<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

The Imunify360 ‘Blamer’ Brings Smarter Server Security

Nov 11, 2019 1:24:27 PM / by Greg Zemskov

blamer
My team tries hard to make sure Imunify360 keeps your Linux web servers safe from cyber attack. We think Imunify360 gives you the best antivirus and anti-malware protection against infection, and the simplest and quickest way of cleaning it up.

But if you’re fighting a constant battle to keep your web host free of malicious software, maybe it’s time to get smart. Maybe it’s time to activate The Blamer.

The Blamer is part of Imunify360’s Proactive Defense component. It provides our malware analysts with invaluable information about malicious files and where they come from.

Our Web Protection Team use the insights from thousands of such daily reports to fine-tune Imunify360’s WAF rules, malware scanner signatures, and server-side heuristics, so that Imunify360 is always using the latest and most accurate assessment of prevailing cyber threats.

How does The Blamer work?

The Blamer identifies the source of PHP server infections. It does this by determining:

  • the infection vector URL;
  • the infected PHP script;
  • the execution path used by the hacker to infect your system and inject malicious code into your server’s PHP files.

The Imunify Web Protection team receives and processes this information, feeding it into our signature and heuristics databases.

Because the Blamer is part of the Proactive Defense web server module, that means it can parse PHP code and perform execution traces.

Enabling the Blamer lets Proactive Defense check execution paths for dangerous or suspicious patterns.

When a PHP script appears to be doing something nasty, its intended action is logged and its execution is halted. The Blamer records the suspect script’s filename and file attributes, the visitor’s IP address, and a trace log of the sequence leading up to the suspicious commands. All this information is sent to the Imunify cloud server, making Imunify360 smarter, and more effective.

This only happens if the Blamer feature is active. So, I encourage you to let your Imunify360 instance share its knowledge, for the benefit of everyone, not just your own.

How to enable The Blamer

You can enable the Blamer in the GUI, under Settings → Malware scanner

pasted image 0 (1) (1)

Alternatively, you can enable the Blamer with this command.

imunify360-agent config update '{"PROACTIVE_DEFENCE": {"blamer": true}}'

 

If you need to ask anything, get in touch.

 

Topics: Imunify360, Blamer, Advice, ProactiveDefence

Greg Zemskov

Written by Greg Zemskov

Imunify Security, Product Owner

    Subscribe to Email Updates

    Ready to try Imunify?

    30-DAY TRIAL

    Recent Posts