EspañolEnglish
banner
Antimalware Plugin for WHM

The Antimaware Plugin for cPanel protects your server against attacker scripts.

Common attacker scripts are: c99shell, r57shell, ANIShell, and hundreds more.

When an attacker uploads one of these scripts, he can take control of your server or damage your customer's data.

How does antimalware plugin work?


1. Scanning your whole server

First, AM Plugin will scan your server in order to find all malware installed. The definitions includes ClamAV database and 6.000 aditional malware signatures, including perl files, PHP Shells, PHP uploaders, PHP downloaders, IRC bots and Mass Mailers.

Once your server is scanned, you will have a detailed list of infected files. You will be able to block files, delete files or whitelist a file. Of course, there are false positives too.

Scanning the whole server will not increase the server load in more than 1 or 1.5 units. Scanner is called with nice Linux command.

2. Scanning all changes every night

Every night, AM Plugin will scan the files changed during the last day. This is a small scan and it detects all new malware installed in your server.
The results are mailed to the root administrator.

3. Inspecting uploads

Attackers explodes all new discovered script vulnerabilities.

The AM Plugin inspects all HTTP and FTP uploads in real time. All PHP or PERL scripts will be rejected inmediatly in HTTP uploads. Your customers never upload PHP scripts using HTML forms.

This is the most important feature. If you start with a clean server and keep AM Plugin inspecting HTTP uploads, you will have a minimal chance to be hacked.

Many times, attackers have user and password for Joomla, Wordpress or OsCommerce sites and can use them to upload attacker scripts. Even in those cases, they will not be able to upload their scripts.

4. Blocking generic bad-requests

The AM Plugin includes many Mod Security rules that reject PHP injection, SQL injection, and many known script vulnerabilities. Some of these vulnerabilities are: Timthumb exploit, Joomla password change exploit, OsCommerce upload exploit, and much more.

With AM Plugin, your customers will be safer even if their scripts are unsafe or out of date.

 

Remember, AM Plugin wll help you managing your servers, but it not replace the administrator.

AM Plugin will NOT protect you in the following cases:

  1. Malware uploaded via cPanel File Manager will be detected at the night scan.
  2. If an attacker steals or guess your SSH password.
  3. If your server is already hacked with a rootkit.
  4. If you don't work disabling/deleting the malware found in regular scans.
 

Documents

Últimas Noticias