No announcement yet.

Features Id like to see

  • Filter
  • Time
  • Show
Clear All
new posts

  • Features Id like to see

    Just configured a new server, the first one without CSF/CXS, instead I just installed Imunify360 only. And I am "missing" a few things I would like to share.

    I missed the security check up in CSF [Check Server Security option], I know there is Security Advisor in cPanel but its missing a lot of stuff.
    Do you plan something like that (or help cPanel on their own Security Advisor?)

    [Check IPs in RBLs], nice feature, most of the times we have problems with outgoing spam so we check it regularly. If it was automated and just reporting in the frontpage / or with popup notification it would be great! (Or maybe integrate it on reputation management)

    Allow incoming/outgoing tcp/udp ports. How can I port block something or even worse, block it for everyone except x,y,z IPs/subnets. I use it for MySQL connections mostly. Nice feature. I block everything for port 3306 for example except a few subnets and/or IPs. Doing the same for SSH. Can I do that with imunify ?

    Email Alerting. On port scans, floods, connlimit, etc, is there a way to get email alerts too ? Or program them to send alert if only something is true (e.g Send me alert of blocked IP then the country is Greece to double check it)

    Better reporting in incidents. (More verbose maybe)
    CXS/CSF sends me alerts when it block something (mod_security for example) and I am getting something like that:
    [Tue Jul 25 01:33:00.911526 2017] [:error] [pid 27625] [client] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[-_ ]?\\b(?:adipex|suboxone|pseudovent|topamax|trazodon e|prevacid|zyrtec|xenical|toprol|zoloft|synthroid| valtrex|wellbutrin|valium|protonix|vytorin|ritalin |zocor|seroquel|ultracet|plavix|voltaren|zyprexa|x anax|vicodin|penicillin|tramadol|provigil|predn ..." at ARGS:comment. [file "/etc/apache2/conf.d/modsec/modsec_rules/30_asl_antispam.conf"] [line "283"] [id "300061"] [rev "25"] [msg " WAF AntiSpam Rules: Possible Spam or Restricted content: Pharmacy and/or Drug content detected"] [data " 496 found within ARGS:comment: wh0cd76412 <a href=;buy anafranil online</a> <a href=;tamoxifen visa</a> <a href=;furosemide mg</a> <a href=;prednisone tablets</a> <a href=;colchicine over the counter</a> "] [severity "WARNING"] [hostname "HOST-NAME-HERE"] [uri "/wp-comments-post.php"] [unique_id "WXZ1nIe9LNr8HNUDKIlV2QAAABU"]

    So I know the rule, the hostname the rule, the data and the exact file location.

    In imunify Im seeing only the file location. I dont know which account, username or domain it came from.
    I am just seeing something like that: WAF Rules: xmlrpc DOS attack

    Or in newer beta:

    i360-wallarm - web-shell access (WLRM-18fd997a)||
    But still no the exact URL.
    (Or what that "web shell acess" means exactly)

    Outgoing emails spam,
    Thats a pain, and somewhere here there is a un-answered question about that,
    there are reporting tools about relaying, queue alerts, smtp alerts etc.
    Generally, outgoing spam from php backdoors, shells, or hacked accounts is an issue. Do you plan alerts or hardening this ?

    ps: Just updated to cPanel 66, frameless whm, even the beta imunify doesnt work well. No scrollbar. But I like it anyway.

  • #2
    Having admin email alerts for spammers would make me drop CSF and run Imunify360 exclusively. Only thing I still rely on CSF for.


    • #3
      Outstanding feedback!

      a), b) We are going to investigate how it works
      c) Blocked ports already in beta, ~7.08 it will be available in stable
      d) We are planning to improve reporting in Q3 significantly
      e) Also important comment! We are improving this during the next releases.
      f) We will discuss how we deal with it

      > ps: Just updated to cPanel 66, frameless whm, even the beta imunify doesnt work well. No scrollbar. But I

      like it anyway.
      Unfortunately, we cant reproduce it. What exact version (stable/beta) do you use? Only no scrollbar or something else?

      Thanks for your comments!

      imunify360 dev team


      • #4
        One other feature for the wishlist that I miss from CXS:

        Change incorrect permissions. CXS automatically changes 777 permissions which is nice to have for CMSs like EE that "force" 777 for caching.