Tweet
Hey there. After installing Imunify360 to our hosting server (CloudLinux OS, DirectAdmin), we resumed transferring sites from Siteground and noticed that all the site transfers were extremely slow, where before they were completing within 20-30 minutes, now they take upward of 1-3 hours.
After investigating, it seems that BlogVault is sending a PHP script to the root of each website's public_html and executing it, but Imunify360 is blocking these executions.
The problem is two-fold. First, the filename is randomly generated by BlogVault when we initiate the site transfer. Examples:
Test Site A: c9492ced8270aa4836e9ac3d6167f051ceb1e33d2b66f63f3a 2de38d48a6be1a.php
Test Site B: 6ad6a8eac346bcc95bfd2fea9985df4d9ac155fec5ce0672bb c731d2c7d649ad.php
Test Site C: 1c332b0b3aebeac968d96e385500c17cafb6dc78e9ec63ba7e 40047d68f6f872.php
Second, the originating IP for the execution of the files is different, as BlogVault uses proxies all over the globe to try to get the execution to complete.
I have a list of about 20 IP Addresses that have tried to execute the files. Would adding them to the whitelist prevent Imunify360 from blocking the script execution?
If not, BlogVault suggested we use rDNS to whitelist the IPs we have (and future IPs), but I don't see any way to do that through Imunify360.
Your assistance is appreciated.
After investigating, it seems that BlogVault is sending a PHP script to the root of each website's public_html and executing it, but Imunify360 is blocking these executions.
The problem is two-fold. First, the filename is randomly generated by BlogVault when we initiate the site transfer. Examples:
Test Site A: c9492ced8270aa4836e9ac3d6167f051ceb1e33d2b66f63f3a 2de38d48a6be1a.php
Test Site B: 6ad6a8eac346bcc95bfd2fea9985df4d9ac155fec5ce0672bb c731d2c7d649ad.php
Test Site C: 1c332b0b3aebeac968d96e385500c17cafb6dc78e9ec63ba7e 40047d68f6f872.php
Second, the originating IP for the execution of the files is different, as BlogVault uses proxies all over the globe to try to get the execution to complete.
I have a list of about 20 IP Addresses that have tried to execute the files. Would adding them to the whitelist prevent Imunify360 from blocking the script execution?
If not, BlogVault suggested we use rDNS to whitelist the IPs we have (and future IPs), but I don't see any way to do that through Imunify360.
Your assistance is appreciated.
Comment