Do you own and host a website? Although hosting your website has many advantages – you own the server, host what you want, don’t get ripped off by hosting service prices, and never have to worry about hosting. on a shared platform – this has repercussions.
Malware and viruses are major risk factors for websites and can easily infect servers and the web hosting control platform, cPanel, and go unnoticed. Self-hosting makes this particularly risky.
So how can you check your website for malware and viruses? How does malware infiltrate cPanel in the first place? And how can you scan your Web Host Manager (WHM) and cPanel account?
Is your website infected with malware?
Despite all the website protection tools available in the market, vicious malware can still slip through the cracks and infect websites. And in most cases, website administrators have no idea until the cPanel servers are already affected.
But luckily, there are certain signs that can predict if your website is potentially infected with malware. These include:
- Observe a change in your login information.
- Notice that your website freezes and crashes all the time.
- View modified or deleted website files.
- Spot a change in your search engine results.
- Experience a drop in the number of visitors to your site.
Sometimes major internet browsers may classify your website as unsafe and start showing a warning to your site visitors. This is a clear indication that your website is infected.
How does malware get into cPanel?
Are you at your wit’s end because your website is infected with malware? Wouldn’t it be nice to know how malware infects cPanel in the first place, in order to avoid this problem altogether?
Here are some ways malware can find its way into your cPanel and WHM.
A website with software bugs and coding errors is already vulnerable to security issues. Threat actors use these flaws to gain access to your website by escalating privileges, performing remote code executions, or injecting backdoors into your applications.
Most of these vulnerabilities can be fixed by updating the website software; with the exception of zero-day vulnerabilities as these have no known history of exploitation.
Supply chain compromise
Cybercriminals can infiltrate your website with malicious code by exploiting your trust in software vendors and plugin developers.
In fact, supply chain attacks are a favorite of many attackers because they allow them to bring down tens of thousands of websites by compromising popular plugins. This means that whenever website administrators update and install these compromised plugins, their sites also get automatically infected.
Common errors, such as forgetting to configure password authentication for your database server or overriding the root password, can occur when configuring your web servers.
Hackers are always waiting to take advantage of these errors, and incompatible configurations on your web server are one of the main factors behind malware attacks on websites.
SEO spam is a type of malware that stealthily inserts hidden links and advertisements on web pages. SEO injections are sneaky by design, and therefore difficult to identify. Since it takes a lot of time and effort to deploy SEO spam, most cybercriminals use the easiest method: exploiting outdated plugins and themes to carry out these attacks.
Credit card skimmers
Credit card skimming is a malicious practice that steals credit card numbers and other payment data entered into forms.
Most skimmers achieve this by reading details as users enter them on payment sites. Sometimes credit card skimmers are also used to replace payment forms with fake ones to capture these details.
What type of malware attacks cPanel servers?
Although there are many types of malware, the primary intent of any malware attack is to conduct malicious activity against a website or its visitors.
And cPanel servers are as prone to malware attacks as anything else on the internet. Although the signs of infection in cPanel are not immediately obvious, you should still know what types of malware usually attack cPanel and how.
Most cybercriminals use rootkits to attack a website’s cPanel. Rootkits are sets of malicious software whose sole purpose is to remotely take control of a server. Hackers use this method to gain unauthorized control of your cPanel server.
Cryptojacking is another common way criminals infect cPanel. This malware mines cryptocurrency by gaining access to computer resources of website visitors. Your website can be infected if you mistakenly click on a malicious link in an email which then loads cryptomining code directly onto your device.
Last, but not least, malicious redirects – deliberately transporting users to third parties that have malicious ads, unwanted programs or browser extensions – can also be responsible for cPanel attacks.
How to scan your WHM and cPanel account for viruses
Scanning your cPanel and WHM is an effective way to mitigate malware and viruses. Fortunately, there are plenty of robust options available to help you achieve this.
In fact, the most popular option, ImunifyAV, has been integrated into cPanel since the release of cPanel and WHM version 88. It’s a free scanner that you can install through your WHM’s Security Advisor interface.
Here are the steps to run the ImunifyAV scanner on your website.
To note: If your version of cPanel and WHM is earlier than 86, you can manually install ImunifyAV.
- Log in to WHM as root user.
- Navigate left and select ImunifyAV.
- Go to the Shares column then the Users tongue. Locate the button to start a scan (it will be a right arrow button).
- To select YES, SCANNER to scan user files.
- On the right side, select Scan all to scan the entire server.
If you are looking for enhanced protection and detection for your cPanel and WHM, also consider using Imunify360. This security solution is also supported by cPanel and comes with an advanced firewall, patch management, intrusion detection, malware, and proactive zero-day attack mitigation. You can also access Imunify360 through an intuitive WHM dashboard.
Keep scanning and protect your website
Malware and viruses are deceptive by design. They are difficult to discover unless you put extra effort into identifying the signs and using a robust malware scanner. And the longer your website remains infected, the more vulnerable it becomes. Not to mention that it also runs the risk of being blacklisted by Google and other top browsers.
Don’t put your website or business reputation on the line. Instead, continue to perform regular site-wide scans of your cPanel and WHM to keep malware and viruses away from your website.
Trying to make sure your website is free from malware and other security threats? Check out these best website malware scanners to find out quickly.
About the Author