<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

Release Notes: Imunify360 v.5.6

IM-major-release

We’re pleased to announce that a new version of Imunify360, version 5.6, is now available. The following features are new in the v5.6 release:

  • Anti-bot protection (“Splash screen” challenge)
    The Anti-bot WebShield extension stops unwanted content scraping, web spam, and other malicious activity caused by bots. Additionally, the Anti-bot WebShield extension significantly reduces server load by filtering out malicious requests and web attacks.

  • Ubuntu 20 support
    Eventually, Imunify360 will support Ubuntu 20 across all versions, including Plesk, DirectAdmin, and no panel ("stand-alone") installations.
  • Acronis Backup tokens auto-renewal
    Improved back-up workflow related to Acronis tokens, which makes the process more reliable and fully-automated.

  • Gradual removal of "Delete" and "Quarantine" actions (stage 2)
    The second stage of “Delete” and “Quarantine” default action removal in the Malware Scanner. All stages were announced and explained in our earlier blog.

  • Cache for RBL checks in PAM
    The optimized workflow in the PAM module relates to Real-Time Blacklist queries.

This is what we’ve updated in version 5.6:

Anti-bot protection experimental

Unwanted traffic produced by various bad bots causes excessive CPU load and consumes extra memory. It makes real visitors wait until the server processes the bot's requests.

Starting from version 5.6, Imunify360 distinguishes bots from real visitors using the JavaScript challenge "Splash Screen." Most bots don’t solve the challenge, and their requests will not reach web applications such as WordPress, Drupal, and others. This saves the server’s resources and protects websites from scanners, automated attacks, and web-spammers.

It is worth mentioning that only bad actors will be redirected to the Imunify360 Splash Screen challenge page. Legitimate visitors get original content without any verification page nor any delay. The users forced to the Splash Screen will not see the challenge or CAPTCHA and be redirected to the page with the original content. Cookies and JavaScript support are required in a browser to successfully pass the challenge of Anti-bot protection.

Imunify360 is capable of distinguishing legitimate bots (e.g., Google crawler) and will not block them. Therefore, the “Anti-bot protection” feature will not cause indexing issues.

This is an experimental feature. As always, it will be released in the disabled state.

We’re planning to improve the feature further and add some additional configuration options, including URL exclusion. That would allow whitelisting particular resources where the bot activity is permitted. This feature is scheduled for the next releases.

To enable Anti-bot protection, go to the General tab in the Settings and check the Anti-bot protection checkbox.

You can also enable Anti-bot protection with this CLI command:

# imunify360-agent config update '{"WEBSHIELD": {"splash_screen": true}}'

Ubuntu 20 support

Starting from version 5.6, Imunify360 supports the current version of the Ubuntu operating system. It can be installed in the following environments in just a few clicks:

 

 

Ubuntu 20

Plesk

DirectAdmin

Stand-alone installation

 

The Imunify360 installation process remains the same.

Acronis Backup tokens auto-renewal

In the previous versions of Imunify360 working with Acronis Backups, users periodically faced a “401 client error” issue once the token expired. We’ve improved the way how Imunify360 works with Acronis. Now it automatically requests new tokens every time the old one is expired. The Imunfy users don’t need to perform any extra actions manually. All actions to refresh a token are performed transparently in the background.

Gradual removal of "Delete" and "Quarantine" Default Actions (stage 2)

During the last few years, Imunify products utilized several ways of handling malicious files in the Malware Scanner. This gave users an option to choose the method that fits best (Delete permanently, Quarantine file, Cleanup, or Just display in the Dashboard). It’s been a while since we introduced the options. Some of them have become obsolete and outdated (basically, they can cause issues). It was explained in detail in our blog post some time ago.

In fact, the Cleanup option already includes everything needed to make the malware removal process safe and effective. Afterward, websites remain operational, unlike quarantining and deletion of entire partially infected but otherwise legit files. None of the obsolete actions (Delete and Quarantine) can deal with injections, roughly half of all malicious entries found on infected websites, but the Clean-up can.

Version 5.6 introduces the second stage of “Delete” and “Quarantine” Default Action removal. It will switch Delete and Quarantine options to Cleanup forcibly. Note that there is no option to switch back to the obsolete actions.

Note, restoration from the Quarantine is available until the “Quarantine” Default Action is completely removed from the product (v5.8, April 2021). You can still manage files in the quarantine if they were quarantined earlier.

