Home General Topics ​Installation and configuration of ‘Pyxsoft Antimalware’ in cPanel servers

​Installation and configuration of ‘Pyxsoft Antimalware’ in cPanel servers

by Bella

Pyxsoft antimalware Plugin for cPanel/WHM protects your server from attacker scripts such as c99shell, r57shell, ANIShell, and hundreds more. It is a real-time Anti Malware for cPanel/WHM. Attackers can take control of your servers or can damage your customer’s data by uploading one of these scripts.

Pyxsoft antimalware plugin works to protects your server in two ways:

  1. Protecting from the six server’s entrance
  • SQL Injection
  • Legitimate Access (SSH, cPanel etc)
  • Web Forms
  • FTP
  • Brute Force Attacks
  • Installed Trojans or shells

  1. With additional methods:

Scanning all changes every night :

On every night the Pyxsoft antimalware plugin will scan all the files changed during last day and the results are mailed to root administrator. The scan is small and will detect all the new malware installed in the server.

Blocking generic bad-requests :

Pyxsoft antimalware plugin employs many Mod security rules that reject PHP injection, SQL injection and many known script vulnerabilities such as Timthumb exploit, Joomla password change exploit, OsCommerce upload exploit, and much more. It will keep the customers safe even if their scripts are unsafe and out of date. Also always remember that the Pyxsoft antimalware plugin will help you managing your servers, it not replaces the administrator.

There are also certain cases where Pyxsoft antimalware plugin will not provide protection. These are as follows:

  • If attacker steals or guess your SSH password.
  • If you don’t delete the malware found in the regular scan.
  • If your server is already hacked with a rootkit.
  • Malware uploaded via cPanel file manager will be detected at the night scan.

Scanning your whole server :

  • Initially the Pyxsoft antimalware plugin will scan the entire server to find out the installed malware. The definitions include ClamAV database and 6.000 additional malware signatures including perl files, PHP shells, PHP uploaders, PHP downloaders, IRC bots and Mass Mailers.
  • You will get the detailed list of the infected files once the scanning of the server is finished. Scanning is called with the nice Linux commands. Scanning the whole server will not increase the server load in more than 1 or 1.5 units.

Inspecting uploads :

Most important feature is that the customers never upload PHP scripts using HTML formats. Pyxsoft antimalware plugin will scan all HTTP and FTP files in real time. All perl and PHP scripts will be rejected in HTTP uploads. If you keep Pyxsoft antimalware plugin to inspect all HTTP uploads while starting a new server, the chance of hacking can be reduced.

Attackers tries all new discovered script vulnerabilities. Many times, attackers have user and password for Wordpress, Joomla or OsCommerce sites and can use them to upload malware scripts. Even in those cases, they will not be able to upload their scripts.

For the proper working Pyxsoft antimalware plugin, the following needs :

  • WHM/cPanel version 11.30 or superior
  • Apache Web Server
  • Mod Security 2.5 or superior installed
  • Internal WHM Ioncube loader enabled
  • ClamAV Antivirus installed

(Pyxsoft antimalware plugin doesn’t work with Lighttpd, Litespeed or Nginx web servers.)

The plugin will work in trial mode for 7 days even if you don’t have license.

Installing & configuring the Pyxsoft antimalware plugin

For installing the Pyxsof antimalware plugin, execute the following commands in a SSH console:

root@server [~]# cd ~

root@server [~]# wget http://www.pyxsoft.com/software/antimalware/anti_malware.tar.gz

root@server [~]# tar -xzf anti_malware.tar.gz

root@server [~]# cd anti_malware

root@server [~]# sh install.sh

If the installation is completed successfully, enter WHM and go to Pyxsoft Antimalware.

Installing Mod Security

The following steps are to be performed to install mod security, and care should be taken when recompiling the system. (Do it at your own risk.)

  • Log into your WHM panel
  • Click on EasyApache option
  • Click on “Previously Saved Config” and “Start cusomizing based on profile” button.
  • Select Apache 2.2 (or Apache 2 if you use PHP 4) and go to Next Step
  • Select your preferred PHP Version. PHP 5 is recommended. Go to Next Step.
  • Select minor version or use the selected one. Go to Next Step.
  • Check the Mod Security option. Leave the other options as suggested.
  • Click “Save and Build”. Click on “Yes” when asked you to recompile Apache and PHP
  • Wait until the process is finished.

Enabling Ioncube

Follow the steps to enable the internal ioncube loaders in order to execute Pyxsoft antimalware plugin.

  • Log into your WHM panel
  • Go to Tweak Settings > PHP
  • Select “ioncube” in cPanel PHP loader. If you had selected source guardian, it means that you probably have another extension in conflict with Anti Malware Plugin.
  • Save changes.

Installing ClamAV

Installing ClamAV is easier while compared to the installation of mod security. Steps are as follows:

  • Log into your WHM panel
  • Click on Manage Plugins option.
  • At the right side of the screen, locate ClamAV and check “Install and keep updated”
  • Press Save

Cpanel will take about 20 minutes to install ClamAV in your server and the operation should not be interrupted in between.

Uninstalling the Pyxsoft antimalware plugin

For uninstalling the Pyxsof antimalware plugin, execute the following commands in a SSH console:

root@server [~]# cd /usr/share/ilabs_antimalware/includes

root@server [~]# sh uninstall.sh

You should verify that your apache (httpd) and ftp (pure-ftpd) services are running after uninstalling the Pyxsoft antimalware plugin.

Screenshots of Pyxsoft antimalware plugin in WHM

General Settings : Here we can set the common settings for the plugin

general-2

HTTP Inspector : We can set the HTTP inspector configuration, Wordpress protection etc from here.

3_http

FTP Inspector : FTP inspector configuration (Enable FTP upload inspector, Quarantine virus, Quarantine malware, etc)
3_ftp

Auto Quarantine : Here we enable / disable the auto quarantine

4-Quarantine

License : Can view the licence details of the plugin
license-5

Malware Scanner : Scan one account, Scan all accounts in server, Review scan report, Manage quarantine
malware_scanner-6

Security Tools : Brute Force Protection, HTTP firewall, Mod Security Protection

security-7

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

Leave a Comment