Imunify360 User Interface

Imunify360 is an all-in-one security solution with robust herd protection against the newest attacks, and it is available directly within your control panel (cPanel, Plesk, and DirectAdmin).

When you log in to your control panel, Imunify360 asks you to enter your email address.

By entering your email address you agree to receive email reports about critical issues, security alerts or system misconfigurations detected on your servers.

Note

This email address is used ONLY for receiving server reports.

Or you can do it later in the Settings | General | Contact Details.

Log in to your control panel as an admin and go to Plugins, choose Imunify360 to get to the Imunify360 user interface.

It allows to access:

  • Support – allows you to contact our support team directly from your Imunify360 User Interface

  • Dashboard – allows you to see retrospective data in form of charts/heatmaps in your Imunify360 User Interface

  • Incidents – the list of all suspicious activity on the server.

  • Lists – a dashboard of Black List, White List and Gray List, and Blocked Ports with the ability to manage them.

  • Malware Scanner – real-time file scanner.

  • Proactive Defense – a unique Imunify360 feature that can prevent malicious activity through PHP scripts

  • Reputation Management – analyzing and notifying tool intended to inform about websites blocking and blacklisting.

  • KernelCare – KernelCare current state.

  • Imunify360 Settings – configuring and controlling Imunify360 options.

Support

This tab allows you to contact our support team directly from your Imunify360 User Interface. You can create a request and attach some files to it.

To contact our support team in Imunify360 User Interface, please click the Call icon at the top right corner of the page.

A support ticket will be created and an email will be sent to a specified email address. When a status of your request will change you receive a notification to your email address. You will be able to track your request via https://cloudlinux.zendesk.com/hc/ and email.

Dashboard

You can access the Imunify360 Dashboard from your control panel. It shows security events as charts and heat maps. It's a great way to analyze incidents that happened within the past day, week or month.

Note

Beta 4.0 and later

Click Dashboard tab to display an overview of incidents recorded during the selected time interval, an estimate of the intensity of attacks, and correlate events across all sources.

Here you can see notifications about server security and Imunify360 configuration, along with recommendations for making server security effective and proactive.

Multi-server Dashboard

Note

Beta 4.1 and later

Starting from Imunify360 version 4.1, the Dashboard can display Imunify360 performance data for a number of specified servers.

  • You can add a specified server using its server key – a unique server id that identifies an installed Imunify360 instance.

    Note

    Server key is NOT a license key.

  • You can easily remove a server from the Dashboard.

  • You can use Server drop-down to show a list of all servers added into the Dashboard.

How to get a server key

There are two ways to get a server key.

  1. Click the key symbol to copy server key of the selected server to the clipboard.

  2. Go to the /var/imunify360/license.json file and find id field. Your server id looks like an alphanumeric string SghjhgFESDh65CFLfvz.

How to add a server

If you'd like to display performance data for the server A on the Dashboard of the server B, please do the following:

  • Go to the server A Dashboard and copy its server key (see How to get a server key)
  • Go to the server B Dashboard and click the Add Server button
  • The Add server key pop-up opens

  • Paste the server key belonging to the server A to the Server key field
  • Click Confirm to add the server A to the Dashboard of the server B. To stop adding the server and close the pop-up, click Cancel.

Go to the Server drop-down to check all added servers – it contains a list of hostnames of all added servers and/or a list of IPs (if a hostname is not found).

How to remove a server

To remove a server, click the Trash Can symbol . The Remove Server pop-up opens.

Click Confirm to remove the server. To stop removing the server and close the pop-up, click Cancel.

Note

You cannot remove a server from its Imunify360 Dashboard.

Charts and heat maps

The following time periods are available:

  • Last 24 hours
  • Last 7 days
  • Last 30 days

The following representation forms are available:

  • Heatmap visualizes the geographical distribution of incidents
  • Histogram represents the numerical distribution of incidents

Hover mouse over the particular bar to check the accurate value.

Note

Charts may have gaps. This means that no incidents or alerts were recorded during that day/time period.

The following charts are available.

  • Alerts total

Security incidents recorded within the selected time interval. Data includes all ModSecurity incidents, Imunify360 DOS plugin alerts, cPanel Login Failure Daemon (for cPanel only) and OSSEC alerts. This is a summary of all major alert sources.

  • CAPTCHA events

Recorded requests coming from detected attackers or bad bots that show the CAPTCHA challenge within the selected interval.

  • WAF alerts

Web attacks recorded by ModSecurity within the selected time interval. It may include CMS brute-force and login attempts, websites hacking attempts, attempts to access “sensitive” files or restricted areas, and other malicious requests.

  • Web-based Brute-force Attacks

Web-based brute-force attacks against the CMS and hosting panel, and incidents recorded by ModSecurity.

  • OSSEC: Network Level Attacks

Attacks against network services, e.g. FTP, SSH, POP, IMAP, etc., recorded by OSSEC IDS within the selected time interval. It includes authentication failures, requests from blocked IPs, break-in attempts alerts and more.

  • Denied Requests from Bad Bots

Attacks detected by the Imunify360 Bot-Detector heuristics-based plugin. Bot-Detector is a part of Imunify360’s “herd immunity” feature that collects and analyzes a massive amount of information on new attacks on a global scale which it uses to prevent attacks across multiple servers.

Note

Some charts may be hidden if no alerts of a particular type were recorded within the selected time interval.

Incidents

Choose Incidents tab to view and manage the list of all the incidents. The table displays a list of detected incidents with all the information about the incidents reasons.

Use filters to show the exact list of incidents:

  • Timeframe – allows filtering incidents by different time periods.
  • List – allows filtering incidents by White List, Black List, or Gray List, or showing the incidents from all lists.
  • IP – allows showing all the incidents of a proper IP address. Tick Description/IP checkbox to enable input field where you can enter a proper IP or a part of it and filter the list by clicking on magnifier or pressing Enter.
  • Country – allows filtering the incidents by abusers country. Tick Country checkbox to enable input field with auto-complete where you can enter a proper country and  filter the incidents by clicking magnifier or Enter.

Slide Auto-refresh to enable or disable automatic refresh of the incidents in the table without reloading the web page. Set the number of incidents to be shown on a page by choosing the number of items per page in the bottom right of the page.

The list of incidents contains the following information:

  • Date – the time when the incident happened.

  • IP - the IP address of the abuser. There is a color indication for IP address.

