Release Notes: Imunify360 v.5.6
We’re pleased to announce that a new version of Imunify360, version 5.6, is now available. The following features are new in the v5.6 release:
- Anti-bot protection (“Splash screen” challenge)
The Anti-bot WebShield extension stops unwanted content scraping, web spam, and other malicious activity caused by bots. Additionally, the Anti-bot WebShield extension significantly reduces server load by filtering out malicious requests and web attacks. - Ubuntu 20 support
Eventually, Imunify360 will support Ubuntu 20 across all versions, including Plesk, DirectAdmin, and no panel ("stand-alone") installations.
- Acronis Backup tokens auto-renewal
Improved back-up workflow related to Acronis tokens, which makes the process more reliable and fully-automated. - Gradual removal of "Delete" and "Quarantine" actions (stage 2)
The second stage of “Delete” and “Quarantine” default action removal in the Malware Scanner. All stages were announced and explained in our earlier blog. - Cache for RBL checks in PAM
The optimized workflow in the PAM module relates to Real-Time Blacklist queries.
This is what we’ve updated in version 5.6:
Anti-bot protection experimental
Unwanted traffic produced by various bad bots causes excessive CPU load and consumes extra memory. It makes real visitors wait until the server processes the bot's requests.
Starting from version 5.6, Imunify360 distinguishes bots from real visitors using the JavaScript challenge "Splash Screen." Most bots don’t solve the challenge, and their requests will not reach web applications such as WordPress, Drupal, and others. This saves the server’s resources and protects websites from scanners, automated attacks, and web-spammers.
It is worth mentioning that only bad actors will be redirected to the Imunify360 Splash Screen challenge page. Legitimate visitors get original content without any verification page nor any delay. The users forced to the Splash Screen will not see the challenge or CAPTCHA and be redirected to the page with the original content. Cookies and JavaScript support are required in a browser to successfully pass the challenge of Anti-bot protection.
Imunify360 is capable of distinguishing legitimate bots (e.g., Google crawler) and will not block them. Therefore, the “Anti-bot protection” feature will not cause indexing issues.
This is an experimental feature. As always, it will be released in the disabled state.
We’re planning to improve the feature further and add some additional configuration options, including URL exclusion. That would allow whitelisting particular resources where the bot activity is permitted. This feature is scheduled for the next releases.
To enable Anti-bot protection, go to the General tab in the Settings and check the Anti-bot protection checkbox.
You can also enable Anti-bot protection with this CLI command:
# imunify360-agent config update '{"WEBSHIELD": {"splash_screen": true}}'
Ubuntu 20 support
Starting from version 5.6, Imunify360 supports the current version of the Ubuntu operating system. It can be installed in the following environments in just a few clicks:
Ubuntu 20 |
|
Plesk |
|
DirectAdmin |
|
Stand-alone installation |
The Imunify360 installation process remains the same.
Acronis Backup tokens auto-renewal
In the previous versions of Imunify360 working with Acronis Backups, users periodically faced a “401 client error” issue once the token expired. We’ve improved the way how Imunify360 works with Acronis. Now it automatically requests new tokens every time the old one is expired. The Imunfy users don’t need to perform any extra actions manually. All actions to refresh a token are performed transparently in the background.
Gradual removal of "Delete" and "Quarantine" Default Actions (stage 2)
During the last few years, Imunify products utilized several ways of handling malicious files in the Malware Scanner. This gave users an option to choose the method that fits best (Delete permanently, Quarantine file, Cleanup, or Just display in the Dashboard). It’s been a while since we introduced the options. Some of them have become obsolete and outdated (basically, they can cause issues). It was explained in detail in our blog post some time ago.
In fact, the Cleanup option already includes everything needed to make the malware removal process safe and effective. Afterward, websites remain operational, unlike quarantining and deletion of entire partially infected but otherwise legit files. None of the obsolete actions (Delete and Quarantine) can deal with injections, roughly half of all malicious entries found on infected websites, but the Clean-up can.
Version 5.6 introduces the second stage of “Delete” and “Quarantine” Default Action removal. It will switch Delete and Quarantine options to Cleanup forcibly. Note that there is no option to switch back to the obsolete actions.
Note, restoration from the Quarantine is available until the “Quarantine” Default Action is completely removed from the product (v5.8, April 2021). You can still manage files in the quarantine if they were quarantined earlier.
Cache for RBL checks in PAM
Since the PAM feature release, we have received a few reports regarding the server’s excessive network usage caused by the PAM. The source of the issue is DNS queries to Imunify RBL-server-initiated upon every request that PAM handles.
