The web is awash with malware, and, as anyone who administers websites knows, web servers are a prime target. Malware criminals absolutely love web hosting servers because they have exploitable network resources, they attract lots of visitors, and they are a rich source of data for identity theft and credit card fraud.

Servers are also targets because they host software managed by non-technical publishers and retailers that don’t prioritize security.

Ignoring software updates or dealing with inferior software comes with a price. For example, earlier this year bad actors targeted almost a million WordPress sites through software vulnerabilities which had already been fixed by developers, but users were slow to update and hackers got in.  

What’s more incredible is that malware campaigns on that large of a scale are common, and servers often come under attack within minutes of going online. 

Does Your cPanel Server Need a Virus Scanner?

Malware developers are tricky as they want to infiltrate your servers and they don’t want you to know about it. They go to great lengths to make sure their code stays hidden because the longer it takes for you to find it, the longer they can take advantage of your servers and visitors. 

Without a virus scanner to monitor files for malicious code, you won’t notice it’s there until your site gets blocked or marked as unsafe.

But how does malware get onto cPanel servers in the first place? 

Software Vulnerabilities

Software can have bugs that cause security vulnerabilities that attackers use to give themselves root privileges, execute code remotely, or to inject backdoors into web applications. Often the vulnerabilities could be fixed if the software was updated, but it may also have zero-day vulnerabilities that have yet to be found and fixed by developers.  Many attacks exploit these vulnerabilities caused by coding errors, including cross-site scripting attacks and SQL injection attacks. 

Supply Chain Attacks

Attackers love upstream software developers and their file servers. If they can compromise the server of a popular WordPress plugin, tens of thousands of sites will be infected when users update or install the plugin. Look at the recent Magecart supply chain attacks, which were solely responsible for the theft of hundreds of thousands of credit card numbers. 


Attacks often succeed because site owners or server administrators misconfigure software. Your server might host a MongoDB database exposed to the open internet without password authentication. Or maybe the server’s root password is “123456” or it hosts a site whose admin thinks “password1” will outsmart a dictionary attack. Web hosting servers are complex, with many layers of software, so it’s all too easy to make a mistake that opens the door to an attacker and their malware.

What Types of Malware Are a Risk On cPanel Servers?

Malware comes in many shapes and sizes and each one has a specific purpose and behavior. Here are the most common ones:

  • Rootkits give attackers remote control of your server, often replacing standard software with hacked versions.
  • Spambots use the server’s resources to send emails, social media, and forum spam. Spambots are often used in phishing campaigns or to send links that direct the user to sites that infect their computers with ransomware.
  • Cryptojacking malware uses the resources of site visitors’ machines to mine cryptocurrency.
  • Malicious redirects send visitors to a third-party website to either generate advertising impressions or to compromise their computers.
  • Credit card skimmers and form jacking malware steal card numbers and other payment data entered into forms.
  • SEO spam malware injects hidden links and ads onto website pages.
  • DDoS malware turns your server into a node in a Distributed Denial of Service botnet.

The Best Virus and Malware Scanning Tools for cPanel

So what can you do to kick all these uninvited guests off your servers? 

Two words: Malware scanner.

A malware scanner identifies and removes malicious code before it harms your business or clients.

Since the release of cPanel & WHM Version 88, ImunifyAV has been integrated into cPanel and WHM and can be installed via WHM’s Security Center in the Security Advisor interface. ImunifyAV is a free scanner that analyzes the files on your server and notifies you of any malware it discovers. If you are using a version of cPanel & WHM older than version 86, you can manually install ImunifyAV.

Once you know about harmful files, you can remove them via the cPanel File Manager, but if you would prefer to remove malware in a simple one-click interface, consider upgrading to ImunifyAV+, which makes it easy to clean a wide variety of content management systems and eCommerce stores. 

cPanel also supports Imunify360, a complete server security solution that includes an advanced firewall, intrusion and malware detection, patch management, and proactive defense against zero-day attacks—all managed from an intuitive dashboard within WHM.A malware scanner is essential for your cPanel server, but you should also take steps to prevent malware from getting onto your server in the first place. The most common infection vectors are out-of-date or misconfigured content management systems and eCommerce stores. To learn more about protecting your content management systems, check out our recent comprehensive guide Keeping Your CMS Safe and Secure.

If you have any further questions about removing malware from cPanel servers or wish to discuss anything cPanel related, please join us on our official Discord channel, our official cPanel subreddit, or our Support Forum.