Do you own and host a website? While hosting your website has many advantages—you get to own the server, host whatever you want, don't get ripped off by pricing on hosting services, and never have to worry about hosting on a shared platform—it does come with some repercussions.

Malware and viruses are the biggest risks factors for websites and can infect servers and the web hosting control platform, cPanel, easily and go under the radar. Self-hosting makes this especially risky.

So, how can you check if your website has malware and viruses? How does malware infiltrate cPanel in the first place? And how can you scan your Web Host Manager (WHM) and cPanel account?

Is Your Website Infected With Malware?

Despite all the website protection tools available on the market, vicious malware can still slip through the cracks and infect websites. And in most cases, website administrators are clueless until the cPanel servers are already affected.

But fortunately, there are certain signs that can predict if your website is potentially infected with malware. These include:

  • Observing a change in your login information.
  • Noticing your website freezing and crashing all the time.
  • Seeing modified or deleted website files.
  • Spotting a change in your search engine results.
  • Experiencing a drop in your site visitors.

Sometimes, major internet browsers might classify your website as unsafe and start displaying a warning to your site visitors. This is a clear indication that your website is infected.

How Does Malware Get Into cPanel?

Are you at your wits' end because your website is infected with malware? Wouldn’t it be nice to know how malware infects cPanel in the first place, so you can avoid this problem altogether?

Here are some ways by which malware can find its way inside your cPanel and WHM.

Software Bugs

A website with software bugs and coding errors is already vulnerable to security issues. Threat actors use these defects to get into your website by elevating privileges, performing remote code executions, or injecting backdoors into your applications.

system bug

Most of these vulnerabilities can be fixed by updating the website software; except for zero-day vulnerabilities as those don't have known histories of being exploited.

Supply Chain Compromises

Cybercriminals can infiltrate your website with malicious code by exploiting your trust in software vendors and plugin developers.

In fact, supply chain attacks are many attackers' favorites, as they allow them to bring down tens of thousands of websites by compromising popular plugins. This means that whenever website administrators update and install those compromised plugins, their sites get automatically infected as well.

Misconfigured Servers

Common mistakes like forgetting to set up password authentication for your database server, or replacing the root password, can happen when configuring your web servers.

Hackers are always waiting to take advantage of such mistakes, and mismatched configurations on your web server are one of the biggest factors behind malware attacks on websites.

SEO Spam

SEO spam is a type of malware that stealthily inserts hidden links and ads on web pages. SEO injections are sneaky by design, and therefore hard to identify. Since it takes a lot of time and effort to deploy SEO spam, most cybercriminals use the easier method: exploiting outdated plugins and themes to carry out these attacks.

Credit Card Skimmers

Credit card skimming is a malicious practice that steals credit card numbers and other payment data entered into forms.

Most skimmers achieve this by reading the details as users type them into the payment sites. Sometimes, credit card skimmers are also used to replace the payment forms with fake ones to grab these details.

What Type of Malware Attacks cPanel Servers?

While there are many types of malware, the main intention behind any malware attack is to carry out a malicious activity against a website or its visitors.

security sign with a lock

And cPanel servers are as prone to malware attacks as anything else on the internet. While the signs of infection in the cPanel may not be instantly obvious, you nonetheless need to know what types of malware typically attack cPanel, and how.

Most cybercriminals use rootkits to attack a website’s cPanel. Rootkits are malicious collections of software with the sole purpose to gain remote control of a server. Threat actors use this method to gain unauthorized control of your cPanel server.

Another common way by which criminals infect the cPanel is through cryptojacking. This malware mines cryptocurrency by accessing the computing resources of the website visitors. Your website can get infected if you mistakenly click on a malicious link in an email which then loads the cryptomining code directly onto your device.

Last but not the least, malicious redirects—purposely transporting users to third parties that have malicious advertisements, unwanted programs, or browser extensions—can also be responsible for attacks on the cPanel.

How to Scan Your WHM and cPanel Account for Viruses

Scanning your cPanel and WHM is an efficient way to mitigate malware and viruses. Fortunately, there are many robust options available to help you achieve this.

In fact, the most popular option, ImunifyAV, has been integrated into cPanel since the release of cPanel and WHM version 88. It is a free scanner that you can install through your WHM’s Security Advisor interface.

Imunify logo

Here are the steps you need to take to run the ImunifyAV scanner on your website.

Note: If your cPanel and WHM version is older than 86, you can manually install ImunifyAV.

  1. Log into WHM as a root user.
  2. Navigate to the left and select ImunifyAV.
  3. Go to the Actions column and then the Users tab. Locate the button to initiate a scan (it will be a right arrow button).
  4. Select YES, SCAN to scan the user’s files.
  5. On the right-hand side, select Scan all to scan the entire server.

If you are looking for enhanced protection and detection for your cPanel and WHM, also consider using Imunify360. This security solution is similarly supported by cPanel and comes with an advanced firewall, patch management, intrusion, malware detection, and proactive mitigation of zero-day attacks. You can also access Imunify360 via an intuitive dashboard from WHM.

Keep Scanning and Protect Your Website

Malware and viruses are deceptive by design. They are hard to discover, unless you make an extra effort to identify the signs and utilize a robust malware scanner. And the longer your website stays infected, the more vulnerable it becomes. Not to mention that it also runs the risk of getting blacklisted from Google and other top browsers.

Don’t put your website or business reputation at stake. Instead, keep performing regular site-wide scans of your cPanel and WHM to keep malware and viruses away from your website.