Pyxsoft Web Malware Protection · cPanel servers
Find the web shells and backdoors hiding in your customers' sites.
Real-time detection for the malicious uploads, injected code and web shells that land on cPanel sites — caught the moment they hit disk, quarantined before they spread. From US$9/server/month.
The detection engine
Catches what lands on every site you host.
Files are scanned the moment they hit disk — uploads from FTP, web forms, scripts, and archive extraction — then quarantined, reported, or deleted per your policy.
Instant Scanner
- Real-time monitoring via the Linux kernel filesystem watcher
- Files scanned the moment they are created or modified
- Auto-quarantine, delete, or report — configurable per threat type
- Catches uploads from FTP, web forms, scripts, and archive extraction
Anti-evasion engine
Advanced Code Analysis Engine
- Heuristic detection of obfuscated and packed PHP shells
- Identifies threats not yet present in the signature database
- Pattern recognition + behavioral analysis (Deep Scan)
- Closes the gap that signature-only scanners leave open
4M+ malware signatures
- Continuous signature updates pushed automatically
- Detects web shells, backdoors, injected code and known-bad files
- Compressed-file scanning — extracted contents inspected on the fly
- First-scan-on-install runs across every public_html on the server
Global Scanner
- Scheduled server-wide scans — pick days and time of day
- Three CPU modes (Normal / Low / Lowest) for shared hosting workloads
- Per-finding actions: report, quarantine, or delete
- Tuned to coexist with cPanel — system folders excluded by default
Quarantine system
- Detected files are isolated in a secure server location
- Review and restore wrongly-flagged files in one click
- Permanent delete is available but never automatic by default
- No risk of losing legitimate customer data while you investigate
Symlink protection
- Removes symlinks pointing to system folders (e.g. /etc, /bin)
- Blocks symlinks targeting other users' home directories
- Cleans up broken symlinks attackers leave behind
- Stops a common privilege-escalation and cross-account leak vector
Built for shared hosting
- Tuned for low CPU and RAM footprint
- cPanel system directories excluded automatically
- Resume support so reboots don't restart full scans from scratch
- Won't interfere with backups, mail spool, or virtfs
Daily reports & stats
- Per-server scan results surfaced in WHM
- Per-account breakdown so you know which client is hot
- Daily attack and infection counters for trend analysis
- Useful evidence to share with end customers when needed
What it catches
Web-layer threats across signature, heuristic, and behavioral analysis.
- PHP web shells
- Backdoors
- Injected & obfuscated PHP
- Malicious uploads
- Defacement scripts
- SEO spam / pharma hacks
- Compromised CMS & plugins
- Server-side cryptominers
- Malicious symlinks
Install
One curl line. First scan runs automatically.
SSH into your cPanel server as root, paste the command, and the installer detects your OS and runs the first server-wide scan on its own. 7-day free trial, no credit card.
curl -s https://www.pyxsoft.com/install-cpanel | bashSimple per-server pricing
Pyxsoft Web Malware Protection — US$9 per server.
Flat per-server price, unlimited sites and users. No DNS changes, no per-domain fees — everything runs on your own server.
US$9
per server / month
30s
from one curl line to a protected server
∞
sites and users — no per-domain fees
Frequently asked
About Pyxsoft Web Malware Protection.
It's website malware detection for servers you operate, not an endpoint antivirus. It looks for web shells, backdoors and injected code in the sites on your cPanel server — the things that get a shared IP blacklisted or a customer's site defaced — not viruses on end-user devices. It's the detection companion to the pxShield WAF.
Most cPanel scanners are signature-only. Pyxsoft pairs 4M+ signatures with an Advanced Code Analysis Engine that catches the obfuscated and packed PHP shells signature scanners miss — and the real-time filesystem watcher catches files the moment they hit disk, not on the next scheduled sweep.
No. The Global Scanner runs on a schedule you pick, with three CPU modes (Normal / Low / Lowest) for shared-hosting workloads. cPanel system directories are excluded automatically and scans resume after reboots instead of restarting from scratch.
By default they're isolated in a secure quarantine — never deleted automatically. You review and restore wrongly-flagged files in one click, or permanently delete when you're sure. No risk of losing legitimate customer data while you investigate.
No — Web Malware Protection and Pyxsoft pxShield (the WAF) are separate products with separate pricing. Run one, or run both on the same server. Most hosting providers run both: pxShield prevents attacks in real time, this finds anything that still lands.
If you don't activate a license, Pyxsoft stops new protection but leaves your server in the state it found it — no config rewrites. Uninstall is one command. Activate any time to resume without reinstalling.
Free, separate product
See Pyxsoft FirewallNeed a firewall too? Pyxsoft Firewall is free.
A modern WHM-native firewall built for nftables (with iptables compatibility). Open/close ports, manage IP allow/deny, and a built-in login-failure guard — no charge, no license, ships alongside the rest of the stack.
Find the malware your scanner misses — on your next server.
7-day free trial. No credit card. Install in one curl line. Uninstall in one command.
curl -s https://www.pyxsoft.com/install-cpanel | bashcPanel/WHM on AlmaLinux · CloudLinux · Rocky Linux · RHEL · CentOS — versions 7, 8, 9 and 10.