What are the use cases for Proactive Defense?
Proactive Defense can help make PHP-based websites more secure by terminating PHP scripts with malicious activity, including insecure WordPress plugins and any other outdated and unpatched web applications that can be easily compromised.
What do IPs colors mean?
Colors mean the same as in the Incidents tab in the Imunify360 UI:
- White/Grey/Black color means that an IP address is in the Imunify360 White/Grey/Black List respectively.
- Blue color means that an IP address is not in the list.
The color corresponds to the time of the list viewing, not the time when the incident occurred.
Why there are several records for the same script in the table?
Incidents are grouped with one-minute intervals, so if some script is invoked multiple times during the longer time span, it will produce several records.
What is the default mode of operation for Proactive Defense?
DISABLED is the default mode. If, for example, the KILL mode is enabled in the admin UI, this mode will be default for all hosting accounts to be added in the future.
Can a user override the default mode of operation set by admin?
A user can disable Proactive Defense anytime. Any mode that is not disabled (for user’s hosting account) by admin can be activated by a user.
Can KILL mode break my website operation?
While we are extensively testing Proactive Defense on a large number of different software, it is possible that we will have a false positive, and PHP script will be prevented from executing, causing page not to load. In the production version you will have a possibility to whitelist such scripts, and more granularly — for particular execution path. In the current Beta version you can only disable Proactive Defense for the whole account to mitigate the issue.
Does Proactive Defense require CloudLinux OS?
No, it works with any OS supported by Imunify360.
Does Proactive Defense support web servers other than Apache?
Proactive Defense supports Apache, nginx, and Litespeed with cPanel and Plesk.
Can Proactive Defense prevent malicious activity of cron jobs? Can cron job execute in a way so Proactive Defense module is not loaded?
Proactive Defense is a PHP module that should execute any time PHP script is executed including running PHP using a cron job. Note that hackers can create a cron job with PHP script started from custom php.ini to skip loading Proactive Defense. To prevent this from happening, we recommend using exclusively HardenedPHP where Proactive Defense component cannot be skipped by using custom php.ini.
Are there any restrictions for use with different PHP handlers?
Proactive Defense can work with any PHP handler provided the PHP version 5.4 or higher.
Can I benefit from Proactive Defense if I have Cloudflare WAF enabled for my website?
Cloudflare WAF and other WAF check only HTTP requests and not the actual PHP execution. As a result, Proactive Defense adds another layer of protection to your site.
What is the difference between Proactive Defense and other services like Wordfence?
Most security tools like Wordfence are tailored for a single CMS (e.g. WordPress) and work only for hosting accounts they are installed for. In addition, they are signature-based, so they cannot block PHP script execution proactively.
Will Proactive Defense affect my website’s performance?
It slows down PHP script execution by approximately 3-5%. This means that if the script was loading in 0.2 seconds before, it will now take around 0.206 seconds.
Do I need an additional license to use Proactive Defense?
No, the module is included in Imunify360 license price.
Where is Proactive Defense configuration file located?
- System settings: /etc/sysconfig/imunify360/imunify360.config: PROACTIVE.mode
- User settings: /etc/imunify360/user_config/imunify360.config: PROACTIVE.mode