Greg Zemskov

Nicely integrated: cPanel and ImunifyAV

The good news just keeps coming: cPanel & WHM integrates ImunifyAV into its hosting automation platform.

cPanel is integrating ImunifyAV, our advanced antivirus and anti-malware scanner, into its famous web hosting control panel.

ImunifyAV automatically scans your web site for malicious files and it does it for free. It can detect all kinds of malicious files, such as backdoors, web-shells, viruses, hacker’s tools, black hat SEO scripts, phishing pages, and others. If any are found, ImunifyAV will report back telling you how to remove them manually.

I appreciate that not everyone has the time or knowledge to do this, so there’s a built-in upgrade option to ImunifyAV+ which lets you perform an automated one-click clean up. It’s quick, it’s thorough, and it removes the stress and worry usually associated with managing your cybersecurity defenses.

For those web hosters that need a comprehensive, all-in-one security solution, there’s a further upgrade option available in the form of Imunify360. More and more web hosters and Linux server managers around the globe are choosing Imunify360 for its ability to protect web servers and websites effectively and simply. Its multi-layered security architecture incorporates a firewall, WAF, IDS and IPS, and advanced machine learning for dynamic rule and signature creation. There’s also our unique herd immunity, the name we give to how Imunify360 instances share threat intelligence information among one another, forming a web of cyber threat knowledge greater than the sum of its parts. All in all, it makes Imunify360 the complete, perfectly integrated web security package.

Continue reading
Greg Zemskov

Imunify360 4.0 Stable Release – It's here

A month in development passes so quickly.

We announced in February that we have a new version of Imunify360 coming with some great new features. It’s ready, it’s out of beta and into general availability. Here’s a quick reminder of the new stuff. More details are in the Imunify360 4.0 preview post.

Feature Management (cPanel only for now)—Our cPanel users will see a new and better way to manage the features they offer their users. Feature Management is the new way to manage features, fully integrated into cPanel. It’ll give a lot of flexibility in adjusting the features available on hosting service plans and packages.

Dashboard/Charts—Now you’ll be able to see how well Imunify360 has been defending your systems, where attacks are coming from and how many. There are these new alerts, with more coming soon: total number of alerts, number of CAPTCHA events, number of WAF alerts, number of web-based brute-force attacks, number of OSSEC (network level) attacks, number of denied requests from bad bots.

Proactive Defense extension: The Blamer—The Blamer is a new extension to Proactive Defense. It gathers intelligence on attack profiles and uses this information to prevent future attacks.

Continue reading
Oleg Boytsev

[Threat Intelligence Report] Remote Code Execution in Drupal 8 (CVE-2019-6340)

The Imunify360 Threat Intelligence Group are monitoring a remote code execution vulnerability targeting installations of the Drupal CMS. This vulnerability has the identifier CVE-2019-6340 . It affects these versions of Drupal: All 8.5.x versions, up to and including 8.5.11 All 8.6.x versions, up to and including 8.6.10 Attack Method Remote code execution vulnerabilities allow attackers to execute arbitrary code on a platform, in this case, the Drupal CMS. The code can install other software, gather data for exporting, or permanently delete or modify data without the site owner's knowledge or consent. Attackers deliver malicious PHP payloads using automated scripts. It is this payload we hav...
Continue reading
Oleg Boytsev

New Feature: Imunify360 blocks server ports under attack

We are happy to announce a new feature for Imunify360. Active Response is an OSSEC feature re-engineered by us to block specific server ports under attack. This gives us significantly fewer false positives, and improves the detection and blocking of aggressive brute force requests. It's only available for Imunify360 version 4.0, currently in beta and due for release before the end of March 2019.   To activate Active Response, follow these steps. 1. Edit the configuration file: /etc/sysconfig/imunify360/imunify360.config 2. Add the these lines to it: OSSEC:     active_response: true 3.  Restart the Imunify360 agent: service imunify360 restart That's it. Now,...
Continue reading
Greg Zemskov

Imunify360 V4.0—New Features Preview

I have good news—there are features coming in Imunify360 4.0 that will make your life easier, your servers safer, and your businesses more profitable.   1. Feature Management ​ Our cPanel users will see a new and better way to manage the features they offer their users. Feature Management is our new way to (can you guess?) … manage features. It's fully integrated into cPanel and it's going to make dealing with multiple service plans and packages a breeze. Before, you could only change features user by user. Now, you can assign any feature changes to entire service plans. (You might even get a welcome windfall from this extra flexibility.) For the time being, the features you'll be able ...
Continue reading
Greg Zemskov

Attention Imunify360 v3.9.3 Beta Testers–We Need Your Help

Thank you, beta testers! We value your dedication to making our product better. Your real-world input helps Imunify360 become the most effective and efficient Linux server security product out there. So here's the deal—we need you to activate Proactive Defense. Proactive Defense is one of the core pillars of Imunify360, able to trace PHP opcodes at runtime, detect and block malicious invocations before it can even execute. We've made some improvements to Proactive Defense: We've refactored the detection algorithm. It's now much faster at tracing PHP code. Proactive Defense examines 50% more URLs and files when scanning, improving detection rates. Proactive Defense works just as it should wit...
Continue reading
Greg Zemskov

