Monarx Security is a powerful tool that helps protect websites and web applications from malware and other online threats. It works by detecting and preventing a variety of attacks, such as web shells, adware, phishing, and other harmful programs. Monarx focuses on the behavior of the code on your website rather than just its appearance, which makes it better at detecting new, unknown threats that traditional security tools might miss.
If you’re an InMotion Hosting customer, you can monitor Monarx Security activity for free through cPanel, WHM, or Control Web Panel (CWP). Currently, Monarx Security is available for Shared Hosting and Managed VPS Hosting plans.
What Does Monarx Security Do?
Monarx is a next-generation web firewall (NGFW) that specializes in understanding how PHP code behaves. Unlike some other security tools that focus only on what code looks like or its signature (which hackers can change), Monarx looks at how the code actually works, making it more accurate and faster at detecting threats, including zero-day vulnerabilities (new threats that have never been seen before).
Monarx has four main parts:
- Protect – This part tracks web shell payloads and blocks them from running.
- Hunter – This module scans your website for existing threats like compromised files.
- Dashboard – A web-based console where you can view detection reports and activity.
- Agent – A server-side tool that runs Monarx’s modules and sends data to Monarx Cloud for further analysis.
How It Works:
- Monarx is installed on the hosting server.
- The Protect module blocks malicious files (like web shells) from running.
- The Hunter module scans your website for malware and web shells weekly.
- The Agent automatically downloads security rules related to your web apps (like WordPress or Joomla).
- Any file flagged as malicious by Monarx is sent to Monarx Cloud for deeper analysis.
- PHP-based web shells and backdoors are blocked from running, which prevents attacks like website defacement or data theft.
- Server admins can use the Monarx API to track security events and manage risks better.
What is a Web Shell?
A web shell is a type of malware that allows hackers to access your website remotely. It gives them the ability to control your website and do things like:
- Change your website’s content (website defacement).
- Launch attacks like DDoS (Distributed Denial of Service).
- Access sensitive areas of the website that should be restricted.
There are three main types of web shells:
- Bind shell – The victim’s system listens on a certain port for connections.
- Reverse shell – The victim’s system tries to connect to the hacker’s computer.
- Double reverse shell – A more complex reverse shell that uses separate ports for input and output.
The usual way hackers infect a system with a web shell is by exploiting a weakness in the website’s code to upload the malicious file. Once the web shell is installed, hackers can make changes to your website, upload files, or take control of your server.
Preventing web shell attacks is important because it stops hackers from using your site for harmful activities like spamming, mining cryptocurrency, or stealing sensitive data.
How to Access Monarx
Monarx doesn’t have a control panel in cPanel or WHM. Instead, it has a dashboard where you can see if Monarx is running and view any reports of malware or threats detected. You can check Monarx activity and review security alerts in this dashboard.
For more information on using Monarx Security’s “Detect” mode, see our article on how to access and understand the results of Monarx scans.
Monarx Security provides great protection for websites, especially against difficult-to-detect threats like web shells. By monitoring and analyzing website code behavior, it ensures that your website stays safe from harmful attacks, and you don’t need to do much extra work to keep it secure.