cPGuard version 4.83 performance updates

cPGuard version 4.83 performance updates

We released cPGuard version 4.83 on September 5th with some improvements in the core to increase the software efficiency and to reduce resource usage along with other bug fixes. Key modifications in this latest release of cPGuard include:

Virus database amendments

Our scanner engine core has been operational since 2018 and has undergone many reviews and improvements. The scanner rules and definitions are updated even more frequently. Recently, we observed a slowdown in the scanner engine’s performance, attributed to the existing and ever-growing virus rules set. On recognizing the need for improvement after our comprehensive review, We removed many archaic and obsolete detection rules and fine-tuned the remaining ones. The outcome is a faster scanning process that consumes fewer resources.

IPDB Rules load changes

In recent months, we’ve received feedback indicating that the regular reload of IPDB rules was consuming an unusually high amount of CPU resources, especially when multiple country whitelists were involved. To address this issue, we have made significant adjustments to the overall logic. These changes are designed to eliminate the performance penalty during the rules-building process, leading to a substantial reduction in CPU overhead. Based on our tests, this modification allows the entire process to be completed much more quickly and efficiently.

Woocommerce plugin core files restore

As part of our commitment to improving the WordPress file cleanup engine, we are adding Woocommerce plugin core files restore. This feature will replace infected files of the WooCommerce plugin with fresh files of the specific version. We’re dedicated to enhancing this functionality further by incorporating additional plugins in upcoming versions.

App Portal updates

Angular Framework updated to LTS version along with CLI and core that

  1. Improved accessibility ( cross-platform performance to touch on mobile etc.. )
  2. Better adherence to the Material Design spec ( it’s a design standard for designing web and mobile components )
  3. Faster adoption of future versions of the Material Design spec, due to being based on common infrastructure

General bug fixes

Along with the above updates, the new version also contains bug fixes to the recently reported issues. If any of the reported issues still exist, feel free to contact our team.

Maxer Hosting: How the Hungarian based Webhosting company integrated cPGuard into their custom control panel

Maxer Hosting: How the Hungarian based Webhosting company integrated cPGuard into their custom control panel

Security concerns on  a shared server

In shared hosting, security is a tough battle. Web Hosters must consistently secure and update all their servers, as stipulated by their security policies. However, in multi-website environments like shared servers, the imperative extends to safeguarding hosted websites and countering diverse web and virus attacks. The challenge lies in fortifying each site inspite the amalgamation of different applications and software versions, with a notable majority of WordPress websites. This landscape brings its complications, particularly since WordPress-based sites, integrated with various themes and plugins, are susceptible to compromised content. Often, the custodians of these sites remain unaware of the vulnerabilities residing in third-party code and disregard the criticality of updates and patches. Such security fissures hold the potential to undermine websites, and in the direst scenario, impact other users on the same server.

About MAXER Hosting Kft.

MAXER Hosting Kft. is a Hungarian web hosting company, operating for almost two decades. They specialize in business website hosting, VPS, domain registration services, SSL certifications and other related services. They serve hundreds of customers within and outside their home country with their infrastructure and servers at the BIX Internet center, Budapest, connected to a high-speed backbone network.

Requirement of the customer

MAXER Hosting uses their in-house custom control panel built with thier in-depth knowlegde in core technologies. This custom-made panel boasts a chrooted web server and file system, setting it apart in terms of uniqueness and security compared to conventional control panels. Thus, adopting an off-the-shelf security suite isn’t a viable option. Instead, they require a tailored configuration to connect with the control panel and capture domain and hosting information, identify user information and have seamless compatibility with the chrooted file system. Considering all these factors, the choice falls on cPGuard for integration into their tailored solution, fortifying the shield for hosted websites.

ABOUT US

Getting to know

cPGuard is a comprehensive automated security suite designed for Linux hosting servers that encompasses a manual Malware Scanner, a distributed IPDB firewall, Web Application Firewall, IP and domain reputation check, and brute-force protection against various CMS, among other features.

Infections detected a day

Attack request blocked a day

Domains protected

cPGuard can be installed on Linux Web Servers, with or without control panels, offering enhanced security for all server accounts and simplified management via a centralised UI. It employs intelligent code processing algorithms for server scanning and real-time attack prevention. In the same price bracket, you’ll be hard-pressed to find an alternative boasting such a rich array of features.

How cPGuard could work with Maxer.hu custom control panel servers

The standalone version of the cPGuard security suite exhibits notable flexibility and is compatible with nearly all supported Linux web server platforms. Upon receiving the customer’s specific requirements, we solicited a test environment. This step allowed us to grasp the intricacies of their customized setup and understand the configuration of their web service. Drawing insights from this analysis, we collaborated with the customer to develop supporting scripts for configuring cPGuard Standalone and effecting essential adjustments for integrating the Web Application Firewall (WAF) into their chrooted web server environment. The overall integration process unfolded seamlessly, demanding minimal effort from the customer’s side. This resulted in a smooth adaptation of cPGuard across all their servers.

The final output

Currently, cPGuard is safeguarding the majority of Maxer.hu’s servers, with plans to extend its deployment to their cPanel servers. Our collaboration with Peter and the team has been highly satisfying, and we feel honored to provide our services to Maxer.hu and their valued customers.

cPGuard integration with Enhance Control Panel

cPGuard integration with Enhance Control Panel

We are so happy to announce that cPGuard integration with Enhance control panel is enabled from version 4.65. We have been working hard over the past weeks to complete the supporting scripts in the standalone version and now almost all functions will work fine on Enhance servers.

More about Enhance Control Panel

Enhance is a comprehensive multi-server, website, and customer automation platform designed for web hosting companies and web agencies. Unlike the conventional panels, they use dockerized containers to run services and thus claim more security and isolation for websites. You may find more about them on their official website 

Is there a limitation in the integration?

Right now there is no major limitation except WAF support in Apache because ModSecurity is not enabled in their Apache docker container. Once Enhance can support ModSecurity with Apache, we will add support for that. Right now WAF can work fine with Litespeed and OpenLiteSpeed

All other major modules will work fine and we are still releasing updates/patches for all new issues reported.

How to install cPGuard on your Enhance server?

The cPGuard installation is pretty straight forwards as always…it only needs a few additional pieces of information compared to the regular Standalone installation. You may find the details installation instructions in our KB  …the installation is quick and rather easy.

We would like to thank MediaServe LLC  for providing us with the development platform and integration assistance for Enhance. Their valuable feedback in each stage helped us to make the integration fast and accurate.

Vulnerability fixed in WordPress Elementor Pro plugin – How cPGuard handles it

Vulnerability fixed in WordPress Elementor Pro plugin – How cPGuard handles it

The vulnerability

As many of you are aware already, there is a critical vulnerability reported in the WordPress Elementor Pro plugin, which is installed on millions of websites. Though they have already released a patched version already, there are still many websites left unpatched, and active attack campaigns are going on against the WordPress websites. The vulnerability, which impacts version 3.11.6 and all older versions, allows logged-in normal users, like customers or site members, to change the website settings, create new admin users, change the site URL, etc.

What did we notice about this attack campaign?

Based on some reliable sources, most of the attack campaigns were started from the following IPs

  • 193.169.194.63
  • 193.169.195.64
  • 194.135.30.6

Upon investigating this further and checking the logs, we have noticed some attack attempts since 24th March 2023 and our WAF was blocking them without any specific rule added for this particular vulnerability ( our WAF rules are so generic to block many of the common abuse attempts ).

After multiple attack attempts against the servers within the cPGuard network, the IPDB system has caught it on the central system and blocked on all client servers where IPDB is enabled. Given below are a few relevant screenshots of the given incidents.

So what else we did do to protect servers from this vulnerability?

Even if we found that the automated attack attempts are already being blocked by the WAF and IPDB, we have released a WAF update today specifically to block exploiting this vulnerability specifically. We are still monitoring the servers and logs and we will amend the WAF rules as we get more pieces of evidence and logs.

It is also recommended to advise your customers and update the plugin to version 3.11.7 or higher as it is available.

Find malware in  a cPanel user account

Find malware in a cPanel user account

What is malware in web hosting?

Malware is a generic term for any type of malicious software written specifically to harm a network, system, or user. In the web hosting domain, this usually means a back door, an injection, or a phishing kit that is uploaded to a user account and abuses the resources to distribute the attack. Mostly in a PHP web hosting environment, this happens due to a vulnerability in the web application or due to a compromised user password

Common impacts of malware-infected websites

 Once the account/website is infected, you may experience various issues like phishing content in the website, email spam originating scripts, scripts sending outbound attacks, server load spikes, etc. Such issues will eventually affect the reputation of your server IP address, and websites, and may cause abuse complaints as well. 

 How cPanel scanner engine can help to solve this?

We have developed cPGuard scanner engine to closely watch the file events under each account and scan them automatically. There are also daily and weekly scanner options to schedule the latest files ( which are enabled by default ) with the updated virus rules. That said, we constantly update the virus file detection rules and the scheduled scan will help to recheck the latest files with the updated rules set periodically.

Our scanner engine is carefully crafted specifically for Web Hosting PHP websites and it is one of the fastest, less resource-consuming scanners with the best results overall. 

How to detect malware under cPanel account using cPGuard manual scan

As mentioned already above, it is recommended to keep the automatic scanner turned on always for safer web space. If you detect any abuse on your account and want to scan files manually, you can do it either from the cPanel plugin or from the App Portal   

 1. From App Portal   , you need to go to the server on which the account is hosted,  go to Virus Scanner >> Manual Scan and there you can choose the account or enter the path to scan.

2. From cPanel , you can go to Security >> cPGuard and then you will have the option to scan your files.

Conclusion 

The cPGuard scanner is a very useful tool for web hosts and account holders to detect the malware files under their accounts. Together with the automatic files scanner, Web Application Firewall, IPDB Firewall, Reputation monitoring tools, etc cPGuard helps to keep all cPanel server safe and secure.