cPFence Free Antivirus Now Available for Enhance Users: Page 6 - Enhance Control Panel

cPFence Free Antivirus Now Available for Enhance Users

btraill

It makes perfect sense. Have you ever simulated malicious traffic to your site? Compare the baseline of your servers resources before and during. I think you'd be surprised.

wav3front

okay then. that's good

tomtr202

You should edit your 1st post and remove the lines

No User/Account Limits: Protect as many accounts as you need—there are no restrictions on the number of users or accounts you can secure with cPFence Free.

cPFence

tomtr202 You should edit your 1st post and remove the lines

No User/Account Limits: Protect as many accounts as you need—there are no restrictions on the number of users or accounts you can secure with cPFence Free.

Thanks for the heads-up. Unfortunately, the edit option for my post has already expired, so I can’t make the changes myself.

@Aliysa_Enhance , could you please update the original post with the following information?

    Max 5 websites per Enhance cluster
    Only One License Per User Allowed
    License for main control panel IP only

Thanks a lot in advance.

Jordan

PDudeP

This is great, Cloudflare can do the same if you configure it properly. But it's good to see that there is an alternative when Cloudflare isn't available.

cPFence

Jordan

Cloudflare is indeed a fantastic solution, especially at the individual website level. However, solutions like cPFence (and similar server-level products) offer more robust protection. They operate directly at the server level, making them especially effective against IP probes that bypass Cloudflare by targeting the server's IP directly.

In addition to IP probes, cPFence’s IPDB can also defend against port scanning and server-level DDoS attacks. This added layer of security helps prevent various threats that might otherwise go unnoticed by Cloudflare or similar website-level solutions.

Jordan

cPFence Cloudflare is indeed a fantastic solution, especially at the individual website level. However, solutions like cPFence (and similar server-level products) offer more robust protection. They operate directly at the server level, making them especially effective against IP probes that bypass Cloudflare by targeting the server's IP directly.

True, but you can also block all traffic except for Cloudflare IPs on port 80/443 with a firewall or web server configuration. This should actually be an option within Enhance, I created a feature request for it.

https://community.enhance.com/d/2085-site-level-option-block-all-ips-except-for-cloudflare-ip-ranges

cPFence In addition to IP probes, cPFence’s IPDB can also defend against port scanning and server-level DDoS attacks. This added layer of security helps prevent various threats that might otherwise go unnoticed by Cloudflare or similar website-level solutions.

I think you should be able to rephrase this statement. As I understand it, the cPFence's IPDB is just a database of IP addresses that are known bad actors. The feature doesn't defend against port scanning and DDoS attacks if the attacking IP is not in the IPDB, correct?

cPFence If cPFence is installed and no initial smart or full scan is conducted, it won’t be aware of pre-existing infected files, as it only monitors newly added, changed, or modified files. That’s why we strongly recommend running an initial scan to catch any potential threats.

Thanks, so you're effectively scanning on-demand files only when newly added, modified and changed. Good to know.

Jordan

cPFence

cPFence cPFence scans all changed, modified, and newly added files periodically. However, we recommend performing a full or smart scan when you first install the software.

Can you elaborate on what is an intelligent scan or point to documentation?

Are your scans throttled as to not use too many resources?

Are you planning to support real-time modified and newly added file scanning? I'm asking because full scans or smart scans are going to take up resources. However, with an initial full scan and then on-demand scans based on modified or newly added files, you don't have to run a full or smart scan unless there was a reboot.

cPFence . You also need to constantly gather malware hash databases available online, create new ones for common malware used by attackers, and learn how to fine-tune YARA rules, all while keeping false positives to a minimum and ensuring compatibility with shared hosting environments.

It would be great if you provided a changelog for your database hash updates; most vendors provide this. Otherwise, we have no idea how often updates occur.

cPFence Feel free to take the free trial for a spin, and you can also check our FAQ for information about other cPFence modules and how they work.

