Hooks are a new addition to our flagship cybersecurity product Imunify360. In my recent post on hooks , I described how they let you capture events from the agent and act on them. For example, you might want to automatically notify a user or suspend a web hosting account if Imunify360 detects malware in the account’s file system. That last scenario is explained in a video presented by our Senior Sales Engineer, Jamie Charleston . He shows you the code and steps needed to set up an automated action based on malware detection. You can watch it here.

If you have any suggestions, please, add them in the comments.

Learn webserver security from those who know it best. This year, cPanel and Imunify team giving you the opportunity to learn more about Imunify through our Imunify Security Products certification training course right at WebProsSummit 2019 .  Jamie Charleston, our Senior Sales Engineer, will teach you all about Imunify Security Products and explain every Imunify feature in detail, showing you the best and safest way to configure it for your web server. You’ll learn how to use the malware scanner, what Proactive Defense is and how it works, how to interpret cybersecurity incidents in the Incident Manager, and find out the best way to secure your server from viruses and malware, and...

As always, CloudLinux is a proud sponsor of the cPanel’s events and this year, at Webpros Summit we will represent Imunify Security Products.   Traditionally,  CEO of CloudLinux Inc, Igor Seletskiy, will provide the presentation and discuss some hot topic related to the hosting industry. This time, he will talk about Security From a Big Data Perspective and share all the insights about how Imunify Security collects data points from more than a hundred thousand servers, so we can see how attacks unfold in real-time. In this session, Igor will show what Imunify team has learned, how some basic security best practices can immediately give you a 10% improvement in protection agai...

A new vulnerability has been discovered [1] in the popular ClamAV antivirus scanning engine. ClamAV is one of the antivirus scanning engines used in ImunifyAV and Imunify360. For this reason, we’ve released an update of the ClamAV package so that ImunifyAV and Imunify360 can be protected from this vulnerability. How it works The vulnerability means that certain kinds of highly-compressed zip files can’t be scanned. David Fifield [2], a security researcher, found that, using overlapping techniques, he could generate files with extraordinary compression ratios. In one case, he managed to compress a 281 TB file down to 10 Mb. That’s a compression ratio of more than 28,000...

Imunify360 lets you change a lot of settings and customizations in the admin UI. There are also some settings in the user UI too, so users can enable/disable Proactive Defense, or choose the default action when malware is detected. Some of those settings, under certain circumstances, can affect server security. So today’s question is a little trickier than usual...

To improve the user experience in Imunify360 we want to ask: What are the most common server security issues you face? What should be the primary focus of our product?

To improve the user experience in Imunify360 and ImunifyAV we want to know how you deal with infected user accounts. Some hosters instantly block the account to prevent further malware distribution, while others simply notify users when malware is detected. If you have more details or comments on how and why you deal with infected user accounts, please share them. We’d love to hear your views.

Malware changes daily, sometimes hourly.

To keep servers safe, you must make sure your Imunify360 malware database is always up to date. We're striving to make Imunify360 the easiest way to keep Linux web servers secure. So we're announcing that, as of July 10, 2019, the Imunify360 and ImunifyAV malware and black hash databases get updates every business day.

Do you fight malware from the knife-edge of the command line, or the plush refinement of the GUI? That’s today’s poll—it only takes a second. There are several ways of managing servers and controlling their applications and services. We’re curious what type of interface you prefer while working with Imunify360: Command Line or UI. Which do you prefer? Your feedback helps us improve Imunify360 and make it everything a Linux web hosting ninja needs for all-round server cybersecurity. What type of automation/tools are you using?

This time we invite you to share your experience regarding one of the non-typical security issues - database malware injection / infections.  Join the new poll now Also, we are thankful to you for participating in the recent poll and ready to share the results regarding the question "What 3 features are the most valuable for you in Imunify360?" 

In Imunify360 v4.2 beta, we introduced “Hooks”, a new way to handle asynchronous events coming from the Imunify agent. It works like a simple event handler. For example, you can create a script that will run when malware is detected (right after the on-demand or background scan is finished).

The script is put on the server and registered via the Imunify360 command-line interface. In the script, you can specify a set of actions based on the scanning report received from Imunify360: for example, suspend a user account infected with malware, send out an email notification, or submit a ticket for the client. Hooks are just executables, so they can be written in any language (bash, php, python, etc.).

We’ve had a lot of questions regarding the practical use of hooks. So, we’ve created this article to show you an example of a hook that runs when malware is detected, and suspends the cPanel user account when the number of infected files exceeds three.

Here are the steps to create the hook:

Create a file (e.g. /root/hooks/hook.php) with the following content:

We no longer use ClamAV for malicious files detection, and keep it as a part of Imunify360 only for detecting suspicious files. Starting from Imunify360 v4.3, we're removing it completely. Given that it may consume lots of resources while running on some configurations, you may want to disable it in Imunify360 prior to v4.3 release. Here are brief instructions for how to do that in v4.2. To disable ClamAV you need to set an empty value for the 'clamav_binary' option in /etc/sysconfig/imunify360/imunify360.config (default is /usr/bin/clamscan ): MALWARE_SCANNING: clamav_binary: That's it. If you have any questions or need further assistance, please get in touch .