Cache for RBL checks in PAM

Since the PAM feature release, we have received a few reports regarding the server’s excessive network usage caused by the PAM. The source of the issue is DNS queries to Imunify RBL-server-initiated upon every request that PAM handles.

We’ve addressed the issue and changed the workflow. In Imunify360 v5.6, all RBL responses are being cached locally minimizing the network traffic and allowing PAM to process requests much faster. Cache timeout may vary depending on the query types and results from 1 minute up to 1 hour. The fix is enabled from the beginning and does not require any manual setup steps.

Additional information

Imunify360 v5.6 includes 163 tasks and 38 bug fixes.

Improvements

  • Improved stability for pam_imunify_daemon. In case it ever falters ftp servers will process with authentication of the clients without stopping the process. (DEF-15946)
  • Deobfuscator enhancements (DEF-10585, DEF-14852, DEF-15460, DEF-15539, DEF-15550, DEF-15593, DEF-15608, DEF-15631, DEF-15642, DEF-15706, DEF-15709, DEF-15731, DEF-15760, DEF-15771, DEF-15779, DEF-15894, DEF-15913)
  • Malware Scanner detection algorithms improved. Minimized False Positives rate in logs and other threat-less files (DEF-15674)
  • Improved cleanup behavior, already cleaned files do not cause an issue (DEF-9160)
  • Added “Trust Ezoic's traffic” option (DEF-15896)
    To enable it, open /etc/imunify360-webshield/virtserver.conf, find the directive

         set $trust_ezoic 0;

    replace '0' with '1', save the file and restart WebShield

         # service imunify360-webshield restart

Bug Fixes

  • Slow malware scanner caused by ignored Rapid Scan config parameter (DEF-16075, DEF-16039, DEF-16041)
  • Fix on updating ModSec ruleset on Plesk (DEF-15857)
  • Delay on starting imunify360-pam service on a server (DEF-16132)
  • Save branding of CAPTCHA page (DEF-15914)
  • Inability to access Imunify360 UI through WHM on servers with a large number of users because of a request timeout (DEF-15972)
  • Failed to properly parse greylist because of new entry type “gray_splashscreen” (DEF-16012)
  • Failed to start Imunify360 after update (DEF-16054)
  • Fix for misconfigured WebShield after update on Debian 10 (DEF-16223)
  • Fixed turn off Invisible CAPTCHA on update (DEF-16232)

Internal records

 

Other tasks

DEF-14341

Malware ignore patterns moved to /etc/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin-paths.txt

DEF-15189

Fix for wrong OSSEC/PAM rules inclusion in rare cases

DEF-14766
DEF-15083

DEF-15119

DEF-15152

DEF-15209

DEF-15260

DEF-15273

DEF-15311

DEF-15327

DEF-15338
DEF-15350
DEF-15356

DEF-15403

DEF-15422

DEF-15435

DEF-15469

DEF-15589

DEF-15609

Deobfuscator enhancement

DEF-14574

Improved cleanup resolves the cleanup failure for files from different scans

DEF-14910

Cron task generation for AppVersionDetector for non-Apache based servers

DEF-15202

Fix for issue with messages processing in the Agent by adding a timeout message processing timeout

DEF-15212

Fix for blank page in the UI

DEF-15239

Enhanced PAM module reporting

DEF-15320

Change default systemd watchdog timeout to 60 sec

DEF-15423

DEF-15426

DEF-15433

Removed leftover cron jobs on uninstall

DEF-15704

Fixed excessive warning message “YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated”

DEF-15857

Do not use "-waf-rule-engine on" when updating ModSecurity ruleset on Plesk

Stay in touch

Please give our product team feedback on this version 5.6 release, or share your ideas and feature requests via feedback@imunify360.com.

If you encounter any problems with this release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new Imunify360 v.5.6, please follow the instructions in the documentation.

How to upgrade

If you want to upgrade to the new Imunify360 version 5.6 right now, you can use the updated script by running the following commands:

wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh -O imunify-force-update.sh
bash imunify-force-update.sh

For the regular and safe update to Imunify360 version 5.6 with a gradual rollout.