    • A gray bubble means that this IP address is currently in the Gray List (so, every connection from this IP address will redirect to the CAPTCHA).
    • A blue bubble means that this IP address is currently in no one list (White/Gray/Black). IP is not blocked.
    • A white bubble means that this IP address is currently in the White List. IP will never be blocked by Imunify360.
    • A black bubble means that this IP address is currently in the Black List. And access from this IP is totally blocked without ability to unblock by the CAPTCHA.
    • No bubble is shown when this incident doesn’t contain IP address.
  • Country– country origin of the abuser IP address.

  • # of Times – the number of times the abuser tried to repeat the action.

  • Event – description of the event or suspicious activity (as it is described by OSSEC and Mod_Security sensors).

  • Severity – severity level of the incidents (as it is estimated in OSSEC severity levels and Mod_Security severity levels). The color of severity means:

    • Green – Mod_Security levels 7-5, OSSEC levels 00-03
    • Orange – Mod_Security level 4, OSSEC levels 04-10
    • Red – Mod_Security levels 3-0, OSSEC levels 11-15

Click an incident to expand the detailed information.

Actions available for the Incidents:

  • Disabling the rule of the incident and add it to the list of Disabled rules. Click Ban icon in a proper incident row and confirm the action.

  • Adding IP to the Black or White list. Click Cog icon and choose the action.

Firewall

Lists tab allows viewing and managing the IP addresses in the lists:

  • White List – allows to always accept IPs from the list.
  • Gray List – an auto-generated list of all the IPs blocked by Imunify360, based on Sensors alerts and alerts from the central server.
  • Black List – allows to always block IPs from the list.
  • Blocked Ports – allows to manage the list of blocked ports.

White List

Click Lists in the main menu then choose White List.

Use filters to show the exact list of the IPs:

  • IP – allows filtering the list by IP. Enter an IP or a part of it into the input field.
  • Country – allows filtering the list by country origin. Enter a country name into the input field with autocomplete. Imunify360 will show the list of IPs of the chosen country.
  • Comments – allows filtering the list by comments. Enter a comment into the input field.
  • Use Items per page at the page bottom right to set the number of the incidents to be shown on the page.

You can perform the following actions with the IPs in the White List:

  • Add IP manually
  • Add a comment to IP
  • Move IP from the White List to the Black List
  • Remove IP from the White List

How to add IP manually

To add an IP to the White List, click Add on the right side of the page. The following pop-up opens.

In the pop-up choose IP tab and fill out:

  • Enter IP – IP or subnet in CIDR notation
  • Enter a comment – type a comment to the IP or subnet (optional)
  • Enter TTL in days or hours – time to live – for how long the IP will be in the White List.
  • Choose White List radio button
    • For the White List it is possible to tick Full Access checkbox to make this IP or subnet ignore the rules in Blocked ports. The IPs with full access have a crown icon in the IP column.

    Note

    You can grant or remove full access afterwards in the table, just click Cog icon and choose Grant Full Access to grant or Remove Full Access to remove it.

When done, click Add IP to confirm your action or Cancel to hide pop-up.

You will see a notification if an IP has been added successfully.

How to add a comment to IP

In the proper IP row click in the Comment column, type a comment and click .

To remove a comment, click and remove the text. Then click .

How to move IP from the White List to the Black List

To move several IPs from the White List to the Black List choose proper IPs (use checkboxes), click Group Actions at the top of the table and choose Move to Black List in the drop-down.

To move one IP address, click Cog icon in a proper IP row and choose Move to Black List in the drop-down.

You will see a notification if the IP is moved successfully.

How to remove IP address from the White List

To remove several IPs from the White List, choose proper IPs (use checkboxes) and click Delete permanently. Then confirm the action.

To remove an exact IP from the White List, just click Bin icon for a proper IP address and confirm the action.

You will see a notification if the IP is deleted successfully.

Whitelisted trusted services

Imunify360 has predefined whitelisted services. The actual list is always available on the link.

Gray List

Choose Lists tab in the main menu then click Gray List.

Use filters to show the exact list of the IPs:

  • IP – allows filtering the list by IP. Enter an IP or a part of it into the input field.
  • Country – allows filtering the list by country origin. Enter a country name into the input field with autocomplete. Imunify360 will show the list of IPs of the chosen country.
  • Comments – allows filtering the list by comments. Enter a comment into the input field.
  • Use Items per page at the page bottom right to set the number of the incidents to be shown on the page.

You can perform the following actions with the IPs in the Gray List:

  • Move IP from the Gray List to the Black List
  • Move IP from the Gray List to the White List
  • Remove IP from the Gray List

How to move IP from the Gray List to the Black List

To move several IPs from the Gray List to the Black List choose proper IPs (use checkboxes), click Group Actions at the top of the table and choose Move to Black List in the drop-down. Then confirm the action.

To move one IP address, click Cog icon in a proper IP row and choose Move to Black List in the drop-down. Then confirm the action.

You will see a notification if the IP is moved successfully.

How to move IP from the Gray List to the White List

To move several IPs from the Gray List to the White List choose proper IPs (use checkboxes), click Group Actions at the top of the table and choose Move to White List in the drop-down. Then confirm the action.

To move one IP address, click Cog icon in a proper IP row and choose Move to White List in the drop-down. Then confirm the action.

You will see a notification if the IP is moved successfully.

How to remove IP from the Gray List

To remove several IPs from the Gray List, choose IPs in the list (use checkboxes) and click Delete permanently. Then confirm the action.

To remove an exact IP, click Bin icon for a proper IP row and confirm the action.

You will see a notification if the IP is removed successfully.

Black List

Choose Lists tab in the main menu then click Black List.

Use filters to show the exact list of the IPs:

  • IP – allows filtering the list by IP. Enter an IP or a part of it into the input field.
  • Country – allows filtering the list by country origin. Enter a country name into the input field with autocomplete. Imunify360 will show the list of IPs of the chosen country.
  • Comments – allows filtering the list by comments. Enter a comment into the input field.
  • Use Items per page at the page bottom right to set the number of the incidents to be shown on the page.

The following actions are available with IPs in the Black List:

  • Add IP manually
  • Add a country
  • Add comments to IP
  • Move IP from the Black List to the White List
  • Remove IP manually

How to add IP manually

To add an IP to the Black List click Add on the right side of the page.

In the pop-up choose IP tab and fill out:

  • Enter IP – IP or subnet in CIDR notation
  • Enter a comment – type a comment to the IP or subnet (optional)
  • Enter TTL in days or hours – time to live – for how long the IP will be in the Black List.
  • Choose Black List radio button

When done, click Add IP to confirm your action or Cancel to close the pop-up.

