Imunify360 Features
RapidScan
RapidScan feature allows you to increase scanning speed by lower system resource usage and gives you an opportunity to scan more frequently, further hardening your systems’ security posture.
RapidScan techniques
- Faster File Integrity Checking. File metadata, such as file hashes, are stored locally. This means that unchanged files don't need to be rescanned.
- Efficient Cloud-assisted Scanning. Imunify360 stores its malicious file hash database in the cloud. We detect malicious files and skip white-listed files. The remaining files are fewer, so the overall scan time is significantly reduced.
- Optimized Malware Signatures. Our malware signature database continually expands to match the variety of malicious software. While the database becomes more accurate and comprehensive, it also becomes larger and more cumbersome to index. We tackle this by actively curating the database and re-evaluating complex signatures, recasting any that affect scanning performance.
What does it mean to you?
When you first enable the RapidScan feature, the first scan will run as before. But subsequent scans will see a speed improvement, anywhere between 5 to 20 times faster. This is the case for both on-demand and scheduled scans, and means you can afford more scans without affecting system performance.
To take advantage of these new improvements, go to your Imunify control panel and enable RapidScan in Settings→Malware Scanner. See details here.
Low Resource Usage mode
This is a special operation mode where Imunify360 consumes less CPU and RAM. It is intended for servers with limited resources.
This mode disables WebShield switching off GrayList and Captcha.
Low Resource Usage mode also enables the Minimized Modsec Ruleset option that disables Imunify WAF rules with a high memory footprint, leaving critical rulesets enabled.
When the Low Resource Usage mode is activated it is reflected on the UI: an Imunify main menu changes color to light green, and an appropriate label appears on the top right.
Exim+Dovecot brute-force attack protection 4.5+ Experimental
TIP
cPanel only, other panels will be added later
Exim+Dovecot brute-force attack protection is an advanced protection against Dovecot brute-force attacks. PAM module protects against IMAP/POP3 brute-force attack and prevents mail account from being compromised via brute-forcing.
How to enable Dovecot
imunify360-pam enable-dovecot
How to disable Dovecot
imunify360-pam disable-dovecot
The options of the pam_imunufy are placed in the file: /etc/pam_imunify/i360.ini
Values
USER_LOCK_TIMEOUT=5 | a period of time during which a user should be blocked (minutes) |
USER_LOCK_ATTEMPTS=10 | a number of attempts after which a user should be blocked |
USER_LOCK_MINUTES=5 | a period of time (minutes) during which violation attempts from a user are counted; all attempts earlier than USER_LOCK_MINUTES are not counted |
USER_IP_LOCK_TIMEOUT=5 | a period of time during which a user + IP should be blocked (minutes) |
USER_IP_LOCK_ATTEMPTS=10 | a number of attempts after which a user + IP should be blocked |
USER_IP_LOCK_MINUTES=5 | a period of time (minutes) during which violation attempts from a user + IP are counted; all attempts earlier than USER_IP_LOCK_MINUTES are not counted |
IP_LOCK_TIMEOUT=5 | a period of time during which an IP should be blocked (minutes) |
IP_LOCK_ATTEMPTS=10 | a number of attempts after which an IP should be blocked |
IP_LOCK_MINUTES=5 | a period of time during which violation attempts from an IP are counted; all attempts earlier than IP_LOCK_MINUTES are not counted |
How it works
During the last XXX_LOCK_MINUTES we count the number of login failures (unsuccessful login attempts). If the number of attempts exceeds the specified threshold XXX_LOCK_ATTEMPTS, the PAM plugin blocks access for XXX_LOCK_TIMEOUT minutes. After that, the counter is reset and the process repeats.
Note that the plugin has three separate counters and a set of settings for USER/IP/USER+IP management regarding brute-force attacks (see the table above).
Notes
- If a user is blocked by
USER_LOCK_ATTEMPTS, then this user will not have access to the server from any IP - If a user is blocked by
USER_IP_LOCK_ATTEMPTS, then this user will not have access to the server from that specific IP - If an IP is blocked by
IP_LOCK_ATTEMPTS, then all users will not have access to the server from that specific blocked IP
