<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">
Oct 5, 2020 9:20:03 AM
Marat Sataev
Marat Sataev
Team Lead / Security Researcher

Proactive Defense. It is time to enable it!

IMUNIFY360_GRAPHIC_01

Frequently during an investigation of malicious activity, we face infections that spread through the attack vector that could not be covered by plain WAF rule. For instance, it is possible when

    • a user uploads the “nulled” theme or plugin from an untrusted source which already has malware and could append injection to the application’s core files after installation, or
    • the attacker gains access to the server with a stolen FTP, SSH, cPanel, WHM password. Read our new article with best practices on how to stay on top of cpanel security.

In order to mitigate the attacks of those types, we rely on the Proactive Defense system.

There are special patterns used in the Proactive Defense system that examine the PHP scripts processing flow and restrict the functionality of malicious functions. Having the protection enabled, you could deny the criminals from exploiting your server even with uploaded shell script/backdoor as their functionality will be limited. The smart internal mechanics are able to identify and block malicious functions at runtime and do not break the execution flow of a valid code.

We continuously monitor the top of infections for further processing. One thing we constantly notice - the difference between protected servers and those who hadn’t enabled Proactive Defense.

Below is the metric that displays a comparison of infection cases per server for protected and unprotected systems. It is displaying the number of malicious drops. The following malicious counted for a clear example:

    • SMW-SA-15618-php.bkdr.fakeplugin.wpvcd-3
    • SMW-SA-13119-mlw.tool.spam.wpvcd-6

protected & not protected

 

Obviously, protected servers are much more resistant against infections with the help of Proactive Defense. It is notable that protected servers still have a low infection background. That is due to various configuration issues and other ways of infection that Proactive Defense was not designed to stop. Proactive Defense is an essential protection layer, and it can’t be ignored by those who care about their own server security.

Following this link, you can find the instructions on how to enable and configure the Proactive Defense system UI: https://docs.imunify360.com/dashboard/#proactive-defense

The Proactive Defense can be enabled using the CLI as well:

imunify360-agent config update '{"PROACTIVE_DEFENCE": {"mode":
"KILL"}}'

To manage the system through the CLI, please review the available commands here: https://docs.imunify360.com/command_line_interface/#command-line-interface-cli

Please feel free to contact support via Zendesk in case of additional questions.

 

Imunify360 is a comprehensive security suite for Linux web-servers. Antivirus firewall, WAF, PHP, Security Layer, Patch Management, Domain Reputation with easy UI and advanced automation. Try free to make your websites and server secure now.

TRY IMUNIFY360 NOW

 

Proactive Defense. It is time to enable it!

Oct 5, 2020 9:20:03 AM
Marat Sataev Marat Sataev
IMUNIFY360_GRAPHIC_01

Frequently during an investigation of malicious activity, we face infections that spread through the attack vector that could not be covered by plain WAF rule. For instance, it is possible when

    • a user uploads the “nulled” theme or plugin from an untrusted source which already has malware and could append injection to the application’s core files after installation, or
    • the attacker gains access to the server with a stolen FTP, SSH, cPanel, WHM password. Read our new article with best practices on how to stay on top of cpanel security.

In order to mitigate the attacks of those types, we rely on the Proactive Defense system.

There are special patterns used in the Proactive Defense system that examine the PHP scripts processing flow and restrict the functionality of malicious functions. Having the protection enabled, you could deny the criminals from exploiting your server even with uploaded shell script/backdoor as their functionality will be limited. The smart internal mechanics are able to identify and block malicious functions at runtime and do not break the execution flow of a valid code.

We continuously monitor the top of infections for further processing. One thing we constantly notice - the difference between protected servers and those who hadn’t enabled Proactive Defense.

Below is the metric that displays a comparison of infection cases per server for protected and unprotected systems. It is displaying the number of malicious drops. The following malicious counted for a clear example:

    • SMW-SA-15618-php.bkdr.fakeplugin.wpvcd-3
    • SMW-SA-13119-mlw.tool.spam.wpvcd-6

protected & not protected

 

Obviously, protected servers are much more resistant against infections with the help of Proactive Defense. It is notable that protected servers still have a low infection background. That is due to various configuration issues and other ways of infection that Proactive Defense was not designed to stop. Proactive Defense is an essential protection layer, and it can’t be ignored by those who care about their own server security.

Following this link, you can find the instructions on how to enable and configure the Proactive Defense system UI: https://docs.imunify360.com/dashboard/#proactive-defense

The Proactive Defense can be enabled using the CLI as well:

imunify360-agent config update '{"PROACTIVE_DEFENCE": {"mode":
"KILL"}}'

To manage the system through the CLI, please review the available commands here: https://docs.imunify360.com/command_line_interface/#command-line-interface-cli

Please feel free to contact support via Zendesk in case of additional questions.

 

Imunify360 is a comprehensive security suite for Linux web-servers. Antivirus firewall, WAF, PHP, Security Layer, Patch Management, Domain Reputation with easy UI and advanced automation. Try free to make your websites and server secure now.

TRY IMUNIFY360 NOW

 
Subscribe to Imunify security Newsletter
aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. Imunify360 and CloudLinux Backup are the registered trademarks of CloudLinux Inc.