1. Security

cPanel Imunify’cation: Virus and Malware removal

Written by Posted on Less than 0 min read

Hacking attacks can be one of the most troublesome things happen to the website. It can cause thousands in losses as long as heavy brand damage. And sometimes website owners may not even suppose that their website is infected. In this article we will talk about how to remove malware from the website on a cPanel server.

There are different types of malware, viruses and backdoors: ones can be silently sitting and exploit your server in the bot-net, another can target your website operations directly. We have seen both and most time websites running on popular CMS like WordPress are affected.

We do not say that WordPress is not safe to use but it’s popularity along with huge amount of available plugins makes it: 1. number one target for vulnerability discoveries by hackers 2. lack of most website owners of technical knowledge leads to poor security practices. Installation of dozens of plugins and not maintaining them and WordPress itself in the up-to-date state.

Recently we have talked about how to level up your cPanel server security (here). Today we gonna talk about how to detect malware and counter it.

Imunify Anti-Virus

Imunify is without exaggeration the most powerful tool to combat malware in cPanel. It can identify the infected files and clean the malicious code. It can also provide real-time protection.

In most cases it enough to harden the server security, update all password and then run the automatic scanner and cleaner. If you think you can manually remove the malware, give me a break.

Imunify scan results

As you can see scan resulted in over 4k infected files found on a simple WordPress online shop. When we first started to clean malware manually, infected files were re-uploaded automatically.

Imunify for cPanel scans and then you can run automatic clean up of the infected files (in paid version). In free version you can see the infected files and path to them and can manually clean.

Cleaned

Let’s go ahead and see how to install Imunify and to run a scan.

Install Imunify

Login to WHM. Find Security Center > Security Advisor.

WHM how to install imunify in security advisor
cPanel Security Advisor

Proceed to Install ImunifyAV.

ImunifyAV installation process
ImunifyAV installation process

Once installation is complete, you will be redirected back to the Security Advisor. You can find Imunify management page under Plugins in WHM.

Imunify location in cPanel/WHM
Imunify location in cPanel/WHM

ImunifyAV scanner

From the main plugin page you can either Scan all account for malware or perform per account scans. See the picture below.

How to scan with Imunify

If there is no malware found, you will see the message like on the image below.

Results of the Imunify scan
Results of the Imunify scan

If there is a malware, you will see the threats found and option to clean/remove files.

Found threats by Imunify
Found threats by Imunify

In the History tab you will be able to see the found threats – file names and path to them. If you are running ImunifyAV+ or Imunify360, you will have an option for automatic clean up. No worries, backups of the removed files will be created, so you will be able to restore the files if something goes wrong.

You can also scan a specific directory of the website for malware if needed.

Scan a particular directory
Scan a particular directory

WP Toolkit

If you are running a WordPress website and it got infected, another powerful tool to use is WP Toolkit. After you clean up the malware from the website with Imunify, chances are that some files got corrupted. In fact usually malware completely replace original files, so either you need an old backup of those files or you can use WP Toolkit.

Find WP Toolkit WHM

You can install WP Toolkit by going to Server Configuration > WHM Marketplace. Then select “+ Add Extensions” and you will see an option to install WP Toolkit.

Install WP Toolkit WHM/cPanel
Install WP Toolkit WHM/cPanel

After it’s installed, you can access it within Plugins, just like Imunify.

In the bottom of the plugin you can find “Check WordPress Integrity” which allows to verify all core files of your website.

WP Toolkit how to check core files
WP Toolkit how to check core files

If some files fail integrity check you can re-upload the core files with a single click of a mouse.

Re-install WordPress core files with WP Toolkit
Re-install WordPress core files with WP Toolkit

This is very useful since usually malware modifies core website’s files a lot while tools like Imunify can only detect malicious code an clean the whole file. Then corrupted files should be replaced with un-infected ones. WP Toolkit does a very good job in this.

Summary

Let’s summarize the process of “healing” of an infected website:

  • Harden your server’s security (disable ssh, ftp, update all passwords).
  • Install Imunify for WHM/cPanel.
  • Scan the accounts.
  • If running a free version, then manually remove infected files.
    If running ImunifyAV and above, use auto clean up.
  • (WordPress) Install WP Toolkit
  • (WordPress) Check core files for integrity.
  • (WordPress) If integrity check fails, re-install core.

You can always make few extra steps and check installed Plugins. Outdated plugins should be either updated or disabled. However plugins with security vulnerabilities should be disabled.

Related articles

  1. Linux
  2. Security

Remote SMTP settings cPanel

Remote SMTP settings configuration in cPanel is required when you want to host your emails separately from the website. In this case some modifications should be done on the side of both local and remote mail server. In this article we will cover cPanel settings for correct remote SMTP functionality. Local server config Configure Remote […]
Written by
Next