WebShield introduction for server administrators

General ​ WebShield is a component of the Imunify360 security solution. Its primary purpose is to handle HTTP traffic and prevent HTTP attacks. As a security solution, WebShield is meant to: Block blacklisted traffic Redirect graylisted traffic to CAPTCHA until the CAPTCHA is passed Act as a proxy service, redirecting remaining traffic to backends It consists of four services: WebShield itself Shared memory daemon SSL-caching daemon Sentrylogs daemon Shared memory is the component of WebShield that makes it easier to deal with certain aspects of Nginx configuration without reloading. It does this by modifying its shared memory. SSL-caching daemon watches changes to host SSL certificate sets ...
Continue reading
Andrey Kucherov

A post-hack survival guide: cleaning your website after being hacked

Introduction Very often, web hosting administrators start to take security measures only after a website has been hacked. So, let us imagine the situation when ImunifyAV has been installed on such an infected server. All malware has been cleaned in one click, and all malicious activity has been stopped. Are we good to go? Are there any safety steps required? Actually, the answer is, "Yes, there are still some steps that can be taken after cleanup". Make sure you use all the product's benefits  Imunify360 consists of multiple modules, including a WAF, malware detection, Proactive Defense, IDS / IPS, and others. I recommend you check out the documentation for each part of the product to g...
Continue reading
Andrey Kucherov

When Linux antivirus lets you down: How to remove malware from a website manually

By Andrey Kucherov, Malware Analyst at Imunify360 The detection rates of anti-malware and antivirus scanners varies considerably. Knowing how to manually scan for and remove malware is an important and useful skill with which to confirm a scanner's effectiveness or compensate for its failings. In this article, Andrey Kucherov, Malware Analyst at Imunify360, describes some essential manual website malware detection and cleanup techniques.   Introduction The reality of modern security creates new challenges for web hosts every day. It is well known that there is no absolute protection that guarantees a 0% chance of your website being hacked. Even major players in online markets suffer fro...
Continue reading
Anna Bofill Bert

Imunify360 reduces hacking attempts by 90%

If you're using a well-known website antivirus and anti-malware solution, you wouldn't expect to be hacked on average 12 or so times per month, would you? Well, yes, you would, but only if that well-known name isn't Imunify360 . This was the case at Yourname.nl , a Dutch hosting provider offering cost-efficient WordPress and Joomla hosting for SMBs and individuals. Their customers' sites were being compromised around 3 times a week, even though they'd tried vanilla ModSecurity and a widely marketed website security solution provider. When they installed Imunify360, their cybersecurity incidences went down by over 90%. While it is easy to calculate the reduction in infiltration attempts, it i...
Continue reading
Oleg Boytsev

How our InfoSec Professionals stay one step ahead

Stay in the light; be aware of the dark. Anonymous 'Know your enemy' is an overused cliche in the cybersecurity industry. We take a broader view: Know your world, and your place in it.  Our team knows the hacking world. We've recruited ethical hackers, OSCP-certified engineers, and seasoned IT professionals, all of whom are watching the dark web and its subversive operatives, watching how threats evolve and how attacks are planned. We routinely monitor zero-day exploits, examining use-cases thoroughly and responding with robust mitigation strategies. The fruits of intensive research and development are augmented by both human experience and machine learning. This sharpens our ability to...
Continue reading
Andrey Kucherov

Host your website safely and avoid website cross-contamination issues

By Andrey Kucherov, Malware Analyst at Imunify360.  This article discusses the hidden pitfalls of hosting multiple websites on one hosting account, and how you can remediate the consequences of website cross-contamination. The structure of virtual hosting (also known as shared hosting) can be illustrated by a bee hive: each website (bee) has its own folder (cell). At the same time, all bees share the same hive (hosting account resources, such as disk space, database, RAM, CPU, etc.). In most cases, hosting companies do not provide resource isolation for shared hosting accounts (plans that let you host multiple websites on one account). In practice, that means that all website files are ...
Continue reading
Greg Zemskov

New ISPmanager Lite panel with ImunifyAV

​For ISPmanager panel users, Revisium Antivirus changes its name to ImunifyAV , keeping its reputation as a popular and effective malware and virus scanner. Today, ISPsystem release a new version of their ISPmanager Lite hosting panel. This version comes pre-installed with ImunifyAV , the new name for Revisium Antivirus. With it, you can scan an unlimited number of websites and users per server, do automatic malware cleanup and create schedules for scanning. You can also get email alerts about any website infections. You can find ImunifyAV in the Tools menu: ​ If a user doesn't have an antivirus solution already configured, ImunifyAV becomes the default for that panel. Otherwise, a system ad...
Continue reading
Greg Zemskov

Why do small sites get hacked?

