Monarx Security offers continuous, proactive fortification against numerous attack vectors to which open-source CMS websites are vulnerable and represents a unique variant of the next-generation web firewall (NGFW).
Monarx's scanning engine emphasizes PHP code behavior rather than appearance or signature, which are prone to obfuscation, such as in polymorphic viruses. This approach reduces false positives, minimizes disruptions to clean websites, and expedites the detection of zero-day vulnerabilities.
The following article provides an in-depth exploration of the methodologies and principles utilized by Monarx to ensure robust web server security.
Related Articles
SSH into Shared Server
Accessing the Monarx Dashboard
Report False Positive Detection to Monarx
Main Components
IMPORTANT: On VPS or dedicated hosting, Monarx is only available on cPanel-based servers running AlmaLinux.
-
Protect
- Exploit detection and web shell prevention module that tracks web shell payload deposits and blocks their execution
-
Hunter
- Malware scanning module that discovers existing compromises, including standalone web shells and compromised source binaries
-
Agent
- A server-side agent that is responsible for running Monarx modules and for communicating, configuring, and sending detection information to the Monarx Cloud
-
Dashboard
- A cloud-hosted web-based console for viewing detection information, configuring settings, and generating reports
Processes Explained
NOTE: Monarx, a software-as-a-service (SaaS) solution, executes numerous tasks that deviate from the norm of web application firewalls (WAF). Monarx's operations can be monitored in cPanel and do not necessitate any specific configuration.
- Monarx Security includes two modules
- The Protect module monitors and impedes web shell payload executions
- The Hunter module performs weekly comprehensive and real-time scans for compromised source binaries and web shells
- Monarx agent fetches security regulations pertinent to web applications and Content Management Systems (CMS)
- Files identified as malicious by Monarx are automatically treated according to these security rules and forwarded to Monarx Cloud for advanced analysis, thereby optimizing server resources
- PHP-based web shells or backdoors are prevented from execution through a method termed post-exploit payload prevention
- For enhanced Security Information and Event Management (SIEM), system administrators can leverage the Monarx API, improving the detection of code injection and similar attacks across all shared hosting accounts
Monarx Protects Against
NOTE: Monarx captures additional information related to any malware detected, including SHA-256 or higher checksums, IP address and country of origin, and affected web applications.
-
Uploaders
- Unauthorized access to your server via uploaders
-
Web Shells
- Deployment of web shells facilitating Advanced Persistent Threats (APTs)
-
Phishing
- Introduction of phishing and cybersquatting sites onto your server
-
Mailer
- Use of mailer applications to counterfeit your email accounts
-
Adware
- Incorporation of adware scripts into your site
-
Other
- Additional malware potentially harmful to visitors of the site(s)
Monarx Dashboard (cPanel/WHM Plugin)
NOTE: There is no control interface in WHM or cPanel, but when present on the server, the Monarx Dashboard will be present. Additionally, the Dashboard displayed in both cPanel and WHM are identical.
TIP: The Help section provides supplementary details on the Monarx Dashboard and general malware information.
- If nothing malicious has been identified, the Dashboard will appear as
- If malicious files have been found, the Dashboard will appear as
- The Details section of the Dashboard will display
- Malicious files that have been identified
- Discovery date and time
- Malware type
- Status of the remediation (quarantined, execution-blocked, malware-cleaned, or logged for further action)
- The absolute file path
Comments
0 comments
Article is closed for comments.