You will see a notification if the IP is added successfully.

Note

Required Imunify360 Beta version 2.7.4 or later

If Show only manually added switcher is disabled (default setting) than IPs automatically blocked by Imunify360 without access to CAPTCHA are displayed in the Black List along with manually added IPs. They have Imunify360 in the Source column and Automatically blocked due to distributed attack in Comment column.

Note

Regardless of switched CSF off or on, blocked by Imunify360 IPs exist along with CSF deny list. Warning displayed at the top of the table says that CSF is running and can be used for blacklisting along with Imunify360.

How to add a country manually

To add a country to the Black List, click Add on the right side of the page.

In the pop-up choose Country tab and fill out:

  • Enter country – autocomplete field. Just start typing.
  • Enter comment – type a comment to IP or subnet (optional).

When done, click Add Country to confirm or Cancel to close the pop-up.

You will see a notification if a country has been added successfully.

How to add a comment to IP

In the proper IP row click in the Comment column, type a comment and click .

To remove a comment, click and remove the text. Then click .

How to move IP from the Black List to the White List

To move IP from the Black List to the White List, choose proper IPs in the list (use checkboxes), click Group Actions at the top of the table and choose Move to White List in the drop-down. Then confirm the action.

To move an exact IP, just click the Cog icon in a proper IP row and choose Move to White List in the drop-down. Then confirm the action.

You will see a notification if an IP is moved to the White List successfully.

How to remove IP from the Black List

To remove IP from the Black List, choose proper IPs in the table (use checkboxes) and click Delete permanently. Then confirm the action.

To remove an exact IP, just click Bin icon in the proper IP row. Then confirm the action.

You will see a notification if an IP is successfully removed.

Blocked Ports

This feature allows to block specific ports for TCP/UDP connection. It is also possible to add specific IPs or subnet as a whitelisted so that the rule for the port will not work.

Note

Imunify360 can block particular ports using this feature, yet it doesn't support a paradigm to "block everything but the selected ports". That could be achieved via legacy linux iptables.

Click Lists and choose Blocked Ports.

Note

If CSF integration enabled, then Blocked Ports will be disabled. Imunify360 imports Closed ports and their whitelisted IPs from CSF.

Use filters to show the exact list of the IPs:

  • IP – allows filtering the list by IP. Enter an IP or a part of it into the input field.
  • Country – allows filtering the list by country origin. Enter a country name into the input field with autocomplete. Imunify360 will show the list of IPs of the chosen country.
  • Comments – allows filtering the list by comments. Enter a comment into the input field.
  • Use Items per page at the page bottom right to set the number of the incidents to be shown on the page.

The following actions are available for the ports:

  • add port to the list of blocked ports
  • edit ports in the list of blocked ports
  • add a comment
  • delete permanently

Add a port to the list of blocked ports

On the Lists page choose Blocked ports and click Add. In the pop-up specify the following:

  • Port – the number of the port to be added to the list of blocked ports.
  • TCP/UDP – tick the checkboxes of connection types for the port that should be blocked.
  • Enter comment (optional) – a text to be added as a note for the port.
  • Whitelisted IPs – add IPs separated by comma to the White List. They will be able to use the port.

Click Add Port to proceed or Cancel to close the pop-up.

Edit ports in the blocked ports list

To add an IP or a subnet to the White List for the port, click +IP and in the Add IP/Subnet pop-up specify the following:

  • Enter IP – IP or subnet that should be added to the whitelist
  • Enter description – a description to be added as a note to the IP or subnet.

Add a comment

In the proper port row click in the Note column, type a comment and click .

To remove a comment, click and remove the text. Then click .

Delete permanently

To delete a port or separate IP/subnet, click Bin icon in the row of the element.

Malware Scanner

Note

The functionality described here depends on Malware Scanner settings.

Imunify360 Malware Scanner can scan file systems for malware injection and quarantine infected files.

This is also a real time file scanner for vulnerability and it can:

  • scan files uploaded via FTP (supporting Pure-FTPd)

  • scan files uploaded via HTTP/HTTPS

  • scan files for changes via inotify

  • scan on-demand (any folder needed)

Note

When using Mod_Security for real-time scans, it is only possible to detect file owner if Apache is running with mod_ruid2 configured. In other cases, the user for these files will always be the user a web server is running under (usually nobody).

Malware scanning allows you to:

  • observe scanner activity
  • start on-demand file scanner
  • manage malicious and quarantined files
  • manage Ignore List

Click Malware Scanner in the main menu of the Imunify360 user interface.

The following tabs are available:

Users

Go to Imunify360 → Malware Scanner → Users tab. Here, there is a table with a list of users on the server, except users with root privileges.

The table has the following columns:

  • User name — displays the user name.
  • Home directory — the path to the user home directory starting from the root.
  • Infection status — the current status depending on the last action made:
    • On-Demand scanning — scanning was initiated/made by an administrator;
    • Scanning queued — user's files are queued for scanning;
    • Background scanning — scheduled scanning is in progress;
    • Scanning scheduled — user's files scanning is scheduled;
    • Cleaning up — user's files are now cleaning up;
    • Not yet scanned — user's files have not been scanned yet;
    • No malware found — no malware was found during scanning.
  • Actions:
    • Scan for malware — click Scan to start scanning files for a particular user.
    • View report — click View Report to go to the Files tab and display the results of the last scan.
    • Cleanup — click Cleanup to start cleaning up infected files for the user.
    • Restore original — click Restore original to restore original file after cleaning up if backup is available. To perform a bulk action, tick required users and click the corresponding button above the table.

To clean up all files of all users and scan all files, click Scan all or Cleanup all button above the table.

The following filters are available:

  • Items per page displayed — click the number at the table bottom.

The table can be sorted by User name and Infection status (by the date of the last action).

Files

Go to Imunify360 → Malware Scanner → Files tab. Here, there is a table with a list of infected files within all domains and user accounts.

