Proactive Defense is a unique Imunify360 feature that can prevent malicious activity through PHP scripts. It is available as a PHP module for Apache and LiteSpeed web servers and analyzes script activity using known patterns like obfuscated command injection, malicious code planting, sending spam, SQL injection etc. This feature is available on all shared, cloud web hosting, semi-dedicated, and reseller hosting plans.
To enable Proactive Defense:
- Login to cPanel and use the search to locate the Imunify360 interface. Click the Imunify360 icon.
- From the Imunify360 interface, select the Proactive Defense option from the top menu navigation.
Using Proactive Defense:
- Proactive Defense offers three modes:
Disabled: Proactive Defense will not be used for your account.
Log only: Proactive Defense will detect/identify malicious PHP scripts, code, etc. but it will not take action, only log the events.
Kill Mode: Proactive Defense will immediately kill the PHP script performing malicious activity under your account. Kill Mode also logs events in addition to killing scripts.
- When Kill Mode is enabled, any detected malicious PHP scripts and their actions will be displayed under Detected Events. When an event is detected you will be given Action options on how to handle the Detected Event. Options include:
View file content: View the content (code) of the malicious PHP script
Move IP to the Black List: Block the IP which called the script and prevent it from completing the same request in the future
Move file to Ignore List (ignore detected rule): Allows you to exclude the file from Proactive Defense analysis for a particular rule. Useful in the case of a false-positive detection, or when debugging a detection issue.
Move file to Ignore List (ignore all rules): Allows you to exclude the file from Proactive Defense for all rules
Remove file from Ignore List: Removes the file form your Ignore List and will enable Proactive Defense detection on the file again
Additional reading/details about Proactive Defense can be found on the the Imunify360 Documentation Page