Prevent user from uploading malicious script to cpanel
To prevent user from uploading malicious script to cpanel, we need to scan the uploaded script from 2 most common ways the user upload the script. From cpanel upload interface. From ftp client. First we need to install clamdscan and maldet, after that we need to configure modsec on whm and use pure-uploadscript binary to call clamdscan or maldet to scan the uploaded file. Here are the steps: Create additional modsec config : nano /etc/apache2/conf.d/modsec/modsec2.user.conf SecRequestBodyAccess On SecTmpSaveUploadedFiles On SecRule FILES_TMPNAMES "@inspectFile /usr/local/maldetect/hookscan.sh" \ "id:'999999',log,auditlog,deny,severity:2,phase:2,t:none" Then restart apache.