The table has the following columns:

  • Detected — displays the exact time when a file was detected as malicious.
  • User name — displays file owner name.
  • File — the path where the file is located starting with root
  • Reason — describes the signature which was detected during the scanning process. Names in this column depend on the signature vendor. You can derive some information from the signature ID itself. SMW-SA-05155-wshll – in this Signature ID:
    • The first section can be either SMW or CMW. SMW stands for Server Malware and CMW stands for Client Malware
    • The second section of ID can be either INJ or SA. INJ stands for Injection (means Malware is Injected to some legitimate file) and SA stands for StandAlone (means File is Completely Malicious)
    • The third section is 05155. This is simply an identification number for the signature.
    • The fourth section wshll/mlw.wp/etc explains the category and class of malware identified. Here, wshll stands for web shell (mlw stands for malware).
    • The fifth section is 0, which provides the version number of the signature.
  • Status — displays the file status:
    • Infected — threat was detected after scanning. If a file was not cleaned after cleanup, the info icon is displayed. Hover mouse over info icon to display the reason;
    • Cleaned — infected file is cleaned up.
    • Quarantined – a file was moved to the quarantine.
    • Content removed — a file content was removed after cleanup.
    • Cleanup in progress — infected file cleanup is in progress now.
  • Actions:
    • Add to Ignore List — add file to the Ignore List and remove it from the Malicious files list. Note that if a file is added to the Ignore List, Imunify360 will no longer scan this file. Click the Gear symbol and select Add to Ignore List.
    • Delete permanently — remove the file from the server and from the list of Malicious files. Click the Gear symbol and select Delete permanently.
    • View file — click View file symbol in the file line and the file content will be displayed in the pop-up. Only the first 100Kb of the file content will be shown in case if a file has bigger size.
    • Move to quarantine — move the file to the quarantine. Click Move to quarantine symbol and confirm the action in the pop-up.
    • Cleanup file — click Clean up symbol to clean up all infected files within the account.
    • Restore from quarantine — click Restore from quarantine symbol to restore the fle from the quarantine.
    • Restore original file (before cleanup) — click Restore original symbol to restore the original content removed as infected.
    • Restore from backup — click the Gear symbol and select Try to restore from backup to restore the original file before it got infected if it exists.

To perform a bulk action, tick required files and click the corresponding button above the table.

Click the desired string to display scan type.

To clean up all files of all users, click Clean up all button above the table.

The following filters are available:

  • Timeframe — displays the results filtered by chosen period or date.
  • Status — displays the results filtered by chosen status.
  • Items per page displayed — click the number at the table bottom.

The table can be sorted by detection date (detected), user name, file path (file), reason, and status.

Scan

It is possible to scan a specific directory for malware. Go to Malware Scanner page and choose Scan tab. Then proceed the following steps:

  1. Enter a folder name you need to scan in the Folder to scan field. Start typing with the slash /.

    It is possible to use Advanced Settings:

    • Filename mask. It allows to set file type for scanning (for example, *.php – all the files with extension php). Default setting is * which means all files without restriction.
    • Ignore mask. It allows to set file type to ignore (for example, *.html – will ignore all file with extension html).
    • CPU consumption. Defines the CPU consumption for scanning without decreasing efficiency: * from Low to High.
    • I/O consumption. Defines the I/O consumption for scanning without decreasing efficiency: * from Low to High.
    • Follow symlinks 3.9.0+. Follow all symlinks within the folder to scan.

  1. Click Start.

At the top right corner Malware Scanner progress and status are displayed:

  • Scanner is stopped – means that there is no scanning process running.
  • Scanning…% – means that the scanner is working at the moment. A percentage displays the scanning progress. You can also see the scanning status beneath the Mask or Advanced options.

After Malware Scanner stops on-demand scanning you will see the results in the table below with the following information:

  • Date – the date when the scanning process was started.
  • Path – the name of the folder that was scanned.
  • Total files – the total number of files scanned.
  • Result – the result of scanning.
  • Actions – click icon in this column to perform particular action.

To review and manage malicious files go to the Files tab described below.

History

History tab contains data of all actions for all files. Go to the Imunify360 → History tab. Here, there is a table with a list of files within all domains.

The table has the following columns:

  • Date — action timestamp.
  • Path to File — path to the file starting from the root.
  • Cause — displays the way malicious file was found:
    • Manual — scanning or cleaning was manually processed by a user.
    • On-demand — scanning or cleaning was initiated/made by a user;
    • Real time — scanning or cleaning was automatically processed by the system.
  • Owner — displays a user name of file owner.
  • Initiator — displays the name of a user who was initiated the action. For system actions the name is System.
  • Event — displays the action with the file:
    • Detected as malicious — after scanning the file was detected as infected.
    • Cleaned — the file is cleaned up.
    • Failed to clean up — there was a problem during cleanup. Hover mouse over the info icon to read more.
    • Added to Ignore List — the file was added to the Ignore List. Imunify360 will not scan it but the file is not quarantined.
    • Restored original — file content was restored as not malicious.
    • Cleanup removed content — file contend was removed after cleanup.
    • Deleted from Ignore List — the file was removed from the Ignore List. Imunify360 will scan it.
    • Deleted permanently — the file was deleted.
    • Submitted for analysis — the file was submitted to Imunify360 team for analysis.
    • Quarantined — the file was added to quarantine. It is no longer executable.
    • Restored from quarantine — for now, the file is executable.
    • Failed to delete — there was a problem during removal. Hover mouse over the info icon to read more.
    • Failed to ignore — there was a problem during adding to the Ignore List. Hover mouse over the info icon to read more.
    • Failed to delete from ignore — there was a problem during removal from the Ignore List. Hover mouse over the info icon to read more.

The table can be sorted by Date, Path to File, Cause, and Owner.

Ignore List

Ignore List tab contains the list of files that are excluded from Malware Scanner scanning. Go to the Imunify360 → Malware Scanner → Ignore List tab. Here, there is a table with a list of files within all domains.

The table has the following columns:

  • Added — the date when the file was added to Ignore List.
  • Path — path to the file starting from the root.
  • Actions:
    • Remove from Ignore List — click Bin symbol to remove the file from the Ignore List and start scanning.
    • Add new file or directory — click Plus symbol to add a new file or directory to the Ignore List. In the opened pop-up enter the path to be added and click Add.

Note

Wildcards are not supported when adding paths to the Ignore List. For example, the following paths are not supported:

  • /home/*/mail/
  • /home/user/*.html
  • /home/*

To perform a bulk action, tick required files and click the corresponding button above the table. The following filters are available:

  • Timeframe — displays the results filtered by chosen period or date.
  • Items per page — click the number at the table bottom.

The table can be sorted by Added and Path. By default, it is sorted from newest to oldest.

To search file or folder in the Ignore List use Search input field above the table.

Proactive Defense

Overview

Proactive Defense is a unique Imunify360 feature that can prevent malicious activity through PHP scripts. It is available as a PHP module for Apache and LiteSpeed web servers and analyzes script activity using known patterns like obfuscated command injection, malicious code planting, sending spam, SQL injection etc.

