Skip to main content
All CollectionsAdministering Server and WebsiteSecuring Your Server and Application
A Brief Guide to Server Security Management
A Brief Guide to Server Security Management
A
Written by Anas Moiz
Updated over 3 months ago

Table of Contents

Important: Security Management is only available on Cloudways New Interface and limited to Cloudways Flexible Product only.

Overview

At Cloudways, we are committed to providing our clients with the best-in-class hosting services. To elevate our security measures, we have partnered with Imunify360, an industry-leading security solution designed to protect your websites and servers from malware, cyber-attacks, and other vulnerabilities.

Imunify360 offers comprehensive protection by safeguarding your hosting environment with advanced machine learning, multi-layered security defenses, and automated tools. This article will introduce Imunify360, its features, and how it benefits your hosting account.

What is Imunify360?

Imunify360 is an all-in-one, automated security solution specifically designed for web hosting environments. It provides proactive defense mechanisms and real-time protection against a variety of security threats, including malware, Distributed Denial of Service (DDoS) attacks, brute-force attacks, and more. Imunify360 seamlessly integrates with popular hosting control panels like cPanel, Plesk, and DirectAdmin, ensuring your website and server are always secure.

Key Features of Imunify360

  1. Advanced Firewall
    The Imunify360 firewall offers advanced defense against all types of cyber threats, including brute-force attacks, port scans, and denial-of-service (DoS) attacks. It uses a sophisticated cloud-based system to analyze traffic and block suspicious connections to the server.

  2. Web Application Firewall (WAF)
    The integrated WAF filters HTTP traffic between your web applications and the Internet, preventing common web-based attacks like SQL injections and cross-site scripting (XSS). It also features rule sets tailored for popular CMS platforms such as WordPress, Joomla, and Drupal.

  3. Brute Force Protection
    Imunify360 offers robust protection against brute-force login attempts by monitoring login activity across services like SSH, FTP, and control panels. It blocks suspicious attempts, preventing unauthorized access to your hosting account.

  4. Weak Password Protection:
    Imunify360 works by analyzing login attempts to WordPress sites and checking the passwords used against a database of known weak passwords. If a login attempt is made with a weak password, the user is redirected to a password reset page instead of being allowed to log in.

  5. Reputation Management (coming soon):
    Imunify360 helps monitor your website’s domain reputation. If your website’s reputation is compromised or blacklisted, Imunify360 provides you with alerts and steps to restore its good standing.

  6. Email Spam Protection (coming soon)
    Imunify360 protects servers from outgoing spam and prevents unauthorized email sending that could lead to blacklisting. It scans all outgoing emails for potential spam, quarantines suspicious messages, and allows administrators to manage the release or deletion of those emails.

All key features of imunify360 (except the Malware Protection Add-on) are enabled by default across all Cloudways plans at no additional cost.

Deep Dive into Security Management Sections.

It’s time to understand all the metrics and analytics within the dashboard. The security management provides brief insight and will keep activity reports/graphs for the last 30 days only. Any older statistical and informational data will not be maintained.

In this step-by-step tutorial, you will learn how to navigate through Security Management.

Step #1 — Navigate to Your Server

Log in to your Cloudways Platform using your credentials.

  1. From the top menu bar, open Servers.

  2. Next, choose the server you want to manage.

Step #2 —Navigate to the Security tab

Once you are in your Server management section,

Click on the Security option from the left mega menu bar. The mega menu consist of four sections.

Overview

This section provides an overview of events recorded during the selected time interval, an estimate of the intensity of attacks, and a correlation of events across your server.

Incident

This section allows you to view the details of incidents across your entire server. An incident on the server qualifies as suspicious activity and is blocked by the security system. The section allows you to whitelist or blacklist IPs on your server quickly.

To update the status of an individual IP address

  1. Click on the three dots

  2. Select whether you want to whitelist or blacklist the IP address.

  3. Confirm the action to perform.

To update the status of multiple IP addresses in a group

  1. Select the checkboxes of the IPs you wish to update

  2. Click on actions

  3. Select whether you want to whitelist or blacklist the IP address.

  4. Confirm the action to perform.

Firewall

The section provides capabilities for viewing and managing custom rules. This includes whitelisting or blacklisting IP addresses and/or IP subnets, as well as the ability to blacklist countries.

