Imunify360 is the security solution for Linux web servers based on machine learning technology which utilizes a multi-layer approach to provide total protection against any type of malicious attacks or abnormal behaviour, including distributed brute force attacks.

Please note, that the default functionality of Imunify360 is configured to protect you, and your clients by default and has the industries lowest false-positive rates. As such, the settings of Imunify360 do not need to be changed, and some of which, may be locked to prevent changes to ensure our shared environments remain secure. 

Imunify360 provides:

  • Advanced firewall with cloud heuristics and artificial intelligence for detecting new threats and protecting all servers that run the software - Capable of defending against brute force attacks, DoS attacks, and port scans.
  • Intrusion Detection and Protection System - Comprehensive collection of “deny” policy rules for blocking all known attacks.
  • Malware Scanning - Automatic scanning file systems for malware injection and cleaning up infected files.
  • Patch Management - reboot-less Secure Kernel powered by KernelCare keeps the server secure by automatically patching kernels without rebooting the server.
  • Website Reputation Monitoring - Analyzing if a website or IPs are blocked by any blacklists and notifying if they are.
  • Proactive Defense - Proactive Defense protects websites running PHP against zero-day attacks by blocking potentially malicious executions automatically and with zero latency.

Suppose a user violates the security rules (trying to enter a wrong password, etc.). In that case, Imunify360 will automatically block access to this user’s IP address, adding the IP address to the Gray List.

  • Gray List – an auto-generated list of all the IPs the security software blocks, based on Sensors alerts and alerts from the central server.

Imunify360 is available via accessing your cPanel under the Security tab:


From there, you will be greeted with the empty result menu, which is expected since no scans have run yet, as you can see below:


Imunify360 Malware Scanner

Malware scanning allows you to:

  • Observe scanner activity
  • Start on-demand
  • file scanner
  • Manage malicious and cleaned-up files
  • Manage Ignore List.

From the button Start scanning, you can prompt a user to scan after a short confirmation:


A scan will be scheduled. We advise you to wait for the scan to complete before making any changes to the files within your cPanel.

After the scan is complete, you will be prompted with either a malware-free cPanel:
41edf2a6a25a43ff7d04254fb27ec2dc371b145421b35593542493cd36355c03c59030c5b0092fef?t=c125a198c381e66611cb2b4ded15b316 Or the system will detect a present malware. Here is a table with a list of infected files within all domains.

The table has the following columns:

  • Scan date — Displays when a file was detected as malicious.
  • File — The path where the file is located starting with root.
  • Reason — Describes the signature which was detected during the scanning process.
  • Status — Displays the file status:
    • Infected — Threat was detected after scanning. If a file was not cleaned after cleanup, the info icon is displayed. Hover mouse over the info icon to display the reason.
    • Cleaned — Infected file is cleaned up.
    • Content removed — A file content was removed after cleanup.
    • Cleanup in progress — Infected file cleanup is in progress now.
  • Actions
    • View file — Click the View File symbol - in the file line, and the file content will be displayed in the pop-up. Only the first 100Kb of the file content will be shown if a file is bigger.
    • Restore the original file (before cleanup) — Click the Restore Original symbol to restore the original content removed as infected.
    • Add to Ignore List — Add the file to the Ignore List and remove it from the Malicious files list. If a file is added to the Ignore List, Imunify360 will no longer scan this file. 

Imunify360 Proactive Defense

Moving on to the next tab, Proactive Defense, a unique Imunify360 feature that can prevent malicious activity through PHP scripts. It is available as a PHP module for Apache and LiteSpeed web servers. It analyzes script activity using known patterns like obfuscated command injection, malicious code planting, sending spam, SQL injection, etc.

The following Proactive Defense modes are available:

  • Disabled — This means that the Proactive Defense feature is not working, and the system is not protected enough.
  • Log Only — This means that possible malicious activity is only logged, and no actions are performed (default mode).
  • Kill Mode — The highest level of protection — the script is terminated when the malicious activity is detected.

To select a mode, you must contact our technical support department, which is 24/7 available, and will be more than happy to assist you!

The Detected Events table includes the following columns:

  • Group/individual action checkbox — Allows performing actions on one or several desired entities.
  • Detection Date/Time — Displays the date and time of the event detected. Click the clock icon in the desired event line to view the exact time. To order the events from the last to the first or vice versa, click the ▲ icon in the Date/Time of detection column header.
  • Description — Displays a special Proactive Defense rule according to which a suspicious activity was detected.
  • Script Path — Displays the path to the suspicious script. A number near the path describes how often this event has been repeated.
  • Host — Displays the host of the script.
  • First script call from — Displays the IP in which the first call of the script was detected.
    • White colour means that this IP is whitelisted;
    • Black colour means that this IP is blacklisted;
    • The gray colour means that this IP is graylisted;
    • All the other IPs are blue-coloured.
  • Action — Displays the current mode.

Imunify360 is part of every shared hosting plan and is included for no extra cost for you to use.