User Interface

Go to Imunify360 → Proactive Defense.

Here you can set a mode, view detected events and perform actions on them.

Mode Settings

The following Proactive Defense modes are available:

  • Disabled — means that Proactive Defense feature is not working and a system is not protected enough (default mode)
  • Log Only — means that possible malicious activity is only logged, no actions are performed
  • Kill Mode — the highest level of protection — the script is terminated as soon as malicious activity is detected

To select a mode, tick the desired checkbox. When an action is completed, you will see a pop-up with the successful mode changing message.

Note

  • Data is logged in all modes except Disabled.
  • A user can disable Proactive Defense anytime. Any mode that is not disabled (for user’s hosting account) by admin can be activated by user.

Detected Events

The Detected Events table displays all the necessary information about PHP scripts with malicious activity detected by Imunify360 Proactive Defense.

You can filter items by time frame in a Timframe dropdown and search a certain entity in a search field. The items in the Detected Events table are displayed per 25 on a page. To change a number of items displayed, click the number at the bottom right corner Items per page and select a desired number in the dropdown. To go to the next or the previous page click >> or << button or click a desired page number. The Detected Events table includes the following columns:

  • Group/individual action checkbox — allows to perform actions on one or several desired entities
  • Detection Date/Time — displays the date and the exact time of event detected. To view the exact time click the clock icon in the desired event line. To order the events from the last to the first or vice versa click the ▲ icon in the Date/Time of detection column header
  • Description — displays a special Proactive Defense rule according to which a suspicious activity was detected
  • Script Path — displays the path to the suspicious script. A number near the path describes how many times this event has repeated
  • Host — displays the host of the script
  • First script call from — displays the IP in which the first call of the script was detected.
    • White color means that this IP is whitelisted
    • Black color means that this IP is blacklisted
    • Gray color means that this IP is graylisted
    • All the others IPs are blue colored
  • Action — displays the current mode
  • Actions — allows to view details and perform actions on the event

Actions

The following actions are available for the detected event:

  • View file content
  • Move IP to the Black List
  • Move file to Ignore List 3.7.0+ (ignore detected rule) — allows a user to exclude a file from Proactive Defense analysis for a particular rule
  • Move file to Ignore List (ignore all rules) 3.7.0+ — allows a user to exclude a file from Proactive Defense analysis for all rules
  • Remove file from Ignore List 3.7.0+ — allows a user to include ignored file to Proactive Defense analysis again.

View file content

This action can be performed in two ways.

The first way

Click the View details icon in the row of the desired event. Here you can see the same information as in the table and plus all environment variables and their values. Then, click View file content button. The file content will be displayed in a new pop-up.

The second way Click Cog icon in the row of the desired event and choose View file content.

The file content will be displayed in a new pop-up. The group action is not available for this action.

Move IP to the Black List

Click View details icon in the row of the desired event. Then, click Block IP button. To move the IP to the Black list click Yes, move to Black list. In the pop-up displayed click Yes, move to black list to complete the action or Cancel to return to the Details window. When a file is added to the Black List, you will see the confirmation pop-up.

Move file to Ignore List (ignore detected rule) 3.7.0+

The first way Click Cog icon in the row of the desired event and choose Ignore detected rule for the file. Click Yes, add to Ignore List in the confirmation pop-up or click Cancel to close pop-up. Now you can see this file on the Ignore List tab.

The second way Click View details icon and then in the file details pop-up click Ignore detected rule for this file. Click Yes, add to Ignore List in the confirmation pop-up or click Cancel to close the pop-up. Now you can see this file on the Ignore List tab.

Move file to Ignore List (ignore all rules) 3.7.0+

The first way Click Cog icon in the row of the desired event and choose Ignore all rules for the file. Click Yes, add to Ignore List in the confirmation pop-up or click Cancel to close pop-up. The file will be moved to Ignore List tab.

The second way Click View details icon and then in the file details pop-up click Ignore all rules for this file. Click Yes, add to Ignore List in the confirmation pop-up or click Cancel to close the pop-up. Now you can see this file on the Ignore List tab.

Remove file from Ignore List 3.7.0+

On the Ignore List tab click Bin icon and confirm the action.

To perform bulk action, tick required checkboxes and click Remove from ignore list at the top of the table, then confirm the action in the pop-up.

Ignore List tab 3.7.0+

Here, there is a table with files with ignored rules. If file is added to Ignore List, Proactive Defense will not analyze scripts activity from this file for all or specified rule.

The Ignore List table includes the following columns:

  • Add Date/Time — displays the date and the exact time of adding a file. To view the exact time click the clock icon in the desired file line. To order the files from the last to the first or vice versa click the ▲ icon in the Add Date/Time column header.
  • Script Path — displays the path to the script.
  • Rules to ignore — displays the pattern to be ignored.
  • Actions — allows to view details and perform actions on the file.

How to test Proactive Defense

  1. Set Proactive Defense to Log only mode (requests will not be blocked) or to Kill mode to kill all requests.
  2. Create a file with the following content:
<?php
/* Imunify360 Proactive Defence test script */

echo "<pre>";
echo "Step 1<br>";

// Decode string with domain: 37kddsserrt.xyz
$url=base64_decode("MzdrZGRzc2VycnQueHl6");

echo "Step 2<br>";
echo "</pre>";

// Try to access a malicious domain
include($url);
die();
?>
  1. Place this file on the server.
  2. Call a test page with the script from the point 2.
  3. If Proactive Defense is disabled, you will see Step 1 and Step 2 strings after calling the script.
  4. If Proactive Defense is enabled and Log only mode is set, you will see Step 1 and Step 2 strings after calling the script and a new event in the Detected Events table.
  5. If Proactive Defense is enabled and Kill mode is set, the test page returns an error.

Reputation Management

Choose Reputation Management in the main menu of the Imunify360 user interface to get to the Reputation Management page.

Reputation Management allows to check if a domain registered on your server is safe or not based on the following reputation engines:

How does it work:

  • We get a list of domains periodically (via crontab)
  • Send it to the central Imunify360 server
  • Get results from it
  • Add bad domains to the list of Reputation Management

If a domain or an IP is blocked, then this information will be available in the table below. If a user’s website appears in this table, then it would be useful to send this link to the user. This instruction can help to solve problems with the domain.

At the top of the page (also in the main menu near Reputation Management item), Imunify360 shows the number of affected domains. This number is a quantity of affected domains that exist on the server.

