Greg Zemskov

New ISPmanager Lite panel with ImunifyAV

imunifyAV-isp
​For ISPmanager panel users, Revisium Antivirus changes its name to ImunifyAV , keeping its reputation as a popular and effective malware and virus scanner. Today, ISPsystem release a new version of their ISPmanager Lite hosting panel. This version comes pre-installed with ImunifyAV , the new name for Revisium Antivirus. With it, you can scan an unlimited number of websites and users per server, do automatic malware cleanup and create schedules for scanning. You can also get email alerts about any website infections. You can find ImunifyAV in the Tools menu: ​ If a user doesn't have an antivirus solution already configured, ImunifyAV becomes the default for that panel. Otherwise, a system ad...
Continue reading
139 Hits
0 Comments
Greg Zemskov

Opsani VCTR is now Imunify QuickPatch, the free, vulnerability evaluator for Plesk

QuickPatch
If you use Plesk, you'll know it's one of the leading control panels for web hosters and resellers, and one that supports Opsani VCTR, or, to give its new name, Imunify QuickPatch . Here's an introduction to what it does and why you need it if you care about the security of hosted websites. Making sure your system and its packages are up to date is a fundamental strategy for keeping systems secure. The problem is in the management overhead this creates. The packages and configurations of each system must be regularly checked and updated*. Imunify QuickPatch does this for you. Imunify QuickPatch is free. It scans and analyzes your system for security issues. Imunify QuickPatch analyzes server...
Continue reading
111 Hits
0 Comments
Greg Zemskov

Revisium Antivirus becomes ImunifyAV in Plesk

imunifyAV-plesk
Plesk panel users will soon notice a change in their panels. For Plesk panel users, Revisium Antivirus changes its name to ImunifyAV , keeping its reputation as a popular and effective malware and virus scanner, and joining the Imunify360 security solution for complete protection of Linux Web servers. As with its previous version, ImunifyAV comes in free and paid versions. The free ImunifyAV efficiently scans websites and detects all kinds of malware. Use it for an unlimited number of scans on all websites on a server. ImunifyAV+ is the paid upgrade that does this and more, with a one-click automated cleanup option for full sanitization of entire servers, effortlessly. Both versions have an ...
Continue reading
165 Hits
0 Comments
Andrey Kucherov

What to do if your Website is Hacked: A Disaster Recovery Plan

website-hacked
Thousands of websites get hacked on a daily basis. Actually, thousands out of the many billions of websites on the Internet is quite a low percentage, but if you got unlucky and your website is among those, you need to take it seriously, and respond to the threat quickly and wisely. Unfortunately, very often, website owners are 100% sure that they won't ever be a victim, and do not have a valid disaster recovery plan for such cases. Or, if they do, the plan consists of just one bullet point: I was unlucky and the plan is to shut down my business. In this article, I cover that gap and offer you a solid disaster recovery plan if your website got hacked. Once Upon a Time, a Website Got Hacked… ...
Continue reading
284 Hits
0 Comments
Paul Jacobs

Black Friday Phishing, Anyone?

black-friday4
​ If this year's Black Friday/Cyber Monday online shopping season is anything like last year's, it'll be a turkey shoot, not only for shoppers, but for hackers too. Bargain hunters are impetuous by nature, the online species more so. In the heady excitement of discount fever virulent throughout the forthcoming holidays, shoppers are more likely to click a phishing link without checking it first. They're also more likely to be shopping on a mobile device , where it's harder to see if a site is genuine or not. Billions of dollars will pass from customer to online shop, some of it through, or aided by, your servers. Your success as a hoster depends on the success of your customers' sites being ...
Continue reading
199 Hits
0 Comments
Oleg Boytsev

Imunify360 protects against a critical vulnerability in Van Ons WP GDPR Compliance WordPress plugin (CVE–2018–19207)

wordpres_20181116-104057_1
The popular Van Ons WordPress plugin for GDPR compliance, with more than 100,000 active installations, was patched on November 7th due to a privilege escalation vulnerability ( CVE–2018–19207 ) found in version 1.4.2. The WP GDPR Compliance plugin helps website owners meet the recent GDPR European data privacy regulation. This came into effect in May of this year, boosting the plugin's popularity. Starting on 10th November, our Threat Intelligence Group noticed a surge in attacks targeting this exploit vector.   Imunify360 customers were already protected by a WAF rule issued several days earlier. This rule detects and blocks malicious payloads attempting to exploit this attack vector. ...
Continue reading
313 Hits
0 Comments
Greg Zemskov

