At the Imunify360 section in your cPanel, click in the Proactive Defense link at the top.
Here you can set a mode, view detected events and perform actions on them.
Mode Settings
The following Proactive Defense modes are available:
Disabled: means that Proactive Defense feature is not working and a system is not protected enough.
Log Only: means that possible malicious activity is only logged, no actions are performed.
Kill Mode: the highest level of protection — the script is terminated as soon as malicious activity is detected.
To select a mode, tick the desired checkbox. When an action is completed, you will see a pop-up with the successful mode changing.
The Detected Events table displays all the necessary information about PHP scripts with malicious activity detected by Imunify360 Proactive Defense.
The Detected Events table includes the following columns:
- Group/individual action checkbox: allows to perform actions on one or several desired entities.
- Detection Date/Time: displays the date and the exact time of event detected. To view the exact time click the clock icon in the desired event line.
- Description: displays a special Proactive Defense rule according to which a suspicious activity was detected.
- Script Path: displays the path to the suspicious script. A number near the path describes how many times this event has repeated.
- Host: displays the host of the script.
- First script call from: displays the IP in which the first call of the script was detected.
* White color means that this IP is whitelisted.
* Black color means that this IP is blacklisted.
* Gray color means that this IP is graylisted.
* All the others IPs are blue colored.
- Action: displays the current mode.
- Actions: allows to view details and perform actions on the event.
Actions
The following actions are available for the detected event:
View file content: click Cog icon in the row of the desired event and choose View file content.
Move IP to the Black List: click View details icon in the row of the desired event. Then, click Block IP button.
Move file to Ignore List (ignore detected rule): allows a user to exclude a file from Proactive Defense analysis for a particular rule. Click Cog icon in the row of the desired event and choose Ignore detected rule for the file.
- Move file to Ignore List (ignore all rules): allows a user to exclude a file from Proactive Defense analysis for all rules. Click Cog icon in the row of the desired event and choose Ignore all rules for the file.
- Remove file from Ignore List: allows a user to include ignored file to Proactive Defense analysis again. On the Ignore List tab click Bin icon and confirm the action.