We have a nice, new, time-saving tip over on the CloudLinux KnowledgeBase.

It tells you how to copy Imunify360 configurations from one server to another.

Read it here.

If there’s anything else you’d like us to write about, please let us know.

A hacker might not cause any noticeable damage when infiltrating your web server. You may not notice any change in performance or any loss of data. But that doesn't mean everything is okay. A popular use of a compromised server is to distribute malware. Malware is mal icious soft ware . It gets embedded into your website's pages and can infect any visitors to those sites. Hackers do this by injecting malicious code into a database or into web page templates. Visitors get redirected to malicious sites, or inadvertently download trojans. If an online antivirus tool detects a site hosting malware, it will blacklist the site by adding it to its database of malicious websites. Users of the same a...

Good news is always worth repeating: Plesk integrates ImunifyAV into its famous WebOps hosting control panel. It's not even been a year yet but we're already seeing the benefits of integrating Revisium's advanced antivirus and anti-malware scanner into ImunifyAV . One of these good signs is the decision by Plesk to integrate our free scanner directly into their core product. I know Plesk's customers are going to love how ImunifyAV makes their web sites safer. It's quick, it's easy, and best of all, it's free. Keeping web servers safe shouldn't be a headache or an afterthought. ImunifyAV is the cure for both problems. ImunifyAV automatically scans your websites for malicious files. If it find...

The good news just keeps coming: cPanel & WHM integrates ImunifyAV into its hosting automation platform.

cPanel is integrating ImunifyAV, our advanced antivirus and anti-malware scanner, into its famous web hosting control panel.

ImunifyAV automatically scans your web site for malicious files and it does it for free. It can detect all kinds of malicious files, such as backdoors, web-shells, viruses, hacker’s tools, black hat SEO scripts, phishing pages, and others. If any are found, ImunifyAV will report back telling you how to remove them manually.

I appreciate that not everyone has the time or knowledge to do this, so there’s a built-in upgrade option to ImunifyAV+ which lets you perform an automated one-click clean up. It’s quick, it’s thorough, and it removes the stress and worry usually associated with managing your cybersecurity defenses.

For those web hosters that need a comprehensive, all-in-one security solution, there’s a further upgrade option available in the form of Imunify360. More and more web hosters and Linux server managers around the globe are choosing Imunify360 for its ability to protect web servers and websites effectively and simply. Its multi-layered security architecture incorporates a firewall, WAF, IDS and IPS, and advanced machine learning for dynamic rule and signature creation. There’s also our unique herd immunity, the name we give to how Imunify360 instances share threat intelligence information among one another, forming a web of cyber threat knowledge greater than the sum of its parts. All in all, it makes Imunify360 the complete, perfectly integrated web security package.

A month in development passes so quickly.

We announced in February that we have a new version of Imunify360 coming with some great new features. It’s ready, it’s out of beta and into general availability. Here’s a quick reminder of the new stuff. More details are in the Imunify360 4.0 preview post.

Feature Management (cPanel only for now)—Our cPanel users will see a new and better way to manage the features they offer their users. Feature Management is the new way to manage features, fully integrated into cPanel. It’ll give a lot of flexibility in adjusting the features available on hosting service plans and packages.

Dashboard/Charts—Now you’ll be able to see how well Imunify360 has been defending your systems, where attacks are coming from and how many. There are these new alerts, with more coming soon: total number of alerts, number of CAPTCHA events, number of WAF alerts, number of web-based brute-force attacks, number of OSSEC (network level) attacks, number of denied requests from bad bots.

Proactive Defense extension: The Blamer—The Blamer is a new extension to Proactive Defense. It gathers intelligence on attack profiles and uses this information to prevent future attacks.

I have good news—there are features coming in Imunify360 4.0 that will make your life easier, your servers safer, and your businesses more profitable.   1. Feature Management ​ Our cPanel users will see a new and better way to manage the features they offer their users. Feature Management is our new way to (can you guess?) … manage features. It's fully integrated into cPanel and it's going to make dealing with multiple service plans and packages a breeze. Before, you could only change features user by user. Now, you can assign any feature changes to entire service plans. (You might even get a welcome windfall from this extra flexibility.) For the time being, the features you'll be able ...

Thank you, beta testers! We value your dedication to making our product better. Your real-world input helps Imunify360 become the most effective and efficient Linux server security product out there. So here's the deal—we need you to activate Proactive Defense. Proactive Defense is one of the core pillars of Imunify360, able to trace PHP opcodes at runtime, detect and block malicious invocations before it can even execute. We've made some improvements to Proactive Defense: We've refactored the detection algorithm. It's now much faster at tracing PHP code. Proactive Defense examines 50% more URLs and files when scanning, improving detection rates. Proactive Defense works just as it should wit...