. Upon successfully entering the Captcha, Imunify360 will remove the user IP address from the Graylist.

Proactive Defense: Proactive Defense is designed to prevent malicious activity from occurring through PHP scripts. It analyses script activity using known patterns such as unclear commands and malicious code planting SQL injection. This reduces the chances of malware infection on the server or website.

Reputation Management: The reputation management feature allows you to check whether a domain registered on the server is safe. It uses the following reputation engines to determine whether the domain is safe.

  1. Google Safe Browsing
  2. Yandex Safe Browsing
  3. Spamhaus
  4. PhishTank
  5. OpenPhish.

KernelCare: KernelCare is a feature of Imunify360 that maintains the security of the server's kernel by automatically applying patches without requiring a server reboot. KernelCare checks for new patches every four hours and applies them automatically to the running server without affecting performance.

How to use Imunify360?

Kindly follow the steps mentioned below to scan your website.

Step 1: Log in to your cPanel.

Step 2: Click on the Imunify360 option under the Security section.

Step 3: Under the MALICIOUS tab, you will see a list of files identified as malicious during the scan process.

We have enabled a real-time scanner in our shared hosting server. Therefore, a Malware Scanner runs immediately when a new file or file modification is detected. Detects and removes malicious code from infected or malicious files (e.g., PHP web shell scripts).

=> The following details can be found in the MALICIOUS tab.

Scan date: It shows the date and time when the file was scanned.
File: It displays the complete path of the infected file.
Reason: Describes the signature detected during the scanning process.

  • Status: The status of the identified file is displayed.
  • Infected: Threat was detected after scanning. The info icon is displayed if a file is not cleaned after cleanup. To view the reason, hover your mouse over the info icon.
  • Cleaned: The infected file has been cleaned up.
  • Content removed: The file content was removed after cleanup.
  • Cleanup in progress: File cleanup for infected files is currently underway.

Actions:

  • View file: You can click on the Eye Symbol to view the file content.
  • Restore original: You can recover the cleaned files and restore them to their original state if a backup is available.
  • Add to Ignore List: The file can be added to the Ignore list and removed from the Malicious files list. If the file is added to the Ignore list, Imunify360 will no longer scan it.

Note: Some features mentioned above, like the Add to Ignore List, may be available to root users only. End users may not have access to it due to security reasons.

=> You can find the following details under the SCAN tab.

1. Timeframe: It allows you to filter results for a specific period or date.

2. Scan date: It shows the date and time when the scan was performed.

3. Type: Indicates the type of scanner(Malware Database Scanner or Malware Scanner).

4. Path: Complete the path of the folder that was scanned.

5. Total objects: Number of the files were scanned.

6. Result: Result of the scan.

7. Actions: You can take action accordingly, as mentioned above in this article.

=> You can find the following details under the HISTORY tab.

1. Date: It shows the date and time when the actions were performed.

2. Type: Indicates the type of scanner(Malware Database Scanner or Malware Scanner).

3. Path: Complete the path of the file.

4. Cause: It shows how the malicious file was discovered.

  • Manual: The user manually processes scanning or cleaning.
  • Real-time: The system automatically processes scanning and cleaning.

5. Owner: It displays the username of the file owner.

6. Initiator: It shows the name of the user who initiated the action.

7. Event: It shows which action was performed on the file.

  • Detected as malicious: The file was detected as infected after scanning.
  • Cleaned: The file is cleaned up.
  • Failed to clean up: There was an issue during cleanup. Hover over the info icon for more details.
  • Added to Ignore List: Imunify360 won't scan the file since it has been added to the Ignore List.
  • Restored original: The file content has been restored and is not malicious.
  • Cleanup removed content: The file content has been removed after cleanup.
  • Deleted from Ignore List: Ignore List was removed from the file.
  • Deleted: The file was deleted.
  • Failed to delete: Read more about the problem during removal by hovering your mouse over the info icon.
  • Failed to ignore: There was a problem while adding to the Ignore List. For more information, hover your mouse over the info icon.
  • Failed to delete from ignore: The Ignore List was removed with a problem.

=> Proactive Defense:

Proactive Defense prevents PHP-based attacks. It analyzes PHP script behavior and prevents any harm to the server by either blocking entire script execution or blocking malicious execution flow in runtime. This is crucial because malicious code is often hidden and injected into the middle of a legitimate file.

Proactive Defense Mode settings:

1. Disabled: Proactive Defense feature will not work if it is disabled.

2. Log Only: All malicious activities are being recorded in the system logs. However, no actions will be taken against them.

3. Kill mode: It is the highest level of protection. The script will be terminated as soon as an attack is detected.

We have set Kill Mode on our server to protect your account against various attacks.

DETECTED EVENTS:

Detected Events includes a tab that provides the following information.

1. Detection Date/Time: It displays the exact date and time of the event detected. Click on the clock icon to view the exact time.

2. Description: It shows the Proactive Defense rule according to which suspicious activity was detected.

3. Script Path: It displays the path of the suspicious script. A number next to the path indicates the frequency of this event.

4. Host: It shows the host of the script.

5. First script call from: It displays the IP where the initial call of the script was detected.

  • The white color indicates that this IP is whitelisted.
  • The black color indicates that this IP is blacklisted.
  • The grey color indicates that this IP has been graylisted.

6. Action: It shows the current mode.

Ignore List:

The Ignore List tab contains the list of files excluded from Malware Scanner scanning.

1. Add Date/Time: It shows the date and time when the file was added to the ignore list.

2. Script Path: The complete path of the file.

3. Actions:

  • Remove from Ignore List: Remove the file from the Ignore List by clicking on the Bin icon.
  • Add a new file or directory: Add a new file or directory to the Ignore List by clicking on the Plus icon.

Conclusion:

In conclusion, Imunify360 provides a robust and comprehensive security solution to protect your website from various malicious attacks. It protects servers against threats that aim to gain access and cause huge amounts of damage.


Was this answer helpful?

« Back

chat

/* */