ImunifyAV: The Free, Powerful, Malware Scanner (now in Beta for cPanel and DirectAdmin)

imunifyAV-2
Keeping watchful is the first step towards effective security; keeping malicious code out of your websites is essential to protect them. I'm excited to let you know about ImunifyAV, our powerful new malware scanner. It's currently available in beta for cPanel and DirectAdmin panels. I'm also happy to tell you it's free and will always be free (as in forever). Here's more about it. ​ ImunifyAV detects all kinds of malware in all types of files —it doesn't matter whether your websites are based on PHP (like WordPress, Joomla and Drupal), or built with classic, static HTML. Our advanced de-obfuscation techniques let it detect malicious code hidden in files using encryption or encoding. ImunifyA...
Continue reading
Recent Comments
Greg Zemskov
Hi Eric, Imunify360 is a superior product to AV. Imunify360 includes AV. AV cannot protect websites and server from attacks and ha... Read More
Monday, 12 November 2018 08:19
464 Hits
2 Comments
Inna Gordin

DON’T GET BLACKLISTED ON BLACK FRIDAY

dont-get-blacklisted
Black Friday-Cyber Monday is the busiest e-shopping weekend of the year, so don't let hackers get your site banned by search engines. If your site gets compromised by malicious actors and starts spreading malware, it will be blacklisted by Google safe browsing, Yandex SB, McAfee, ESET, and other security services, which means that online shoppers will not find your site in search engines. This will inevitably disrupt your business, and e-commerce sales will be hit the hardest. With Imunify360's multi-layered approach to complete cyberdefense, you'll protect your sites/servers from malicious intent and stop malware from running on them in the first place. Imunify360 also monitors the blacklis...
Continue reading
318 Hits
0 Comments
Greg Zemskov

Why Does Site or Server Load Increase?

Why server load increases
There's only one good reason why the load on your hosting server starts increasing–the rest are bad. I'll look at how and why they all happen. I was often contacted by site owners who had a problem with high server load. This common condition is first noticed when an owner gets a warning message from their hosting company. Such messages can be precursors to the blocking of the site, and it can happen to almost any site owner or webmaster. This article covers the different reasons why the load on a site or server might be increasing, and what can be done about it. Webmasters usually find out about excess load from their hosters. Hosting companies regulate and control resource usage for each h...
Continue reading
635 Hits
0 Comments
Greg Zemskov

Patterns of thought: the psychology of weak passwords

psychology1
In this article, I look at why webmasters, site administrators and their users choose and use weak passwords. Later, I recommend ways to create passwords that are reliable and resistant to brute-force attacks. Warnings that the internet is increasingly an unsafe environment appear with alarming regularity in studies commissioned by companies specializing in information security. The growing number of web attacks and the increasing activity of the hacker community require a new discipline and focus on security. But while cybersecurity experts are talking about high technology and advanced protection, it seems a rudimentary rule has been forgotten: the use of strong passwords. Unreliable passw...
Continue reading
459 Hits
0 Comments
Paul Jacobs

Drupalgeddon Updates to 2.0 - Shouldn’t you update too?

drupalgeddon
The latest wave of Drupalgeddon activity highlights the importance of keeping software up to date, especially when it's a popular CMS like Drupal , itself based on the rapidly changing web development programming language PHP and the widely used open source RDBMS MySQL. Our Analyst's Insight into this vulnerability gives more details. Imunify360 defends against this threat by virtue of a sophisticated WAF rule set developed and maintained by our own threat intelligence team. Larger vendors' rulesets are too general and too inflexible to track such dynamic threats. Another component in Imunify360's layered security defenses is called Proactive Defense. It uses comprehensive heuristics to dete...
Continue reading
286 Hits
0 Comments
Oleg Boytsev

Drupalgeddon 2.0: Analyst’s Insight

vulnerability
Activity Our monitoring systems identified a first-wave malicious campaign on April 12th, 2018, the same day that proof of concept code went public. The Drupal core security team had earlier released security advisory SA-CORE–2018–002 on the 28th March. We released our blocking and detection rules a few days later meaning that Imunify360 customers were already protected by the time the campaign started. October saw a new burst of attacks on this vector. Botnets located on thousands of IPs requested access to Drupal-based sites to upload a malicious payload. The chart below shows the activity levels for the past few months. Recognition Most connections were attempting to extract the server's ...
Continue reading
327 Hits
0 Comments
Greg Zemskov

Avoid Multi-Site Hacking – Part 2

Security solution for web hosting
In Part 1 , we looked at security isolation as a technical solution for preventing infections on one site spreading to neighboring sites in multi-site hosting systems. In Part 2, we'll consider other non-technical ways to beef up multi-site protection. Site security = technical protection + organizational measures If you don't use security isolation on sites in the same hosting account, you should at least give each site its own account. However, this is often impossible, as the combined sum of each site's content resource needs (disk, memory) is too great. This is where the next elements of complex security come in. I call them organizational measures . Here are some examples. ​ Secure work...
Continue reading
450 Hits
0 Comments
Greg Zemskov