The table shows:

  • ID – domain owner username
  • URL – the affected domain link
  • Type – read more about types on the link (we still do not support THREAT_TYPE_UNSPECIFIED and POTENTIALLY_HARMFUL_APPLICATION).
  • Detection time – exact time when the Reputation Management has detected the domain

Click link icon in the Action column to copy the URL to the clipboard.

Note

Reputation Management online and browser look may differ. This is because Google Safe Browsing has an issue described on github.

KernelCare Integration

Imunify360 has KernelCare KernelCare integration. To install KernelCare go to the Settings tab and click Install KernelCare.

To observe current KernelCare status in the Imunify360 main menu choose KernelCare tab.

Here you can check:

  • Effective Kernel Version – version of the kernel that KernelCare enable on the server
  • Real Kernel Version – real version of the kernel
  • Update mode – auto updated mode On or Off
  • Uptime – uptime of the kernel in days

To disable auto update mode toggle the Update mode switch to No.

Note

If you have KernelCare license(s) on the same server(s), then cancel this license in CLN because KernelCare will be free for that server. If you do not know how to cancel licenses then follow this link for details.

Note

KernelCare tab can load slowly on highly loaded systems.

Read more about KernelCare on the link.

Settings

Choose Settings in the main menu to get to the Imunify360 settings page. The following tabs are available:

General

Go to Imunify360 → Settings → General. The following sections are available:

Installation

Here you can install and uninstall the following components:

  • HardenedPHP
  • Invisible Captcha
  • KernelCare

HardenedPHP

To install or uninstall HardenedPHP click on a button related. Please find additional information about HardenedPHP in this article. During HardenedPHP installation process the installation log will appear and will update automatically.

Note

HardenedPHP is free on the servers with Imunify360 installed.

Invisible Captcha

Overview

This feature allows to automatically determine if the user is a human. The system falls back to CAPTCHA solving if the algorithm determines that a user may not be a human. It is possible to enable Invisible CAPTCHA feature via Imunify360 user interface (UI) and via command line interface (CLI).

How to install Invisible CAPTCHA

Go to Imunify360 → Settings → General → Installation → Invisible CAPTCHA and click Install Invisible CAPTCHA button. Confirm the installation in the pop-up.

How to check if Invisible CAPTCHA is currently installed

Go to Imunify360 → Settings → General → Installation → Invisible CAPTCHA. The red Remove Invisible CAPTCHA button means that Invisible CAPTCHA is enabled.

How to uninstall Invisible CAPTCHA

Go to Imunify360 → Settings → General → Installation → Invisible CAPTCHA and click Remove Invisible CAPTCHA button. Confirm the action in the pop-up.

KernelCare

To install or uninstall KernelCare click on a button related. Please find additional information about KernelCare here.

Note

KernelCare is free on the servers with Imunify360 installed.

Click Save changes button on the bottom of the section to save changes.

DoS Protection

DoS Protection section allows to enable or disable DoS protection. DoS protection works by counting connections from each remote IP address per local port separately. Tick checkbox Enable Dos Protection. It is possible to configure how Imunify360 will behave:

  • Max Connections– allows to setup the number of simultaneous connections allowed before IP will be blocked. Cannot be set lower than 100.
  • Check delay – allows to setup period in seconds between each DoS detection system activation that will check a server for DoS attack. Also, it is possible to set different limits for different local ports by editing the configuration file directly.

Click Save changes button on the bottom of the section to save changes.

3-rd Party Integration

Tick the Manage CSF Events and Lists checkbox to enable/disable the integration between CSF and Imunify360.

Auto White List

Auto White List section allows to automatically add admin IP to the White List each time when he logs in to hosting panel and enters Imunify360 user interface. In Timeout field enter the number of minutes – the IP will be removed from the white list automatically after this time.

Note

0 means adding IP to the White List permanently.

Click Save changes button on the bottom of the section to save changes.

Incidents Logging

In this section it is possible to control what kind of incidents will be shown on the Incidents page. Move the slider to change your preferences.

There are 15 available levels related to OSSEC and ModSecurity severity levels:

Log level ModSecurity OSSEC
1 7 – DEBUG 01 – None
2 6 – INFO 02 – System low priority notification
3 5 – NOTICE 03 – Successful/Authorized events
4 4 – WARNING 04 – System low priority error
5 4 – WARNING 05 – User generated error
6 3 – ERROR 06 – Low relevance attack
7 3 – ERROR 07 – “Bad word” matching.
8 3 – ERROR 08 – First time seen
9 3 – ERROR 09 – Error from invalid source
10 3 – ERROR 10 – Multiple user generated errors
11 3 – ERROR 11 – Integrity checking warning
12 2 – CRITICAL 12 – High importancy event
13 2 – CRITICAL 13 – Unusual error (high importance)
14 1 – ALERT 14 – High importance security event.
15 0 – EMERGENCY 15 – Severe attack

Autocleanup configuration allows to keep the Incidents page clean by default. The possible settings are as follows:

  • Keep incidents for the last days – set the number of days Imunify360 will keep the incidents
  • Keep maximum incidents count – set maximum quantity of the incidents to keep on the server
  • Auto-refresh time for Incidents page – set Incidents page auto-refresh time in seconds

Click Save changes button on the bottom of the section to save changes.

WebShield

Tick Detect IPs behind CDN checkbox to allow to recognize and block IPs with suspicious activity behind supported CDN providers.

Supported CDN providers:

  • Cloudflare
  • MaxCDN
  • StackPath CDN
  • KeyCDN
  • Dartspeed.com
  • QUIC.cloud CDN

Click Save changes button on the bottom of the section to save changes.

OSSEC

Tick the Active response checkbox to block access to a specific server port being attacked. The purpose of the feature is significantly reducing false positive rate while increasing its capabilities to detect and block aggressive brute force requests.

Click Save changes button on the bottom of the section to save changes.

Error Reporting

Tick Enable Sentry error reporting checkbox to send reports to Imunify360 error reports server.

Click Save changes button on the bottom of the section to save changes.

Contact Details

Note

Imunify360 version 4.1 Beta

Type your email into the Email field to receive email reports about critical issues, security alerts or system misconfigurations detected on your servers.

Note

This email address is used ONLY for receiving server reports.

Click Save changes button at the bottom of the section to save changes.

Malware

Go to Imunify360 | Settings | Malware.

Here you can configure the following:

  • General
  • Background Scanning Beta 4.1+
  • Malware Cleanup 3.7.1+
  • Proactive Defense 4.0+

Note

Read CXS integration documentation carefully to make Malware Scanner work properly if you decided to use the former instead of Imunify360 anti-malware protection.