Add Custom Rules

Custom Rules are of two categories:

  1. IP Management

  2. Country Management

IP Management

To add IP addresses and/or IP subnets to the whitelist or blacklist, follow these steps:

  1. Click on "Add custom rules."

  2. Select the IP Address tab.

  3. Enter your IP address (192.168.x.x) or IP range (192.168.x.x/24) in CIDR format.

  4. Enter the Time To Live (TTL) value (the field is optional). Leave it empty to whitelist/blacklist the IP Address permanently.

  5. Add a comment (the field is also optional)

Country Management

To add a country to the blacklist, follow these steps:

  1. Click on "Add custom rules."

  2. Select the country to block from dropdown

  3. Add a comment (the field is optional)

Note: Bulk country blocking is not currently available. You will have to block multiple countries one by one.

Warning: Blocking a country will prevent incoming and outgoing connections from that region to your server and vice versa. Ensure that your application does not connect with any service in the region. If your application connects with any service in the region, whitelist the service's IP address.

Delete Custom Rules

To delete an existing custom rules from the list:

  1. Click on the three dots

  2. Select "DELETE"

  3. Confirm the action to perform.

To delete custom rules in the bulk

  1. Select the checkboxes of the rules you wish to delete

  2. Click on actions

  3. Select DELETE

  4. Confirm the action to perform.

Shell Access

This section allows you to manage access and whitelist your IP and/or IP subnets for SSH/SFTP and MySQL remote connections. Please refer to their dedicated Knowledge Base articles for detailed assistance.

  1. Manage SSH/SFTP IP connections

  2. Manage MySQL Remote Connection

FAQs

1. Is the Imunify360 fully compatible with applications behind a CDN?

Imunify360 is fully compatible with the following CDN providers:

BunnyCDN

Cloudflare

CloudFront CDN

Dartspeed.com

Ezoic*

Fastly

GoCache CDN

Google CDN

KeyCDN

MaxCDN

NuCDN

Opera

QUANTIL

QUIC.cloud CDN

StackPath CDN

Sucuri WAF

* To ensure compatibility with Ezoic, make sure to follow the necessary guidelines as shared here

2. How Imunify360 protects customers from compromised password?

If a user enters a password leaked in the database, Imunify360 will detect it during the login attempt and redirect the user to the following screen.

3. What is the difference between the server's incident tab and the application's incident tab?

The application incident tab only shows the attacks blocked on that specific app's HTTP layer (ports 80 and 443). On the other hand, the server incident tab not only displays the incidents of attacks occurring across all application HTTP layers, but also shows attacks happening on SSH/SFTP and different ports.

4. Why does the Application Incident tab only allow whitelisting or blacklisting a single IP, while the Server Incident tab offers the option to do so in bulk?

Imunify360 manages IPs at the server level, not the application level. When an IP is blacklisted in one application, it affects the entire server.

The Application Incident tab restricts whitelisting or blacklisting to individual IPs because account owners sometimes grant limited access to team members. Allowing bulk actions at the application level could result in unintended issues if misused.

5. What services are whitelisted by default in Imunify360?

By default, Imunify360 has already whitelisted major service providers The whitelisted services are mentioned here.

6. Does Firewall IP blocking Support CIDR ranges?

Yes, the firewall supports CIDR range blacklisting/whitelisting.

7. Does the firewall have the capability to blacklist/whitelist an IP address for a short period?

Yes, the firewall can set a blacklist/whitelist for an IP address for a short period. If Time To Live (TTL) is defined, then IP is whitelisted/blacklisted for a limited time as input under TTL; otherwise, it’s blacklisted/whitelisted permanently.

P.S: The TTL range is between 1 and 576 hours, i.e., 1 to 24 days.

If you have any questions or need help, please get in touch with our support team. We are here to help you make the most of the security features and ensure your hosting experience is as safe as possible.

If you have any feature requests, please feel free to post a feature request at https://feedback.cloudways.com

Related Articles
How to Manage IP Access for SSH and SFTP Connections
How to Setup Sucuri Website Security Firewall on Cloudways
How to Whitelist IP Addresses for Remote MySQL Connections
Protect Your WordPress Site Using Bot Protection
How to Integrate Cloudflare With Your Application
Did this answer your question?