If you think your site won't be hacked because it's too small to matter, think again. I'll show why that is a false and dangerous assumption. Many site owners and webmasters think that hackers only care about popular, highly-ranked websites. They are wrong. High traffic volume helps boost earnings on partner programs by redirecting visitors to other sites, gets more views of unauthorized advertisements and attracts more clicks on rogue links. But that is not the only way hackers make money. Unprotected sites with low traffic volume are equally attractive to hackers. It is the way they are used that differs from how hackers monetize more popular websites. Any normal site, with an audience of ...
Continue reading
Greg Zemskov

Opsani VCTR is now Imunify QuickPatch, the free, vulnerability evaluator for Plesk

If you use Plesk, you'll know it's one of the leading control panels for web hosters and resellers, and one that supports Opsani VCTR, or, to give its new name, Imunify QuickPatch . Here's an introduction to what it does and why you need it if you care about the security of hosted websites. Making sure your system and its packages are up to date is a fundamental strategy for keeping systems secure. The problem is in the management overhead this creates. The packages and configurations of each system must be regularly checked and updated*. Imunify QuickPatch does this for you. Imunify QuickPatch is free. It scans and analyzes your system for security issues. Imunify QuickPatch analyzes server...
Continue reading
Greg Zemskov

Revisium Antivirus becomes ImunifyAV in Plesk

Plesk panel users will soon notice a change in their panels. For Plesk panel users, Revisium Antivirus changes its name to ImunifyAV , keeping its reputation as a popular and effective malware and virus scanner, and joining the Imunify360 security solution for complete protection of Linux Web servers. As with its previous version, ImunifyAV comes in free and paid versions. The free ImunifyAV efficiently scans websites and detects all kinds of malware. Use it for an unlimited number of scans on all websites on a server. ImunifyAV+ is the paid upgrade that does this and more, with a one-click automated cleanup option for full sanitization of entire servers, effortlessly. Both versions have an ...
Continue reading
Andrey Kucherov

What to do if your Website is Hacked: A Disaster Recovery Plan

Thousands of websites get hacked on a daily basis. Actually, thousands out of the many billions of websites on the Internet is quite a low percentage, but if you got unlucky and your website is among those, you need to take it seriously, and respond to the threat quickly and wisely. Unfortunately, very often, website owners are 100% sure that they won't ever be a victim, and do not have a valid disaster recovery plan for such cases. Or, if they do, the plan consists of just one bullet point: I was unlucky and the plan is to shut down my business. In this article, I cover that gap and offer you a solid disaster recovery plan if your website got hacked. Once Upon a Time, a Website Got Hacked… ...
Continue reading
Oleg Boytsev

Imunify360 protects against a critical vulnerability in Van Ons WP GDPR Compliance WordPress plugin (CVE–2018–19207)

The popular Van Ons WordPress plugin for GDPR compliance, with more than 100,000 active installations, was patched on November 7th due to a privilege escalation vulnerability ( CVE–2018–19207 ) found in version 1.4.2. The WP GDPR Compliance plugin helps website owners meet the recent GDPR European data privacy regulation. This came into effect in May of this year, boosting the plugin's popularity. Starting on 10th November, our Threat Intelligence Group noticed a surge in attacks targeting this exploit vector.   Imunify360 customers were already protected by a WAF rule issued several days earlier. This rule detects and blocks malicious payloads attempting to exploit this attack vector. ...
Continue reading
Greg Zemskov

ImunifyAV: The Free, Powerful, Malware Scanner (now in Beta for cPanel and DirectAdmin)

Keeping watchful is the first step towards effective security; keeping malicious code out of your websites is essential to protect them. I'm excited to let you know about ImunifyAV, our powerful new malware scanner. It's currently available in beta for cPanel and DirectAdmin panels. I'm also happy to tell you it's free and will always be free (as in forever). Here's more about it. ​ ImunifyAV detects all kinds of malware in all types of files —it doesn't matter whether your websites are based on PHP (like WordPress, Joomla and Drupal), or built with classic, static HTML. Our advanced de-obfuscation techniques let it detect malicious code hidden in files using encryption or encoding. ImunifyA...
Continue reading
Greg Zemskov

How Spammers Spam

Twenty years on and spam is still a problem. I'll look at why that is and what we can do to reduce or prevent it. Contrary to popular belief, hacking a site and uploading malicious scripts onto it is not the only way spamming gets a foothold. There are other ways. For example, it could be because of a compromised account, the use of script vulnerabilities, or an incorrectly configured mail server. The diagram below shows an overview of the methods. ​ In this article, I'll look at the different ways unsolicited email (spam) can emanate from a web server, and some of the ways you can stop it. Spamming by hacking A hacked site or server is the most common reason behind an outbreak of spamming a...
Continue reading