General

  • Automatically scan all modified files – enables real-time scanning for modified files using inotify library. The Scanner searches for modified files in user’s DocumentRoot directories.

    Note

    It requires inotify to be installed and may put an additional load on a system.

  • Automatically scan any file uploaded using web – enables real-time scanning of all the files that were uploaded via http/https.

    Note

    It requires ModSecurity to be installed.

  • Automatically scan any file uploaded using ftp – enables real-time scanning of all the files that were uploaded via ftp.

    Note

    It requires Pure-FTPd to be used as FTP service.

  • Automatically send suspicious and malicious files for analysis – malicious and suspicious files will be sent to the Imunify360 Team for analysis automatically.
  • Try to restore from backup first – allows to restore file as soon as it was detected as malicious from backup if a clean copy exists. If a clean copy does not exist or it is outdated, default action will be applied. See also CloudLinux Backup.
  • Use backups not older than (days) – allows to set the a maximum age of a clean file.
  • Default action on detect – configure Malware Scanner actions when detecting malicious activity:
    • Delete permanently
    • Quarantine file in place
    • Just display in dashboard

Tick required checkboxes and click Save changes button.

Background Scanning Beta 4.1

Allows to set up automatic, scheduled, background scanning of user accounts.

  • Run scanning — select the desired period:
    • Never
    • Daily
    • Weekly
    • Monthly

Depending on the selected period, precise settings.

  • If Run scanning is set to Daily, choose the exact time at the Run at dropdown.

  • If Run scanning is set to Weekly, choose the day of the week at the Run on dropdown and exact time at the Run at dropdown.

  • If Run scanning is set to Monthly, choose the day of the month at the Day of month to run dropdown and exact time at the Run at dropdown.

You can track the scanning activity at the Malware Scanner tab.

Cleanup3.7.1+

  • Trim file instead of removal — do not remove infected file during cleanup but make the file zero-size (for malwares like web-shells);
  • Keep original files for … days — the original infected file is available for restore within the defined period. Default is 14 days.

Proactive Defense 4.2+

  • Enable Blamer — tick to allow Imunify360 to find a root cause of how infection got injected into the server through PHP. Blamer pinpoints exact URL, PHP script & PHP execution path that allowed a hacker to inject malware onto the server. Imunify360 security team will use that information to prevent future infections from happening.

Click Save changes button at the page bottom to apply all changes.

To reduce the number of blamer events, similar events are combined by default into a single one. In order to disable it, specify filter_messages=off in /usr/share/i360-php-opts/module.ini

Backups

Overview

Imunify360 provides customers with an ability to integrate with backup providers and automatically or manually restore files from their backup if they have become infected. Only administrator can choose backup provider but end user has an ability to backup and restore files within this selected backup provider.

The following integrated with Imunify360 backup providers are available:

  • CloudLinux Backup
  • Hosting panel Backup (cPanel or Plesk)
  • Acronis Backup

Requirements

  • Imunify360 version 2.7.0 and later
  • For Acronis Backup, it is required to have Acronis account
  • For hosting panel backup, it is required to configure backup option by the administrator of the hosting panel

User Interface

This section describes the following:

How to enable backups

To enable backups log in to a hosting panel as administrator, go to Imunify360 plugin and do the following.

  • Go to Imunify360 → Settings → Backups. If the feature is not currently used the Backup and restore is Disabled.
  • To enable it, select backup provider from the dropdown:

CloudLinux Backup

CloudLinux Backup option provides a customer with the most integrated with Imunify360 backup feature. It is powered by the Acronis technology, but you do not need to have an active Acronis account (if you have an existing Acronis account and would like to continue using it, skip to the Acronis Backup section for choosing an Acronis Backup option).

CloudLinux Backup offers 10 GB of free storage space, and you can purchase additional space as needed.

With this backup and restore service, you can restore malicious or suspicious files from the backup if a clean version exists, schedule backups, see total and used storage space, and locate the data storage server. You can learn more about the CloudLinux Backup for Imunify360 here.

To activate CloudLinux Backup, follow the next simple steps:

  • Select CloudLinux Backup in the dropdown
  • Click Connect Backup button
  • You will be redirected to the CloudLinux Network page which opens in a new tab. Please log in with existing CloudLinux Network (CLN) credentials otherwise create a new account.
  • On the purchase page, you can choose and purchase required size of the storage.
  • After successful payment, the installation will be in progress and you will see a Welcome Page with the follow-up instructions.

    Note

    Installation can take up to 10 minutes depending on specific server size. You can use Imunify360 as usual during the installation process. Also, we will send you an email with detailed information to the specified email address.

  • You can see the purchased storage space on the Settings → Backups tab.
  • Imunify360 creates an initial backup of a current server. If all is OK the system returns successful message otherwise, please contact our support team.
  • You can see used and total storage space on the Settings → Backups tab.

Acronis Backup

Choose it if you have Acronis account. So that Imunify360 can use backups to restore malicious or suspicious files from the backup if a clean version exists.

  • Select Acronis Backup from the dropdown
  • Specify Acronis username and password
  • Click Connect Backup button

Imunify360 checks if Acronis agent is already installed. If not, Imunify360 installs it. Then Imunify360 checks, if a backup of entire server exists, if not, Imunify360 creates a backup of a current server. If all is OK the system returns successful message.

cPanel or Plesk Backup

  • Choose cPanel/Plesk backup
  • Select cPanel/Plesk Backup
  • Click Connect Backup button

After successful connection, Imunify360 will return an appropriate message.

How to disable backups

To disable backups do the following:

  • Go to Imunify360 → Settings → Backups
  • Move the slider to Disabled
  • Imunify360 returns confirmation pop-up
  • Click Yes, disable backup to disable backups or click Cancel to close the pop-up.

    Note

    If you use CloudLinux Backup your backup will be still active in CloudLinux Network (CLN). To disable backup totally and terminate billing, please log in to CLN and deactivate CloudLinux Backup manually on the current server.

Manage CloudLinux Backup

Click Manage Backups button. You will be redirected to the Backup Management Console. The console opens in a new tab in the browser. Please go to documentation to find out more information.

Change CloudLinux Backup storage size

Click Resize link. You will be redirected to the CloudLinux Network where you can add or remove storage space.

After successful payment, the backup storage size will be increased. Imunify360 creates an initial backup of a current server if it was not done before or it just increases the storage size. On the Settings → Backups tab you can see the actual and used amount of backup storage in GB. If you get an error message, please follow the instructions in the message or contact our support team .

