Enduser access to Imunify and ignore list problem
Forum
Toggle Submenu
  1. Forums
  2. Recent
  3. Tags
Add a reply View Replies (4)
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor

Resolved Enduser access to Imunify and ignore list problem

  1. Morten
    Morten
  2. 19.12.2017
  3.  Subscribe via email
Hello,

I see in the latest update of Imunify customers have access to setup ignore paths themselves in cPanel so that the scanner ignores the paths/files/folders.

What if there is a hacker/fake order done and they login to cPanel and setup ignore paths for their public_html folder?
Then they start uploading files/folders with phising content and misuse the account?

Have you thought of that and the complications that can do to the server?
How can we as admins find these accounts and what should we do in such cases?

I think you need to think trough such cases and find a better way to handle those.
Rate this post:
0
Responses (4)
  1. 19.10.2018 21:10:21
  2. # 1
Alexandre Parubochyi Accepted Answer
Alexandre Parubochyi
Posts: 285
Joined: 31.01.2017
0
Votes
Undo
How about adding a control for admin to restrict this release/ignore function to selective end user only?


A task with internal id DEF-6276 has been created to address this issue. You can track Imunify360 updates in our blog at https://www.cloudlinux.com/imunify360-imunifysensor-blog
  1. 19.10.2018 03:10:24
  2. # 2
J L Accepted Answer
J L
Posts: 0
Joined: 12.04.2021
0
Votes
Undo
Putting a file path on whitelist is quite dangerious. Because the content of that specific file path can always be manipulated later on by people up to no good.

How about adding a control for admin to restrict this release/ignore function to selective end user only? :)
  1. 21.12.2017 17:12:29
  2. # 3
Kirill Bykov - Imunify360 Project Manager Accepted Answer
Kirill Bykov - Imunify360 Project Manager
Posts: 0
Joined: 12.04.2021
0
Votes
Undo
Hello Morten,

This is a really good point, and we will think about how we can adjust our functionality here.
On one hand, we want end user to be able to 'skip' file.
On the other hand, we want admin to prevent the user from doing so.

We will think about how to let Admin be in control, while still proving for such flexibility.

Thanks.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Kirill Bykov - Imunify360 Project Manager
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Cite your Sources with a URL link to help readers verify facts or find more details.
Add Another Link
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.

General
General
  1. 557 posts
  2. 2 subcategories
CloudLinux and Control Panels
CloudLinux and Control Panels
  1. 1157 posts
  2. 5 subcategories
KernelCare
KernelCare
  1. 76 posts
  2. 1 subcategory
Imunify360
Imunify360
  1. 224 posts
  2. 1 subcategory

Stay in touch

CloudLinux Facebook Facebook 9K+ followers CloudLinux Twitter Twitter 10K+ followers CloudLinux YouTube Channel YouTube official channel CloudLinux on LinkedIn LinkedIn Follow us

Products
Success Stories
Partners
Support
About Us
privacy shield certified
aicpa soc
pci-dss
eu gdpr compliant

© All rights reserved. CloudLinux Inc.
Terms of Use | Privacy Policy | Vulnerability Reporting | Code of Ethics | Legal 

Call Sales at +1 (800) 231-7307

Email [email protected]

EU e-Privacy Directive

This website uses cookies to ensure you get the best experience using our website and services. If you prefer we don’t use cookies, please disable them in your browser.

You have declined cookies. This decision can be reversed.

You have allowed cookies to be placed on your computer. This decision can be reversed.