immunify360 only 1 "incident" in hours of time

rscalover

Well-Known Member
Dec 16, 2010
63
4
58
cPanel Access Level
Root Administrator
Hello,

I was using comodo CWAF worked fine for me for months i even fixed there broken cPanel plugin (see Comodo CWAF cPanel plugin broken howto fix it ? - Free Modsecurity rules - Comodo Web Application Firewall) but after being unable to login to my CWAF account i was pissed i told them they didn't even reply no problem after all CWAF was a free product but it annoyed me they didn't even tell me why i couldn't login so to make a long story short i threw comodo out and purchased immunify360 but i'm skeptical it is running for hours already and it detected only 1 "incident" unusual with commodo i had several hits of bad guys trying todo bad things (but failed) that bad guys cannot be "magically disappaered" no security software is that good i do not believe in that so what is happening here ? .I want to see when people are trying bad things on my server only normal.
 

rscalover

Well-Known Member
Dec 16, 2010
63
4
58
cPanel Access Level
Root Administrator
Hello,

Yes when comodo was still active i got quite a few remote file includes and remote code execution (bug in PHPunit) attempts .The detected accidents have gone up from 1 to 3 but what worries me is i tryed this Imunify360 Admin Interface it is returning "Proactive Defence DOESN'T work or NOT in KILL mode" while kill mode is enabled hmmmz looks like i spended money on software that doesn't work or do i really have to completely disable csf & lfd ?

*edit* after 24 hours still 3 detected incidents i've send a ticket to their support as this is absolutely not normal behavior.
 
Last edited:

rscalover

Well-Known Member
Dec 16, 2010
63
4
58
cPanel Access Level
Root Administrator
Hello,

Turns out proactive defense does work it just wasn't enabled i feel like an idiot for blaming the product while it was my error .... The mod_security thing is still not working imunify requested SSH access so i gave them friendlly dudes over there .
 
  • Like
Reactions: cPRex

ankeshanand

Well-Known Member
Mar 29, 2021
45
9
8
India
cPanel Access Level
Root Administrator
Imunify360 is a perfect solution for Server Defense from Attacks. By Default, It blocks around 31000 IP Addresses to their Greylist which had been suspicious before. Maybe, the person who attacked your server already got into the Blacklist.
Don't forget to enable the Proactive Defense in Kill Mode so that Internal Files can be montiored real-time