Fede Marsell
Basic Pleskian
- Server operating system version
- AlmaLinux release 8.10
- Plesk version and microupdate number
- 18.0.69
As many PLESK users have seen, a few days ago, the Imunify extension was installed automatically.
This installation was carried out without your consent.
This fact, in itself, is quite serious.
The reason for this post is that it is possible that much of your data has been transferred by this extension from your server to Imunify servers.
If you have seen that Imunify has been automatically installed on your server without your consent, it is urgent that you access your server via SSH and check if your files have been sent to external servers. Simply run the command:
grep Uploaded /var/log/imunify360/console.log
If you see logs like this, it means those files have been transferred to an external server:
INFO [2025-06-26 08:22:28,209] imav.malwarelib.utils.malware_response: Uploaded file '/var/www/vhosts/domain.com/httpdocs/file.php' to the Malware Response Service with reason: extended-suspicious
This issue is being addressed in another POST, but it seems PLESK is unaware of the seriousness of the situation (Resolved - Plesk, what’s going on here? - Imunify auto installation).
If you are a PLESK user and have detected that this extension has been installed without permission, check the logs to see if your files may have been transferred to external servers.
This is very serious.
This installation was carried out without your consent.
This fact, in itself, is quite serious.
The reason for this post is that it is possible that much of your data has been transferred by this extension from your server to Imunify servers.
If you have seen that Imunify has been automatically installed on your server without your consent, it is urgent that you access your server via SSH and check if your files have been sent to external servers. Simply run the command:
grep Uploaded /var/log/imunify360/console.log
If you see logs like this, it means those files have been transferred to an external server:
INFO [2025-06-26 08:22:28,209] imav.malwarelib.utils.malware_response: Uploaded file '/var/www/vhosts/domain.com/httpdocs/file.php' to the Malware Response Service with reason: extended-suspicious
This issue is being addressed in another POST, but it seems PLESK is unaware of the seriousness of the situation (Resolved - Plesk, what’s going on here? - Imunify auto installation).
If you are a PLESK user and have detected that this extension has been installed without permission, check the logs to see if your files may have been transferred to external servers.
This is very serious.