Announcement

Collapse
No announcement yet.

Proactive Defense on Plesk

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Proactive Defense on Plesk

    Hello there,

    Ive installed Imunify360 on Plesk (CentOS). Set Proactive Defense mode to Kill Mode but it seems that proactive defense is not working. To test it, Ive made a PHP file with the following content:

    Code:
    <?php system(wget -V);?>
    and run it. It ran without a problem for a while (actually Ive disabled system function in PHP so it shows only a white screen). Theres not any logs in Proactive Defense page. But after some retries (a few minutes later) the file will be quarantines I guess via Imunify360 Malware Scanner and inotify (Permissions will set to 000).

    Ive checked to see if i360 extension is installed on all PHP versions by running the following command for each PHP handler:

    Code:
    /opt/plesk/php/{PHP Version}/bin/php -m
    and in all of them, I see i360 as an active module. Any help how can I make proactive defense to work and stop shell and malwares immediately before they are detected by Malware Detector?

    Thanks
    Iman
    Hostking | Since 2013 | Web Hosting | WordPress Web Hosting
    Tags: None
  • #2
    Hello Greg,

    Thank you for your reply. actually I wanted to submit a ticket at first but since I didnt find many resources regarding issues with Imunify360 on internet, I decided to ask for help here to let other users who have similar problems, find a solution for their problems faster.

    The answer to your question is Yes, as I said before, the extension is active in PHP. In phpinfo, I have /opt/plesk/php/5.6/etc/php.d/i360.ini and in i360 section I have this one:

    Code:
    i360 state	activated

i360 action	enabled

i360 path to log data	sock:/var/run/imunify360_user/proactive.sock

i360 log type	2

i360 list of functions	base64_decode,str_rot13,str_replace,gzinflate,pcntl_exec,symlink,socket_connect,register_shutdown_function,register_tick_function,mail,fopen,fwrite,file_get_contents,file_put_contents,include,include_once,require,require_once,curl_init,mysql_query,assert,exec,passthru,gzdeflate,system,shell_exec,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,eval,rawurldecode,preg_replace,trim

i360 send on shtdwn	0

i360 danger func	danger: file_put_contents,curl_exec,fopen,fwrite,symlink,socket_connect,exec,system,passthru,shell_exec,proc_open,popen,eval
    But for a reason its not working. When I upload a PHP shell file or something that contains PHP system function, the file could be loaded without any problems for a few minutes but after a few minutes, its permissions will change to 000 and it seems that the file is quarantined with Imunify360 Malware detector not Proactive Defense system.

    I believe that if Proactive Defense was working fine, the attack should be stopped immediately. Anything else that I need to check?

    Thank you.

    Comment

    • #3
      Hello Greg,

      Thank you. Ive opened a ticket. Ill update it here if the reason was something that could be common issue.

      Cheers,
      Iman

      Comment

      • #4
        Good to hear that Dev team is working on it. Sure Im up for Beta programs. Is there any specific way to turn on Beta mode in Plesk or should I enable it by reinstalling Imunify360 from CentOS cli?

        Thanks,
        Iman

        Comment

        • #5
          Hello Greg,

          It seems that this issue is fixed in Imunify360 v3.8.6 which was released today.

          Thank you.
          Iman

          Comment

          Previous template Next
          Working...
          X