We’ve addressed the issue and changed the workflow. In Imunify360 v5.6, all RBL responses are being cached locally minimizing the network traffic and allowing PAM to process requests much faster. Cache timeout may vary depending on the query types and results from 1 minute up to 1 hour. The fix is enabled from the beginning and does not require any manual setup steps.
Additional information
Imunify360 v5.6 includes 163 tasks and 38 bug fixes.
Improvements
- Improved stability for pam_imunify_daemon. In case it ever falters ftp servers will process with authentication of the clients without stopping the process. (DEF-15946)
- Deobfuscator enhancements (DEF-10585, DEF-14852, DEF-15460, DEF-15539, DEF-15550, DEF-15593, DEF-15608, DEF-15631, DEF-15642, DEF-15706, DEF-15709, DEF-15731, DEF-15760, DEF-15771, DEF-15779, DEF-15894, DEF-15913)
- Malware Scanner detection algorithms improved. Minimized False Positives rate in logs and other threat-less files (DEF-15674)
- Improved cleanup behavior, already cleaned files do not cause an issue (DEF-9160)
- Added “Trust Ezoic's traffic” option (DEF-15896)
To enable it, open /etc/imunify360-webshield/virtserver.conf, find the directive
set $trust_ezoic 0;
replace '0' with '1', save the file and restart WebShield
# service imunify360-webshield restart
Bug Fixes
- Slow malware scanner caused by ignored Rapid Scan config parameter (DEF-16075, DEF-16039, DEF-16041)
- Fix on updating ModSec ruleset on Plesk (DEF-15857)
- Delay on starting imunify360-pam service on a server (DEF-16132)
- Save branding of CAPTCHA page (DEF-15914)
- Inability to access Imunify360 UI through WHM on servers with a large number of users because of a request timeout (DEF-15972)
- Failed to properly parse greylist because of new entry type “gray_splashscreen” (DEF-16012)
- Failed to start Imunify360 after update (DEF-16054)
- Fix for misconfigured WebShield after update on Debian 10 (DEF-16223)
- Fixed turn off Invisible CAPTCHA on update (DEF-16232)
Internal records
Other tasks |
|
DEF-14341 |
Malware ignore patterns moved to /etc/sysconfig/imunify360/malware-filters-admin-conf/processed/ignored/av-admin-paths.txt |
DEF-15189 |
Fix for wrong OSSEC/PAM rules inclusion in rare cases |
DEF-14766 DEF-15119 DEF-15152 DEF-15209 DEF-15260 DEF-15273 DEF-15311 DEF-15327 DEF-15338 DEF-15403 DEF-15422 DEF-15435 DEF-15469 DEF-15589 DEF-15609 |
Deobfuscator enhancement |
DEF-14574 |
Improved cleanup resolves the cleanup failure for files from different scans |
DEF-14910 |
Cron task generation for AppVersionDetector for non-Apache based servers |
DEF-15202 |
Fix for issue with messages processing in the Agent by adding a timeout message processing timeout |
DEF-15212 |
Fix for blank page in the UI |
DEF-15239 |
Enhanced PAM module reporting |
DEF-15320 |
Change default systemd watchdog timeout to 60 sec |
DEF-15423 DEF-15426 DEF-15433 |
Removed leftover cron jobs on uninstall |
DEF-15704 |
Fixed excessive warning message “YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated” |
DEF-15857 |
Do not use "-waf-rule-engine on" when updating ModSecurity ruleset on Plesk |
Stay in touch
Please give our product team feedback on this version 5.6 release, or share your ideas and feature requests via feedback@imunify360.com.
If you encounter any problems with this release, please send a comment or request to our Imunify support team via cloudlinux.zendesk.com.
How to install
To install the new Imunify360 v.5.6, please follow the instructions in the documentation.
How to upgrade
If you want to upgrade to the new Imunify360 version 5.6 right now, you can use the updated script by running the following commands:
wget https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh -O imunify-force-update.sh
bash imunify-force-update.sh
For the regular and safe update to Imunify360 version 5.6 with a gradual rollout.
CentOS/CloudLinux systems:
yum update imunify360-firewall
Ubuntu 16.04, 18.04, and 20.04 systems:
apt-get update
apt-get install --only-upgrade imunify360-firewall
Debian 9 and 10 systems:
apt-get update
apt-get install --only-upgrade imunify360-firewall