Features I'd like to see
Forum
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Christos Panagiotakis
  2. Tuesday, 25 July 2017
  3.  Subscribe via email
Just configured a new server, the first one without CSF/CXS, instead I just installed Imunify360 only. And I am "missing" a few things I would like to share.

a)
I missed the security check up in CSF [Check Server Security option], I know there is Security Advisor in cPanel but it's missing a lot of stuff.
Do you plan something like that (or help cPanel on their own Security Advisor?)

b)
[Check IPs in RBLs], nice feature, most of the times we have problems with outgoing spam so we check it regularly. If it was automated and just reporting in the frontpage / or with popup notification it would be great! (Or maybe integrate it on reputation management)

c)
Allow incoming/outgoing tcp/udp ports. How can I port block something or even worse, block it for everyone except x,y,z IPs/subnets. I use it for MySQL connections mostly. Nice feature. I block everything for port 3306 for example except a few subnets and/or IPs. Doing the same for SSH. Can I do that with imunify ?

d)
Email Alerting. On port scans, floods, connlimit, etc, is there a way to get email alerts too ? Or program them to send alert if only something is true (e.g Send me alert of blocked IP then the country is Greece to double check it)

e)
Better reporting in incidents. (More verbose maybe)
CXS/CSF sends me alerts when it block something (mod_security for example) and I am getting something like that:
[Tue Jul 25 01:33:00.911526 2017] [:error] [pid 27625] [client 46.161.9.51] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[-_ ]?\\\\b(?:adipex|suboxone|pseudovent|topamax|trazodone|prevacid|zyrtec|xenical|toprol|zoloft|synthroid|valtrex|wellbutrin|valium|protonix|vytorin|ritalin|zocor|seroquel|ultracet|plavix|voltaren|zyprexa|xanax|vicodin|penicillin|tramadol|provigil|predn ..." at ARGS:comment. [file "/etc/apache2/conf.d/modsec/modsec_rules/30_asl_antispam.conf"] [line "283"] [id "300061"] [rev "25"] [msg "Atomicorp.com WAF AntiSpam Rules: Possible Spam or Restricted content: Pharmacy and/or Drug content detected"] [data " 496 found within ARGS:comment: wh0cd76412 <a href=http://buyanafranilonline.us.com/>;buy anafranil online</a> <a href=http://tamoxifennorx.us.com/>;tamoxifen visa</a> <a href=http://buyfurosemide.us.com/>;furosemide mg</a> <a href=http://prednisone10mg.us.com/>;prednisone tablets</a> <a href=http://colchicine.us.com/>;colchicine over the counter</a> "] [severity "WARNING"] [hostname "HOST-NAME-HERE"] [uri "/wp-comments-post.php"] [unique_id "WXZ1nIe9LNr8HNUDKIlV2QAAABU"]

So I know the rule, the hostname the rule, the data and the exact file location.

In imunify I'm seeing only the file location. I don't know which account, username or domain it came from.
I am just seeing something like that:
Atomicorp.com WAF Rules: xmlrpc DOS attack
Sensor:
modsec
Rule:
392331
Abuser:
131.255.227.146

Or in newer beta:

i360-wallarm - web-shell access (WLRM-18fd997a)||domain-here.gr
Sensor:
modsec
Rule:
664273
Abuser:
179.105.30.70
But still no the exact URL.
(Or what that "web shell acess" means exactly)

f)
Outgoing emails spam,
That's a pain, and somewhere here there is a un-answered question about that,
there are reporting tools about relaying, queue alerts, smtp alerts etc.
Generally, outgoing spam from php backdoors, shells, or hacked accounts is an issue. Do you plan alerts or hardening this ?


ps: Just updated to cPanel 66, frameless whm, even the beta imunify doesn't work well. No scrollbar. But I like it anyway.
Rate this post:
  1. 28.07.2017 15:07:40
  2. # 1
Ryan Smith Accepted Answer
Posts: 32
Joined: 27.04.2016
0
Votes
Undo
Having admin email alerts for spammers would make me drop CSF and run Imunify360 exclusively. Only thing I still rely on CSF for.
  1. 01.08.2017 11:08:19
  2. # 2
Nikolay Accepted Answer
Posts: 8
Joined: 10.03.2017
0
Votes
Undo
Outstanding feedback!

a), b) We are going to investigate how it works
c) Blocked ports already in beta, ~7.08 it will be available in stable
d) We are planning to improve reporting in Q3 significantly
e) Also important comment! We are improving this during the next releases.
f) We will discuss how we deal with it

ps: Just updated to cPanel 66, frameless whm, even the beta imunify doesn't work well. No scrollbar. But I
like it anyway.
Unfortunately, we can't reproduce it. What exact version (stable/beta) do you use? Only no scrollbar or something else?

Thanks for your comments!

--
imunify360 dev team
  1. 02.08.2017 16:08:38
  2. # 3
Ray Baron Accepted Answer
Posts: 30
Joined: 01.04.2013
0
Votes
Undo
One other feature for the wishlist that I miss from CXS:

Change incorrect permissions. CXS automatically changes 777 permissions which is nice to have for CMSs like EE that "force" 777 for caching.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.