Hello Greg,
It seems that this issue is fixed in Imunify360 v3.8.6 which was released today.
Thank you.
Iman
-
Good to hear that Dev team is working on it. Sure Im up for Beta programs. Is there any specific way to turn on Beta mode in Plesk or should I enable it by reinstalling Imunify360 from CentOS cli?
Thanks,
ImanLeave a comment:
-
Hello Greg,
Thank you. Ive opened a ticket. Ill update it here if the reason was something that could be common issue.
Cheers,
ImanLeave a comment:
-
Hello Greg,
Thank you for your reply. actually I wanted to submit a ticket at first but since I didnt find many resources regarding issues with Imunify360 on internet, I decided to ask for help here to let other users who have similar problems, find a solution for their problems faster.
The answer to your question is Yes, as I said before, the extension is active in PHP. In phpinfo, I have /opt/plesk/php/5.6/etc/php.d/i360.ini and in i360 section I have this one:
But for a reason its not working. When I upload a PHP shell file or something that contains PHP system function, the file could be loaded without any problems for a few minutes but after a few minutes, its permissions will change to 000 and it seems that the file is quarantined with Imunify360 Malware detector not Proactive Defense system.Code:i360 state activated i360 action enabled i360 path to log data sock:/var/run/imunify360_user/proactive.sock i360 log type 2 i360 list of functions base64_decode,str_rot13,str_replace,gzinflate,pcntl_exec,symlink,socket_connect,register_shutdown_function,register_tick_function,mail,fopen,fwrite,file_get_contents,file_put_contents,include,include_once,require,require_once,curl_init,mysql_query,assert,exec,passthru,gzdeflate,system,shell_exec,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,eval,rawurldecode,preg_replace,trim i360 send on shtdwn 0 i360 danger func danger: file_put_contents,curl_exec,fopen,fwrite,symlink,socket_connect,exec,system,passthru,shell_exec,proc_open,popen,eval
I believe that if Proactive Defense was working fine, the attack should be stopped immediately. Anything else that I need to check?
Thank you.Leave a comment:
-
Proactive Defense on Plesk
Hello there,
Ive installed Imunify360 on Plesk (CentOS). Set Proactive Defense mode to Kill Mode but it seems that proactive defense is not working. To test it, Ive made a PHP file with the following content:
and run it. It ran without a problem for a while (actually Ive disabled system function in PHP so it shows only a white screen). Theres not any logs in Proactive Defense page. But after some retries (a few minutes later) the file will be quarantines I guess via Imunify360 Malware Scanner and inotify (Permissions will set to 000).Code:<?php system(wget -V);?>
Ive checked to see if i360 extension is installed on all PHP versions by running the following command for each PHP handler:
and in all of them, I see i360 as an active module. Any help how can I make proactive defense to work and stop shell and malwares immediately before they are detected by Malware Detector?Code:/opt/plesk/php/{PHP Version}/bin/php -m
Thanks
Iman
Leave a comment: