Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Immunify360 reviews?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Immunify360 reviews?

jetchiragjetchirag Member
in General

From the product page, it seems pretty good. But there aren't much reviews on compatibility or performance issues with it.

How does it work on shared hosting environment? I'm very interested in their malware scanner and waf protection. Was thinking to try out a trial but don't want any overhead later.

Thanks ;*

Comments

  • ZerpyZerpy Member

    The WAF protection uses the Comodo WAF ruleset generally with a bit of customization.
    Their Malware scanning doesn't have many false positives which is good, and it's a lot better than alternatives like maldet.

    Performance wise - well, you save resources by not letting bad users in - so it depends on your environment.

    I've personally not seen any issues that bother me.

    Thanked by 2jetchirag Clouvider
  • vovlervovler Member

    The WAF as Zerpy said uses rulesets Comodo WAF and some another ruleset from an Enterprise solution, I don't remember the name.

    The malware scanning was improved a lot since a few months ago.

    Get youself a DO/Vultr VPS and test it with cPanel.

    Thanked by 1jetchirag
  • jetchiragjetchirag Member

    @Zerpy and @vovler

    Thanks both, I'll give it a try

  • vovlervovler Member

    One of the best features, IMO, is the wordpress bruteforce detection for all users.

    Even if you have some newbie with a wordpress getting bruteforced, it will stop the bruteforce and ask for the recaptcha, if the user still doesnt complete the captcha, it will be blocked from any future login attempts for an amount of time. Saving a lot of CPU usage.

    This is something Francisco had to deal with in his buyshared.net, and coded his own protection against this. But not everyone has the skills to do that.

  • jetchiragjetchirag Member
    edited October 2017

    @vovler said:
    One of the best features, IMO, is the wordpress bruteforce detection for all users.

    Even if you have some newbie with a wordpress getting bruteforced, it will stop the bruteforce and ask for the recaptcha, if the user still doesnt complete the captcha, it will be blocked from any future login attempts for an amount of time. Saving a lot of CPU usage.

    This is something Francisco had to deal with in his buyshared.net, and coded his own protection against this. But not everyone has the skills to do that.

    I was particularly looking to this, their greylist feature.

    @Zerpy, In docs, I did found that it uses maldet to perform scans so can't say how much better it could be.

    Maldet - Imunify360 uses it to perform the scan

    Anyway, I'll look at cPanel docs to see if I can write my own similar script.

  • hostdarehostdare Member, Patron Provider

    does this script compatible with cloudflare ?

    if any customer uses cloudflare, it may conflict with each other .

  • vovlervovler Member
    edited October 2017

    @hostdare said:
    does this script compatible with cloudflare ?

    if any customer uses cloudflare, it may conflict with each other .

    All cloudflare ips are whitelisted. In case cloudflare is used, imunify360 will block suspicious requests, but not grey list/black list the ip, and won't ask for captcha in case of bruteforce. (if I'm not mistaken)

  • hostdarehostdare Member, Patron Provider

    vovler said: but not grey list/black list the ip, and won't ask for captcha in case of bruteforce. (if I'm not mistaken)

    but we can make the cloudflare to pass the real IP too .. have you tried that ?

  • vovlervovler Member
    edited October 2017

    @hostdare said:
    but we can make the cloudflare to pass the real IP too .. have you tried that ?

    From : http://www.docs.imunify360.com/index.html?installation.htm

    Cloudflare

    We are whitelisting all traffic by Cloudflare.

    From : https://docs.imunify360.com/index.html?faq_and_known_issues.htm

    Known Issues:

    Imunify360’s Blacklist doesn’t work with CloudFlare Proxy.

    You can pass the IP, but you need enterprise (lol, no.) :

  • hostdarehostdare Member, Patron Provider

    vovler said: You can pass the IP, but you need enterprise (lol, no.) :

    I mean this

    https://support.cloudflare.com/hc/en-us/articles/203656534-How-do-I-restore-original-visitor-IP-with-Apache-2-4-

  • jetchiragjetchirag Member

    hostdare said: but we can make the cloudflare to pass the real IP too .. have you tried that ?

    I don't think it's only about real IP but also cloudflare's own protection. for example, a visitor may have to fill double captcha to view website

  • ZerpyZerpy Member

    @jetchirag said:
    @Zerpy, In docs, I did found that it uses maldet to perform scans so can't say how much better it could be.

    Sure - because maldet works - however they supply more signatures than maldet does by default (even with the ClamAV signatures as well).

  • doghouchdoghouch Member

    @jetchirag said:

    hostdare said: but we can make the cloudflare to pass the real IP too .. have you tried that ?

    I don't think it's only about real IP but also cloudflare's own protection. for example, a visitor may have to fill double captcha to view website

    It’s a PITA when you can’t post 3 lines of (harmless) HTML without having to finish a few dozen captchas.

  • jetchiragjetchirag Member

    @doghouch said:

    @jetchirag said:

    hostdare said: but we can make the cloudflare to pass the real IP too .. have you tried that ?

    I don't think it's only about real IP but also cloudflare's own protection. for example, a visitor may have to fill double captcha to view website

    It’s a PITA when you can’t post 3 lines of (harmless) HTML without having to finish a few dozen captchas.

    I personally have posted some of codes on let but never received any cf captcha

  • ClouviderClouvider Member, Patron Provider

    Consider yourself lucky ;-)

    Thanked by 2doghouch jetchirag
  • a-super-random-usera-super-random-user Member

    Meanwhile at the CF headquarters

    I've used Imunify360 for a while on one of my cPanel servers and it was really good. I'm not entirely sure about their "AI" claim though

  • jetchiragjetchirag Member

    @sdglhm said:
    Meanwhile at the CF headquarters

    I've used Imunify360 for a while on one of my cPanel servers and it was really good. I'm not entirely sure about their "AI" claim though

    Though they have mentioned AI, I don't see any feature which would qualify for it

  • a-super-random-usera-super-random-user Member

    jetchirag said: Though they have mentioned AI, I don't see any feature which would qualify for it

    Agreed. Maybe they are improving rule sets using some kind of AI but I honestly don't think such system would qualify as an AI. Other than that marketing gimmick, imunify is good.

    Thanked by 1hostdare
  • vovlervovler Member
    edited October 2017

    @jetchirag said:

    Though they have mentioned AI, I don't see any feature which would qualify for it

    I've watched all of the webinars, and when they say "powered by AI", they mean that they detect 0-day that are not public by crossing the data from multiple machines that have imunify360 installed.

    Let's say they are 10.000 wordpress installations protected by imunify360, if they happen to discover a weird request, that has compromised, lets say, 1.000 of those wordpresses, they will create a rule for modsecurity to block said request.

    Not sure if the new rule creation is manual or auto.

    Thanked by 1jetchirag
  • jetchiragjetchirag Member

    @vovler said:

    @jetchirag said:

    Though they have mentioned AI, I don't see any feature which would qualify for it

    I've watched all of the webinars, and when they say "powered by AI", they mean that they detect 0-day that are not public by crossing the data from multiple machines that have imunify360 installed.

    Let's say they are 10.000 wordpress installations protected by imunify360, if they happen to discover a weird request, that has compromised, lets say, 1.000 of those wordpresses, they will create a rule for modsecurity to block said request.

    Not sure if the new rule creation is manual or auto.

    I'm not sure if we can call it AI

  • Harsh223Harsh223 Member

    @jetchirag said:

    @sdglhm said:
    Meanwhile at the CF headquarters

    I've used Imunify360 for a while on one of my cPanel servers and it was really good. I'm not entirely sure about their "AI" claim though

    Though they have mentioned AI, I don't see any feature which would qualify for it

    +1, Its Just a marketing gimmick.. @volver I think the new rule creation is manual,,,

  • cyberpersonscyberpersons Member

    @jetchirag said:

    @sdglhm said:
    Meanwhile at the CF headquarters

    I've used Imunify360 for a while on one of my cPanel servers and it was really good. I'm not entirely sure about their "AI" claim though

    Though they have mentioned AI, I don't see any feature which would qualify for it

    It is possible they might be using text mining and machine learning.

    Thanked by 1jetchirag
  • jetchiragjetchirag Member

    @cyberpersons said:

    @jetchirag said:

    @sdglhm said:
    Meanwhile at the CF headquarters

    I've used Imunify360 for a while on one of my cPanel servers and it was really good. I'm not entirely sure about their "AI" claim though

    Though they have mentioned AI, I don't see any feature which would qualify for it

    It is possible they might be using text mining and machine learning.

    Could be :)

Sign In or Register to comment.