CentOS/CloudLinux systems:

yum update imunify360-firewall

Ubuntu 16.04, 18.04, and 20.04 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall

Debian 9 and 10 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall

Release Notes: Imunify360 v.5.6

IM-major-release

We’re pleased to announce that a new version of Imunify360, version 5.6, is now available. The following features are new in the v5.6 release:

  • Anti-bot protection (“Splash screen” challenge)
    The Anti-bot WebShield extension stops unwanted content scraping, web spam, and other malicious activity caused by bots. Additionally, the Anti-bot WebShield extension significantly reduces server load by filtering out malicious requests and web attacks.

  • Ubuntu 20 support
    Eventually, Imunify360 will support Ubuntu 20 across all versions, including Plesk, DirectAdmin, and no panel ("stand-alone") installations.
  • Acronis Backup tokens auto-renewal
    Improved back-up workflow related to Acronis tokens, which makes the process more reliable and fully-automated.

  • Gradual removal of "Delete" and "Quarantine" actions (stage 2)
    The second stage of “Delete” and “Quarantine” default action removal in the Malware Scanner. All stages were announced and explained in our earlier blog.

  • Cache for RBL checks in PAM
    The optimized workflow in the PAM module relates to Real-Time Blacklist queries.

This is what we’ve updated in version 5.6:

Anti-bot protection experimental

Unwanted traffic produced by various bad bots causes excessive CPU load and consumes extra memory. It makes real visitors wait until the server processes the bot's requests.

Starting from version 5.6, Imunify360 distinguishes bots from real visitors using the JavaScript challenge "Splash Screen." Most bots don’t solve the challenge, and their requests will not reach web applications such as WordPress, Drupal, and others. This saves the server’s resources and protects websites from scanners, automated attacks, and web-spammers.

It is worth mentioning that only bad actors will be redirected to the Imunify360 Splash Screen challenge page. Legitimate visitors get original content without any verification page nor any delay. The users forced to the Splash Screen will not see the challenge or CAPTCHA and be redirected to the page with the original content. Cookies and JavaScript support are required in a browser to successfully pass the challenge of Anti-bot protection.

Imunify360 is capable of distinguishing legitimate bots (e.g., Google crawler) and will not block them. Therefore, the “Anti-bot protection” feature will not cause indexing issues.

This is an experimental feature. As always, it will be released in the disabled state.

We’re planning to improve the feature further and add some additional configuration options, including URL exclusion. That would allow whitelisting particular resources where the bot activity is permitted. This feature is scheduled for the next releases.

To enable Anti-bot protection, go to the General tab in the Settings and check the Anti-bot protection checkbox.

You can also enable Anti-bot protection with this CLI command:

# imunify360-agent config update '{"WEBSHIELD": {"splash_screen": true}}'

Ubuntu 20 support

Starting from version 5.6, Imunify360 supports the current version of the Ubuntu operating system. It can be installed in the following environments in just a few clicks:

 

 

Ubuntu 20

Plesk

DirectAdmin

Stand-alone installation

 

The Imunify360 installation process remains the same.

Acronis Backup tokens auto-renewal

In the previous versions of Imunify360 working with Acronis Backups, users periodically faced a “401 client error” issue once the token expired. We’ve improved the way how Imunify360 works with Acronis. Now it automatically requests new tokens every time the old one is expired. The Imunfy users don’t need to perform any extra actions manually. All actions to refresh a token are performed transparently in the background.

Gradual removal of "Delete" and "Quarantine" Default Actions (stage 2)

During the last few years, Imunify products utilized several ways of handling malicious files in the Malware Scanner. This gave users an option to choose the method that fits best (Delete permanently, Quarantine file, Cleanup, or Just display in the Dashboard). It’s been a while since we introduced the options. Some of them have become obsolete and outdated (basically, they can cause issues). It was explained in detail in our blog post some time ago.

In fact, the Cleanup option already includes everything needed to make the malware removal process safe and effective. Afterward, websites remain operational, unlike quarantining and deletion of entire partially infected but otherwise legit files. None of the obsolete actions (Delete and Quarantine) can deal with injections, roughly half of all malicious entries found on infected websites, but the Clean-up can.

Version 5.6 introduces the second stage of “Delete” and “Quarantine” Default Action removal. It will switch Delete and Quarantine options to Cleanup forcibly. Note that there is no option to switch back to the obsolete actions.

Note, restoration from the Quarantine is available until the “Quarantine” Default Action is completely removed from the product (v5.8, April 2021). You can still manage files in the quarantine if they were quarantined earlier.