Thanks, but installing it and taking it for a spin doesn't really provide me with anything other than I've installed cPFence. It would be good to see some sort of metrics, like how many files were scanned, database updates and etc.

cPFence

Jordan

The smart scan in cPFence targets only commonly infected file types, making it quicker and less resource-intensive. On the other hand, the full scan thoroughly examines all files on the server.

If cPFence is installed and no initial smart or full scan is conducted, it won’t be aware of pre-existing infected files, as it only monitors newly added, changed, or modified files. That’s why we strongly recommend running an initial scan to catch any potential threats already present.

To address resource usage, yes, the scan is throttled by our cPFence Owl module, which ensures that system resources are efficiently managed to prevent excessive strain during scans.

Regarding the database hash updates, since cPFence utilizes the ClamAV scanner, it continuously updates its virus database. You can see the number of known viruses reported by the system, which changes hourly. This is because our database is regularly updated with new hashed signatures from reputable malware databases, along with new signatures from malware scripts we discover or receive through submissions at https://submit.cpfence.app/.

Additionally, we also update YARA rules and generic rules, although these updates happen much less frequently than virus signature updates.

So, you can simply run a test scan now and you will see results similar to this:

----------- SCAN SUMMARY ----------- Known viruses: 9570684 Engine version: 1.0.7 Scanned directories: 1 Scanned files: 1 Infected files: 0 Data scanned: 0.73 MB Data read: 0.35 MB (ratio 2.08:1) Time: 36.916 sec (0 m 36 s) Start Date: 2024:10:23 22:29:36 End Date: 2024:10:23 22:30:13

Wait one hour and run the scan again, and you’ll likely see something like this:

----------- SCAN SUMMARY ----------- Known viruses: 9571834 Engine version: 1.0.7 Scanned directories: 1 Scanned files: 1 Infected files: 0 Data scanned: 0.73 MB Data read: 0.35 MB (ratio 2.08:1) Time: 36.057 sec (0 m 36 s)

You can observe the number of known viruses changing every single hour. Sometimes it goes up, and sometimes it goes down when we optimize more generic rules or remove outdated absolute signatures. This helps us strike the perfect balance between keeping the database small and effective, it's the sweet spot we are always aiming for.

wav3front

is it not possible to configure custom smtp for alerts?

cPFence

wav3front is it not possible to configure custom smtp for alerts?

Yes , you can run the command ;

cpfence --enable-cpfence-smtp

This allows you to receive notifications via your SMTP server. More info can be found on our documentation here. Thanks.

wav3front

cPFence no, I mean to actually set up custom smtp details.
I still haven't solved the delivery issue. I use MailBaby and it identifies these notifications emails as spam.

cPFence

wav3front

Yes, this command will allow you to use your custom SMTP details, whether it's Gmail or another provider. This should bypass MailBaby. Give it a try and drop us a ticket if you need any help.

i3_

cPFence
Hello,

You state in your post that
"No User/Account Limits: Protect as many accounts as you need—there are no restrictions on the number of users or accounts you can protect with cPFence Free."

However, on your website it says that only 5 sites are allowed?

cPFence

i3_

Hi there,

Yes, this was changed, as announced here:
https://my.cpfence.app/announcements/8/Update-on-cPFence-Free-Antivirus-License-Policy.html

It has also been discussed earlier in this thread. Unfortunately, I can no longer edit the original post, and I’ve asked the mods for help, but it hasn't been updated yet.

cPFence

Jordan I think you should be able to rephrase this statement. As I understand it, the cPFence's IPDB is just a database of IP addresses that are known bad actors. The feature doesn't defend against port scanning and DDoS attacks if the attacking IP is not in the IPDB, correct?

No, in addition to the IPs in IPDB, cPFence’s DDoS protection module instantly blocks any IP with more than 100 concurrent connections to the server. It’s designed to block aggressive IPs that repeatedly attempt attacks. Initially, the block is temporary, but if the same IP triggers multiple attacks, it becomes a permanent block, and our IPDB is updated accordingly so all servers protected by cPFence receive the latest protection. Additionally, the Owl module monitors logs for abusive IPs and blocks them in real-time, further enhancing protection against attacks.

« Previous Page