Jordan
cPFence scans all changed, modified, and newly added files periodically. However, we recommend performing a full or smart scan when you first install the software.
Our malware database primarily relies on hash signatures, which are updated hourly with the latest malware hashes active online. In addition, we use generic signatures to detect common PHP infections and malicious code. These are updated less frequently, based on new threats, techniques, or any false positive reports we receive.
We’ve been using this database for 3 years on many busy servers, mostly hosting WordPress sites, and the detection rate has been very high. We've also conducted extensive tests to whitelist known false positives, ensuring smooth operation for our clients.
Jordan Sorry if these are straightforward technical questions, but they're important to understand if you're simply doing what other companies are doing or actually doing something unique.
Our goal is to keep things simple yet powerful, nothing fancy or complicated. While any talented server admin with strong PHP/bash expertise could replicate many cPFence features, maintaining and updating them regularly requires significant time and effort. You also need to constantly gather malware hash databases available online, create new ones for common malware used by attackers, and learn how to fine-tune YARA rules, all while keeping false positives to a minimum and ensuring compatibility with shared hosting environments. Even if you, like us, manage to automate much of this, it still demands continuous effort and diligence to catch attacks your database missed.
We offer cPFence as a cost-effective solution to handle that heavy lifting for you, allowing you to focus more on growing your business. Feel free to take the free trial for a spin, and you can also check our FAQ for information about other cPFence modules and how they work.