Avoid Multi-Site Hacking – Part 1

avoid-part1
Running shared or VPS servers has risks. When one site is hacked, neighbors succumb shortly after. In this two-part article, I'll explain the risks in detail and what you can do to mitigate them. Shared hosting and VPS servers allow you to host several sites within one user account. If you're a webmaster, a web studio, an Internet agency, or a business owner, you do this not only for convenience but also to save money, as it is cheaper than buying separate accounts for each site. But there's a problem. Multi-site accounts are vulnerable to hacking and the subsequent infection of the entire hosting account. Often, there are dozens of "patients" (tenants) on the same site who urgently need tre...
Continue reading
770 Hits
0 Comments
Kirill Bykov

One-click automatic malware cleanup in Imunify360 beta

cleanup
Today we are releasing the latest beta version of Imunify360. Along with other features mentioned here , it comes with a major new addition: one-click automatic malware cleanup functionality. We are leveraging the power of our recent acquisition, Revisium's market-leading malware scanning engine, to find and automatically fix malware-infected files. Now you can rid your websites of infections with a single click. This is an indispensable feature, especially for servers with many websites, because it eliminates the headaches usually associated with manual cleanups and customer support issues. And don't forget that Imunify360's six-layer security stops almost all attacks . Its new Proactive De...
Continue reading
374 Hits
0 Comments
Inna Gordin

Imunify360: The only option for all-around proactive web security

imunify-only-solution
As a hosting provider, you have choices in the security space. We at CloudLinux know them and we know the hosting market well. Over the years, we've met with and spoken to a lot of hosting providers, to understand their needs, and to deliver solutions specifically for them. Naturally, we looked at the other leading security solutions to see how they compared to Imunify360 . Here's what we found. One license covers all sites on the server If you own a server, you only need one Imunify360 license for all the sites hosted on it. As a hosting provider, you have the freedom to up-sell to site owners or include it as part of their package. Other solutions charge per hosted site , not per server. N...
Continue reading
263 Hits
0 Comments
Paul Jacobs

Why every month should be National Cybersecurity Awareness Month

ncsam
This month, October 2018, in the US it is the 15th National Cybersecurity Awareness Month . Another month, another 'awareness' . Does this suppose that all the other 11 months we should be less aware? Do hackers make a special effort to be nicer in October? Do they leave love letters on your server instead of malware? Does it help if you live on Tokelau*? No. EVERY month is cybersecurity awareness month, and every week and every day and every second of every day, everywhere. Because cyber attacks are automated. Hackers are using scripts and scalable tools to do the grunt work, the same way you make scripts to automate tedious tasks on your servers. Here's a recipe for success this cybersecur...
Continue reading
413 Hits
0 Comments
Kirill Bykov

Imunify360 beta now supports Ubuntu

ubuntu-plesk
We are happy to announce that Ubuntu 16.04 LTS support was added with the Imunify360 3.6.0 beta release . This means that Plesk users can now take advantage of all Imunify360 security features including the new Proactive Defense , advanced firewall, malware scanning (antivirus), IDS/IPS protection, reputation management, and much more , all inside one comprehensive but simple-to-use dashboard. As you know, Imunify360 runs on CentOS 6 & 7, and CloudLinux OS 6 & 7 distributions. We have now added Ubuntu 16.04 LTS to that list. Plesk customers can install Imunify360 for Ubuntu using these instructions . After installation, customers will find Imunify360 in Plesk's "Links to Additional S...
Continue reading
Tags:
409 Hits
0 Comments
Inna Gordin

At this year’s cPanel Conference: how to secure your Linux Web server

How-to-secure
The cPanel Conference is happening between October 1–3, 2018, in Houston, TX, at the Westin Galleria Houston. As always, CloudLinux is a proud sponsor of the event and will be there. Our CEO, Igor Seletskiy, will be discussing a number of topics . If you're coming, here are some of the sessions to look out for: Panel Discussion: Who owns your information? The role of privacy in the cPanel ecosystem Tuesday, October 2, at 4 pm, Galleria I & II, 3rd level Panelists will talk about how being "stuck in the middle" of the Internet is an opportunity, and how you can use privacy to distinguish your business from companies still stuck in 1997. They'll offer real-world experience and business adv...
Continue reading
544 Hits
0 Comments
Kirill Bykov

Imunify360’s latest malware scanning engine protects Linux web servers better than ever

introducing-new-engine
After July's release of Proactive Defense comes this month's big news: the integration of Revisium's powerful malware scanner, strengthening Imunify360's multi-vector threat defenses even more. It automatically finds and fixes viruses, scripts, malware, backdoors, web-shells, hacker tools, blackhat SEO, phishing pages, and more. Today we have released the latest version of Imunify360. You can see the upgrade instructions and release notes here . Now that Revisium has joined our team we will soon be expanding our product line by offering more security options to service providers, providing our hosting partners with additional resale opportunities. About a month later, Revisium's automated ma...
Continue reading
505 Hits
0 Comments