Imunify360: Best Malware Remover And WAF For Linux cPanel WHM Server


It is not easy to secure a server. However, it is possible to secure a server that protects both your data and the data of all customers who are hosted on the server. Hosting providers would require multiple technicians to help customers, diagnose the problem and resolve cybersecurity problems. Imunify360 detects, stops and fixes many common exploits. This saves server administrators both time and money. This article will show you the following:

What is Imunify360 WAF And Malware Scanner?

Imunify360 provides a full-featured, multi-layer security solution for Linux-based servers. It stops most common web attacks against Dedicated And shared hosting servers, web-based applications, and websites that use content management systems (CMS), such as Joomla or WordPress. Server administrators can use Imunify360 to stop brute force attacks, malware uploads and malicious code injection.

Many host servers have a control panel that site owners can access. Imunify360 integrates well with popular programs like cPanel and Plesk. It allows site administrators and site owners to identify possible threats and monitor their servers.

How does Imunify360 make security easy?

Imunify360 was designed with shared hosting in the mind. Engineers built it to prevent attacks automatically to reduce server administrator overhead and make their lives easier. Shared hosts are subject to a lot of cybersecurity attacks, not just on their own servers, but also on all the sites that they host. Hosting providers can find it costly to fix hacked websites. Protecting and monitoring customer websites can be a full-time job. Imunify360 makes it much easier and faster to monitor, stop, and remedy attacks on customer websites. This also allows technical staff to spend their time on other matters.

Imunify360 offers a number of features. We’ll be covering some of them to help you understand the benefits of this application for monitoring server activity.

Imunify360 offers a command-line interface (CLI), which can be accessed from an administrator terminal. It is easy to set up the system or review existing configurations using the CLI. Imunify360 offers many CLI options .

You can view the current configurations of Imunify360, for example, by entering the following command

imunify360-agent config show

This command just shows the current configurations from the /etc/sysconfig/imunify360/imunify360.config file, you can also update configurations using the imunify360-agent config update command. You can view all config files available in the Imunify360 documentation.

Let’s say, for example, you need to change the malware scan intensity setting to prevent CPU spikes. This CLI command would update the configurations of the server.

imunify360-agent config update ‘{“MALWARE_SCAN_INTENSITY”: {“cpu”: 5}}’

Configure Imunify360 to Override

Imunify360 is a great tool for hosting providers who have multiple servers in different locations and data centers. It allows them to easily manage configurations across all servers, or just one segment. Administrators can fine-tune settings and maintain consistency across servers with the overridable configuration feature. Administrators have the option to create a variety of configurations for all servers, or customize each one according to the service it provides, the location or the control panel.

First, create a directory to store custom configuration files. The custom configuration file can be customized with overrides specific to each Imunify360 feature. A configuration file’s name will tell you if it is the base configuration that has been provisioned by an administrator or if it contains individual settings for each server. These are just three examples.

  • imunify360-base.config: This is the file name for Imunify360’s default configurations.
  • imunify360.config.d/50-common.config: A configuration file provisioned to a fleet of servers.
  • imunify360.config.d/90-local.config: An individual server configuration file.

To see each setting’s format, you can view the default configuration file. Here is an example firewall setting that blocks FTP ports 20 and 21:



– ’20’

– ’21’

port_blocking_mode: DENY

These files can be created using the Imunify360 documentation. It also explains the format and how to do it. Make sure you know how Imunify360 merges configurations before you create custom overridable configurations.

Dashboard that Works Straight Out of the Box

Imunify360’s main benefit is its ability to run out-of-the box. Administrators can access the dashboard in the main menu to see the current status of their server. CLN’s central dashboard lets you view all incidents and events that occurred on the server. Administrators have the ability to view anomalies from every site on the server in real time. Administrators can receive updates in real-time so they can respond quickly to malware that could cause server-wide problems and affect other hosted sites.

Integration of the Imunify360 scanner into an in-application dashboard. Administrators can see the results of the scanner if it finds malware. Administrators can see the reports from Imunify360, regardless of whether they have cPanel or Plesk.

Click “Dashboard” within Imunify360 to view the dashboard. Select the filters to drill right down to incidents and notifications that are relevant to specific locations, servers, or sites.

Whitelist, Graylist and Blacklist IP addresses

A brute-force attack is when a threat actor creates scripts that automatically attempt to authenticate accounts. These accounts could be either the server administrator account, or the site administrator account for the hosted CMS like Joomla or WordPress. Imunify360 detects brute force attacks and will stop them. Administrators can also configure detection to allow or block IP addresses.

While dynamic graylists can be used to block brute-force attacks automatically, administrators can manually set up whitelists or blacklists that work with graylists. The server will only allow access to a whitelisted IP address. This is why it is important to choose the IP addresses carefully. No matter if the traffic is legitimate, a blacklisted IP address will be blocked.

Administrators must review whitelisted IP addresses in order to verify that they are on the correct list. To view the IP whitelist, you can use the following command:

imunify360-agent whitelist ip list

The Imunify360 documentation explains how to whitelist or blacklist IP addresses according to IP, country code, domain. The command-line interface (CLI), which allows you to whitelist or blacklist IP addresses, is helpful if you have only a few addresses to add. However, you may have a large list of addresses you wish to whitelist or blacklist. Imunify360 allows you to import from an external text file.