Cache for RBL checks in PAM

Since the PAM feature release, we have received a few reports regarding the server’s excessive network usage caused by the PAM. The source of the issue is DNS queries to Imunify RBL-server-initiated upon every request that PAM handles.

We’ve addressed the issue and changed the workflow. In Imunify360 v5.6, all RBL responses are being cached locally minimizing the network traffic and allowing PAM to process requests much faster. Cache timeout may vary depending on the query types and results from 1 minute up to 1 hour. The fix is enabled from the beginning and does not require any manual setup steps.

Additional information

Imunify360 v5.6 includes 163 tasks and 38 bug fixes.

Improvements

  • Improved stability for pam_imunify_daemon. In case it ever falters ftp servers will process with authentication of the clients without stopping the process. (DEF-15946)
  • Deobfuscator enhancements (DEF-10585, DEF-14852, DEF-15460, DEF-15539, DEF-15550, DEF-15593, DEF-15608, DEF-15631, DEF-15642, DEF-15706, DEF-15709, DEF-15731, DEF-15760, DEF-15771, DEF-15779, DEF-15894, DEF-15913)
  • Malware Scanner detection algorithms improved. Minimized False Positives rate in logs and other threat-less files (DEF-15674)
  • Improved cleanup behavior, already cleaned files do not cause an issue (DEF-9160)
  • Added “Trust Ezoic's traffic” option (DEF-15896)
    To enable it, open /etc/imunify360-webshield/virtserver.conf, find the directive

         set $trust_ezoic 0;

    replace '0' with '1', save the file and restart WebShield

         # service imunify360-webshield restart

Bug Fixes

  • Slow malware scanner caused by ignored Rapid Scan config parameter (DEF-16075, DEF-16039, DEF-16041)
  • Fix on updating ModSec ruleset on Plesk (DEF-15857)
  • Delay on starting imunify360-pam service on a server (DEF-16132)
  • Save branding of CAPTCHA page (DEF-15914)
  • Inability to access Imunify360 UI through WHM on servers with a large number of users because of a request timeout (DEF-15972)
  • Failed to properly parse greylist because of new entry type “gray_splashscreen” (DEF-16012)
  • Failed to start Imunify360 after update (DEF-16054)
  • Fix for misconfigured WebShield after update on Debian 10 (DEF-16223)
  • Fixed turn off Invisible CAPTCHA on update (DEF-16232)

Internal records

 

Other tasks

DEF-14341

Malware ignore patterns moved to /etc/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin-paths.txt

DEF-15189

Fix for wrong OSSEC/PAM rules inclusion in rare cases

DEF-14766
DEF-15083

DEF-15119

DEF-15152

DEF-15209

DEF-15260

DEF-15273

DEF-15311

DEF-15327

DEF-15338
DEF-15350
DEF-15356

DEF-15403

DEF-15422

DEF-15435

DEF-15469

DEF-15589

DEF-15609

Deobfuscator enhancement

DEF-14574

Improved cleanup resolves the cleanup failure for files from different scans

DEF-14910

Cron task generation for AppVersionDetector for non-Apache based servers

DEF-15202

Fix for issue with messages processing in the Agent by adding a timeout message processing timeout

DEF-15212

Fix for blank page in the UI

DEF-15239

Enhanced PAM module reporting

DEF-15320

Change default systemd watchdog timeout to 60 sec

DEF-15423

DEF-15426

DEF-15433

Removed leftover cron jobs on uninstall

DEF-15704

Fixed excessive warning message “YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated”

DEF-15857

Do not use "-waf-rule-engine on" when updating ModSecurity ruleset on Plesk

Stay in touch

Please give our product team feedback on this version 5.6 release, or share your ideas and feature requests via feedback@imunify360.com.

If you encounter any problems with this release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.

How to install

To install the new Imunify360 v.5.6, please follow the instructions in the documentation.

How to upgrade

If you want to upgrade to the new Imunify360 version 5.6 right now, you can use the updated script by running the following commands:

wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh -O imunify-force-update.sh
bash imunify-force-update.sh

For the regular and safe update to Imunify360 version 5.6 with a gradual rollout.

CentOS/CloudLinux systems:

yum update imunify360-firewall

Ubuntu 16.04, 18.04, and 20.04 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall

Debian 9 and 10 systems:

apt-get update
apt-get install --only-upgrade imunify360-firewall
Subscribe to Imunify security Newsletter