Malware abounds on the internet, and as anyone who manages a website knows, web servers are a prime target. Malware criminals adore web hosting servers because they have exploitable network resources, a large number of visitors, and a wealth of data for identity theft and credit card fraud.
Servers are also a target because they house software that is managed by non-technical publishers and retailers who do not prioritize security.
Ignoring software updates or dealing with subpar software has a cost. For example, earlier this year, bad actors targeted nearly a million WordPress sites using software vulnerabilities that developers had already fixed, but users were slow to update, allowing hackers to gain access.
What’s more incredible is that such large-scale malware campaigns are common, and servers are frequently attacked within minutes of going online.
Does Your cPanel Server Need a Virus Scanner?
Malware developers are cunning because they want to infiltrate your servers while keeping you in the dark. They go to great lengths to keep their code hidden because the longer you take to find it, the longer they can exploit your servers and visitors.
Without a virus scanner to scan files for malicious code, you won’t notice it until your site is blocked or flagged as unsafe.
But how does malware get onto cPanel servers to begin with?
Bugs in software can lead to security vulnerabilities, which attackers can exploit to gain root privileges, remotely execute code, or inject backdoors into web applications. Often, the vulnerabilities could be fixed if the software was updated, but it could also have zero-day vulnerabilities that developers have yet to discover and fix. Many attacks, including cross-site scripting and SQL injection, take advantage of these vulnerabilities caused by coding errors.
Supply Chain Attacks
Upstream software developers and their file servers are favorites of attackers. If they can compromise the server of a popular WordPress plugin, they will infect tens of thousands of sites when users update or install the plugin. Consider the recent Magecart supply chain breaches, which resulted in the theft of hundreds of thousands of credit card numbers.
Attacks frequently succeed because site owners or server administrators configure software incorrectly. Your server may host a MongoDB database that is accessible to the public internet without password authentication. Perhaps the server’s root password is “123456,” or it hosts a site whose administrator believes “password1” will survive a dictionary attack. Because web hosting servers are complex, with many layers of software, it’s all too easy to make a mistake that allows an attacker and their malware to infiltrate.
What Types of Malware Are a Risk On cPanel Servers?
Malware comes in a variety of shapes and sizes, each with its own purpose and behavior. Here are some of the most common:
- Rootkits allow attackers to take control of your server remotely, frequently replacing standard software with hacked versions.
- Spambots send an email, social media, and forum spam using the server’s resources. Spambots are frequently used in phishing campaigns or to send links to sites that infect users’ computers with ransomware.
- Cryptojacking malware mines cryptocurrency using the resources of site visitors’ machines.
- Malicious redirects redirect visitors to a third-party website in order to generate advertising impressions or compromise their computers.
- Card skimmers and form jacking malware steal credit card numbers and other payment information entered into forms.
- SEO spam malware embeds hidden links and advertisements on website pages.
- DDoS malware turns your server into a node in a botnet for Distributed Denial of Service.
The Best Virus and Malware Scanning Tools for cPanel
So, what can you do to get rid of all these unwanted visitors on your servers?
Two words: Malware scanner
A malware scanner detects and removes malicious code before it causes harm to your company or clients.
ImunifyAV has been integrated into cPanel and WHM since Version 88 and can be installed via WHM’s Security Center in the Security Advisor interface. ImunifyAV is a free scanner that analyzes your server’s files and alerts you to any malware it finds. You can manually install ImunifyAV if you are using a version of cPanel & WHM older than version 86.
You can remove malicious files using the cPanel File Manager, but if you prefer to remove malware with a simple one-click interface, consider upgrading to ImunifyAV+, which makes it simple to clean a wide range of content management systems and eCommerce stores.
Imunify360, a complete server security solution that includes an advanced firewall, intrusion and malware detection, patch management, and proactive defense against zero-day attacks, is also supported by cPanel.
A malware scanner is necessary for your cPanel server, but you should also take precautions to keep malware from infiltrating your server in the first place. Out-of-date or incorrectly configured content management systems and eCommerce stores are the most common infection vectors.