Tweet
Hello I am testing imunify360 considering to switch/add to csf and cxs It does a great job blocking wp-login brute force attacks and has find some infected very old files that maldet and cxs were not able to detect But there are some issues tested on cpanel cloudlinux server with about 500 small sites , load average 2 to 3 under normal conditions and half of 64GB memory usually free Disabled cxs, fail2ban , deleted all other modsec vendors, installed. Csf remains active 1) With the full set of modsec rules ( 25 rules set) the server load skyrockets from 2-3 to 20 -50 Also the peaks are so robust, between 2-3 top command refresh, the load goes from eg 5 to 40 Observed for many hours hopping that caused from inotify indexing, but the load remained high Uninstalled and installed 3 times, after deleting /etc/ and /var imunify folders in case accidentally misconfiguration caused this behavior, same high load Then i switched to the mini modesc and the load goes to 3-4 , almost normal, maybe 0.5 to 1 more load than usual. Acceptable. I noticed that the full set has 4 extra rulesets Include "/etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/116_Apps_JComponent.conf" Include "/etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/118_Apps_WPPlugin.conf" Include "/etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/119_Apps_WHMCS.conf" Include "/etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/121_Apps_OtherApps.conf" I enabled them one at a time 118_Apps_WPPlugin.conf is causing about 100% more load and 121_Apps_OtherApps.conf is causing 500% to 1000% more load Also, when using the full modsec set, even with this 4 ruleset disabled, the server more load spices and is some how more unpredictable and unstable So the only option for this particular server is to run imunify360 with the mini rule set Maybe this is voodoo related -
, i will continue tests with other servers Forgot to mention that at some point a have upgraded to the roll-out version, same behavior 2) Dashboard Dashboard graphs not working today , i get a red error banner in top right of the dashbord page Error Internal Error And Failed to fetch data. Specify more narrow period or try again later. 3) Proactive Defense When i change mode to Proactive Defense, the new mode is activated only when i manual restart the service systemctl restart imunify360-webshield.service tested with https://docs.imunify360.com/dashboard/#user-interface How to test Proactive Defense 4) Auto white list I dont like the auto white list feature When someone logs in to cpanel , gets whitelisted for some hours Than means, if someone steals a cpanel password, he is free to do anything without firewall block I have changed the AUTO_WHITELIST: timeout: 1440 # set in minutes how long to keep automatically whitelisted IP from 1440 to 1, but users are still white-listed for 3 hours It would be nice to have an option to disable the auto white list feature
, i will continue tests with other servers Forgot to mention that at some point a have upgraded to the roll-out version, same behavior 2) Dashboard Dashboard graphs not working today , i get a red error banner in top right of the dashbord page Error Internal Error And Failed to fetch data. Specify more narrow period or try again later. 3) Proactive Defense When i change mode to Proactive Defense, the new mode is activated only when i manual restart the service systemctl restart imunify360-webshield.service tested with https://docs.imunify360.com/dashboard/#user-interface How to test Proactive Defense 4) Auto white list I dont like the auto white list feature When someone logs in to cpanel , gets whitelisted for some hours Than means, if someone steals a cpanel password, he is free to do anything without firewall block I have changed the AUTO_WHITELIST: timeout: 1440 # set in minutes how long to keep automatically whitelisted IP from 1440 to 1, but users are still white-listed for 3 hours It would be nice to have an option to disable the auto white list feature
Comment