Knowledge Base/Security

Security & Imunify360

Lock down your hosting account against malware, brute-force attacks and exploits — using Imunify360 (included free on every ServerBD plan) and built-in cPanel/DirectAdmin tools.

01 What is Imunify360?

Imunify360 is a multi-layered security suite that protects shared and reseller hosting from malware, brute-force attacks, exploits and DDoS — all running silently at the server level.

  • Malware scanner — scans every file change in real time
  • Web Application Firewall (ModSecurity) — blocks known attack patterns
  • Brute-force defense — auto-blocks failed login attempts
  • Proactive defense — kills malicious PHP scripts as they execute
  • Reputation Management — alerts you if your site gets blacklisted
Tip Imunify360 is included free on every ServerBD shared and reseller hosting plan.

02 Opening the Imunify360 dashboard

Step 1Log in to cPanel.
Step 2Scroll to the Security section → click Imunify360.
Step 3You'll see the dashboard with tabs: Files, History, Ignore List.

03 Running a malware scan

Step 1Imunify360 → Files tab.
Step 2Click Start Scanning in the top right.
Step 3Wait — scan progress is shown live. Smaller accounts finish in 1-2 minutes.
Step 4Any infected files appear in the list with file path, threat name and severity.

04 Auto-cleanup of infected files

Step 1From the malicious files list, tick the files (or select all).
Step 2Click Cleanup. Imunify360 removes the malicious code while keeping the legitimate file content.
Step 3If cleanup fails, the file is moved to the quarantine — view it under History.
Warning Always update your CMS & plugins immediately after a malware infection — otherwise it'll re-infect within hours.

05 Reading the WAF / Firewall log

Imunify360's WAF blocks suspicious requests before they hit your site.

Step 1cPanel → Errors (Metrics section) shows ModSecurity 403 / 406 entries.
Step 2For full WAF events & rule IDs, contact our support team — server-level logs are visible in WHM.
Tip If a legitimate plugin is being blocked, send the rule ID to support and we'll add an exception.

06 Blocking / unblocking an IP

To block

Step 1cPanel → IP Blocker in the Security section.
Step 2Enter a single IP, range, CIDR (192.168.1.0/24) or country code.
Step 3Click Add.

To unblock yourself

Step 1If you got locked out by failed logins, ServerBD support can unblock you in 5 minutes — open a ticket from a different network or phone hotspot.

07 Enabling Two-Factor Authentication

Step 1cPanel → Two-Factor Authentication.
Step 2Click Set Up Two-Factor Authentication.
Step 3Scan the QR code with Google Authenticator or Authy.
Step 4Enter the 6-digit code and click Configure.
Warning Save your recovery codes — without them, lost phones mean lost access.

08 Password-protecting a directory

Add a HTTP basic-auth prompt before anyone can access a folder (e.g. staging, backup, admin).

Step 1cPanel → Directory Privacy.
Step 2Browse to the folder you want to lock (e.g. public_html/staging).
Step 3Tick Password protect this directory, set a label, click Save.
Step 4Below, add a username and password and click Save.