You will need a text file in the following directory to use an external whitelist:


The blacklist directory can be found here:


Security Recommendations and Default Settings

Imunify360 works out of the box. This reduces overhead for administrators and means they don’t have to spend too much time testing it or deploying it. The default settings were optimized to protect cybersecurity and prevent malware from being downloaded.

Imunify360 is a security solution that works out of the box because there are a few defaults that can be turned on by default.

  • A real-time scanner which monitors server activity including HTTP and FTP file uploads
  • RapidScan option
  • Cloud-assisted Scan.
  • Automated malware removal
  • The background scanner is activated and runs each month.
  • WebShield & Blamer are default enabled to protect web applications.

Imunify360 runs in the background, and does not impact performance.

CMS Updates Are No Longer a Concern

Imunify360 is a leader in protecting CMS-based websites such as WordPress. WordPress and other CMS software power a large part of the Internet. This makes it a prime target for attackers. Scripts are used to scan large numbers of websites and find common vulnerabilities, then exploit them in seconds.

WordPress’ core application is generally secure. However, plugins that are added to websites can leave vulnerabilities due to unmaintained or outdated software, poorly coded code, backdoors, and poorly maintained code. There are vulnerabilities in some plugins that have millions of installed sites. If these sites are hosted on your servers it could pose a threat for other customers sites.

Many people who manage their websites on a CMS don’t know how to secure it properly. Imunify360, a fully automated tool that protects CMS-based websites out-of-the box, monitors them and provides security. Administrators can use virtual patching to protect outdated applications and maintain consistency of users’ files after it has been deployed to a server.

Another vulnerability is outdated WordPress sites. Site owners may not realize the dangers of leaving WordPress or its plugins unpatched. Imunify360 addresses this problem by performing a virtual patching, leaving WordPress sites intact, and ensuring that the secure version is always running on all websites.

Patch Management and Updates without Reboots

Administrators of servers know that restarting servers can lead to unplanned downtime. Therefore, maintenance should be planned. Administrators can get Secure Kernel powered KernelCare from Imunify360. This is a patch management tool that updates the Linux kernel and hosts applications without having to reboot the server.

Any affected software, including the Linux operating systems, should be updated when new CVEs become available. Once the vulnerability has become common knowledge, attackers will write scripts to exploit it. Administrators often delay patches until they are tested and deployable at a specific change control date. It opens up the possibility for attackers to exploit known vulnerabilities by delaying patches.

Linux server administrators don’t have to worry about patching and change control anymore thanks to automatic patching. Automatic patching includes updates to the Linux kernel. KernelCare provides a reliable, reboot-free patching solution that ensures customers don’t experience any downtime.

Automate security and updates

The Imunify360 team knows that administrators and server technicians have limited time. However, malware and exploits can be difficult to detect and fix. Imunify360 automates many of the steps involved in scanning for and remediating malware. It uses a threat intelligence approach to assist administrators in proactively stopping attacks.

The PHP Immunity feature can stop any PHP infection. The same exceptional performance could stop any well-known or unknown threat. It stops malicious PHP scripts being executed on the server. This is why many CMS-based websites use it. As the last layer of security, the web application firewall (WAF), and antivirus software act as well.

Imunify360 integrates with the control panel, so there are no additional configuration steps required. It works right out of the box. Administrators don’t have to spend a lot of time configuring Imunify360 once they have installed the default security protection.

Integrating the API allows you to create plugins and tools.

If you want to make backend modules or plugins that integrate with Imunify360, add your code to the backup_backends directory and define functions using the API. You can use the API to create backups and integrate with common control panels, such as DirectAdmin. You can create modules using the Imunify360 API that automate functionality and save administrators time.

Use Immunize Hooks

Hooks, a new feature in Imunify360, give host administrators greater control over how to combats malware. Hooks can be used by web hosts to notify customers when malware is detected on their sites. Instead of manually sending out an email after reviewing the reports, web hosts can use Imunify360 hooks in order to send an email when a malware alert is received.

You can create a custom script in any language that you like (e.g. bash, PHP or Python) to create a hook. You can either register the hook using the command line, or you can set it up via GUI. For a better understanding of hooks, check out our example of a PHP-script that suspends a user from cPanel if more than three files have been infected.

Imunify360 makes it easier for server administrators

Administers can cut down on the time and effort required to conduct malware analysis or cybersecurity checks by using Imunify360 right out of the box.

Imunify360 security suite takes web hosting security to a whole new level. Imunify360 provides a complete security solution that includes all components. This suite keeps your servers running smoothly and safe while you can focus on business tasks. Imunify360 is a combination of Antivirus Linux Server Firewall, WAF and PHP Security Layer. It also includes Domain Reputation,  Firewall, WAF, PHP Security Layer and Patch Management. You can get Get Imunify360 for free for 30 days. You will see results within one week.

Leave a Comment

Your email address will not be published. Required fields are marked *