Schedule CloudLinux Backup

Click Manage Backups button. You will be redirected to the Backup Management Console (read the documentation here ). When a schedule is set it is displayed on the Backups tab.

How to restore file

To restore a file do the following:

  • Go to Imunify360 → Malware Scanner.
  • Find the file to restore in the table and click Cog icon, then click Try to restore clean version from backup.
  • In the pop-up confirm the action by clicking Yes, restore from backup or click Cancel to close the pop-up.

You can configure the automatic restore. Please find more details here.

Disabled Rules

Go to Settings page and choose Disabled rules. This page allows user to manage disabled rules which have already been added.

Note

You can also add a new rule to the Disabled Rules list on Incidents page.

The list of disabled rules contains:

  • Rule ID — ID number of the rule provided by the plugin
  • Plugin — the name of the firewall plugin of the added rule
  • Description — rule description or details of the rule from ModSecurity or OSSEC
  • Domains — the list of the domains for which the rule is disabled (blank field means all domains)

To add a new rule click Add Rule button.

In the pop-up specify the following:

  • Rule ID — ID provided by firewall plugin;
  • Select firewall plugin from the drop-down (ossec for OSSEC, modsec for ModSecurity)
  • Description — rule description or details from ModSecurity or OSSEC
  • Domains — this option is available only for modsec firewall plugin. Specify comma-separated list of domains for which this rule will be disabled. Leave empty to disable for all domains

Click Add Rule to add rule to the list or Cancel to close the pop-up.

To edit the list of domains where the rule should be disabled, click edit icon in the row of the rule and enter domains registered on the server separated by comma.

Note

It is possible to specify domains only for ModSecurity rules. For OSSEC rules it is always applies to all domains.

To remove the rule from disabled list click Enable and confirm action in the pop-up.

Features Management

Overview

Features Management allows hosters to enable/disable Imunify360 features for each customer. On Features Management it is possible to manage Proactive Defense and Malware Cleanup for each customer account. If a feature is enabled for the user in hoster’s account, the user will be able to see and use it in his account.

Note

Default settings in Features Management are inherited by newly created user accounts only.

Note

Features are enabled/disabled account-wide.

Below, there is a table with all users and their domains and features for each user.

  • Name — username or path to a user;
  • Domains — a list of user’s domains;
  • Proactive Defense — a slider to enable/disable the feature for a specific user. Move a slider in feature column to enable/disable that feature for a specific user. After that, this specific feature tab will be displayed/hid in that user’s account.
  • Malware Cleanup — a slider to enable/disable the feature for a specific user. Move a slider in feature column to enable/disable that feature for a specific user. After that, the Cleanup button will be available in the Malicious files list in that user’s account.

Group Action To perform a group action tick the users and move sliders for them.

How to enable/disable Proactive Defense

The Proactive Defense feature is enabled by default account-wide. So, all newly created user accounts will have Proactive Defence tab in their Imunify360 Section.

To disable Proactive Defense account-wide just move the slider to Turned Off. And confirm the action in the popup by clicking Yes, disable Proactive Defense for new users or click Cancel to close the popup.

How to enable/disable Malware Cleanup

The Malware Cleanup feature is enabled by default account-wide. So, all newly created user accounts will have Malware Cleanup feature in their Imunify360.

To disable Malware Cleanup account-wide just move the slider to Turned Off. And confirm the action in the popup by clicking Yes, disable Malware Cleanup for new users or click Cancel to close the popup.

You can perform all these actions via CLI.

Native Feature Management 4.0

Feature Management allows a hoster to enable/disable different Imunify360 features for server users. Using this functionality, hosting companies may resell chosen Imunify360 features as a part of hosting packages to end-users as well as make features available/unavailable for a group of end-users.

WHM/cPanel 4.0

WHM/cPanel Feature Management is now available under WHM/cPanel Package Manager via Package Extension (PE). Using WHM/cPanel Native Feature Management a hoster can enable/disable Malware Scanner and Proactive Defense for all users with the same package (service plan) instantly.

Note

When switched to WHM/cPanel Feature Management, the same functionality will be disabled in the Imunify360 UI. The previous Feature Management config becomes overridden by defaults.

How to switch to WHM/cPanel Feature Management

Go to Imunify360 → Settings → Features Management. You will see the following.

Click Details. You will see the following pop-up.

Click Agree and Switch to confirm the action or click Cancel to close the popup.

Note

Note that current Imunify360 settings will be reset to default values after switching to WHM/cPanel Feature Management mode. You can switch back to in-app Imunify360 Feature Management mode at any time via CLI command. The end-user values will be reset to default values upon any mode switching.

When switched, you will see the following.

How to configure Imunify360 Features using WHM/cPanel Package Extensions

Go to WHM/cPanel → Add a Package → Package Extensions and tick Imunify360 Features (if it’s not selected).

Choose an option for each feature.

Malware Scanner

  • View reports + Cleanup – a user can view scanning reports and cleanup found malware
  • View reports only – a user can view scanning reports but can't cleanup found malware (note that quarantine and file removal functionality is still available in this mode)
  • Not available – the Malware Scanner is not available for a user, and its tab is hidden on the Imunify360 main menu

Note

The last option is available in the WHM/cPanel Package Manager only and is not available via Imunify360 UI or CLI.

Note

When the Malware Scanner is not available for end-user, it doesn't exclude user folders from scanning, so his files will be scanned and the results will be listed in an admin UI as usual.

Proactive Defense

  • Available – the Proactive Defense feature is available for a user
  • Not available – the Proactive Defense is deactivated for a user: the feature does not run and its UI is hidden from the Imunify360 main menu

Click Add to apply changes.

See also: CLI.

Note

Imunify360 4.0 does not support Not Available state for the Malware Scanner in the original in-app Features Management and via CLI. You can disable Malware Scanner for a particular package via WHM Package Manager only.

Attributions

Click Settings and choose Attributions tab to observe a list of IDS install on the server.

  • Name – name of the IDS
  • Version – IDS version
  • License – under which licenses this IDS is working
  • Link – URL to the IDS official page

Country-based white or blacklisting includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Hosting panels specific settings

cPanel

It is possible to enable Service Status checker for Imunify360. Perform the following steps:

  • Go to Service Configuration and choose Service Manager.
  • In Additional Services section tick imunify360-agent and imunify360-captcha checkboxes.
  • Click Save and wait until cPanel enables the Service Status checker for Imunify360.

If succeeded, the status of Imunify360 service will be displayed at Service Status section of Server Status.