• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Resolved Plesk, what’s going on here? - Imunify auto installation

seqoi

Regular Pleskian
Server operating system version
AlmaLinux 9.5
Plesk version and microupdate number
Plesk Obsidian 18.0.68 Update #2
Imunify installed itself on my Plesk Obsidian (AlmaLinux) without my knowledge a day or two ago. I handle all updates manually — everything is set to manual only, and I apply updates myself.

I already have my own solutions in place, including firewalls. Why are you pushing extensions I didn’t ask for and installing applications that overlap with existing setups?

I want a clear explanation of how and why Imunify was installed without my consent.


Can someone comment on this? What is the most effective way to get rid of this and to ensure this does not happen in the future?

I repeat, this installed by itself at the running and setup operational server - only I have access to this instance - why would you do that?
 

Attachments

  • imunify.jpg
    imunify.jpg
    37.2 KB · Views: 18
Hello, @seqoi . First and foremost, I would like to sincerely apologize for any confusion or inconvenience caused by the recent installation of Imunify. I understand that this may have led to compatibility issues with the security solutions you already have in place.

I will prove a little bit of back story, so I can explain the whole situation. Some time ago, CloudLinux made the decision to deprecate the old ImunifyAV extension and replace it with a newer version. The automatic replacement process was scheduled and executed by our team yesterday. While the update was intended to affect only users of the original ImunifyAV extension, an unexpected issue arose during the process, which inadvertently impacted users who did not have the old extension installed. The whole situation was proactively addressed by our team and the the extension can be safely removed. We appreciate your understanding on the matter.
 
Last edited:
Hello! Yesterday, the Imunify 360 was automatically installed on our server with Ubuntu 22.04.5 LTS / Plesk Obsidian 18.0.70 Update #2. Was't this bug fixed?
 
Hello! Yesterday, the Imunify 360 was automatically installed on our server with Ubuntu 22.04.5 LTS / Plesk Obsidian 18.0.70 Update #2. Was't this bug fixed?
I don't think it's a bug in its nature. She said they addressed it in a way that you can uninstall. That's what I did, and it's no problem. Yes, it is annoying and shouldn't happen, but luckily it's a 5-minute task. Good luck.
 
I don't think it's a bug in its nature. She said they addressed it in a way that you can uninstall. That's what I did, and it's no problem. Yes, it is annoying and shouldn't happen, but luckily it's a 5-minute task. Good luck.
Of course, but it's not normal that you don't ask for it, third-party extensions are installed without your permission! The other thing is that the UNIX system user still remains in the system (_imunify). A careful system administrator doesn't like that...
 
Of course, but it's not normal that you don't ask for it, third-party extensions are installed without your permission! The other thing is that the UNIX system user still remains in the system (_imunify). A careful system administrator doesn't like that...
I understand you and your concerns since I have the same. From the communication of Plesk staff personnel, I understood it was an unintentional omission rather than intended behavior. You'll simply need to accept it and move on with your server.
 
Is there any way to block this extension from panel.ini?

It installs itself, automatically, even after uninstalling.

And as is typical in PLESK practices, without any permission :mad:
 
Is there any way to block this extension from panel.ini?

It installs itself, automatically, even after uninstalling.

And as is typical in PLESK practices, without any permission :mad:
This morning, it was installed automatically on another server... This can't stay like this! What are they thinking at Plesk? By what right do they install optional third-party software without prior consent?
 
Our team informed me that the rollout of the Imunify extension hasn't officially finished yet. In other words, you are both affected by the issue I explained above. Please note that the extension wasn't intentionally installed on your servers and Plesk is not trying to force the Imunify extension by any mean. Nevertheless, the severity of the case is acknowledged. We understand the negative impact from this installation and we are extremely sorry for the entire situation. You can disable Imunify by adding the following directive to the panel.ini file:

[extensions]
blacklist = imunify360

or completely disable automatic extension installations with:

[ext-catalog]
extensionAutoInstall = false
 
Our team informed me that the rollout of the Imunify extension hasn't officially finished yet. In other words, you are both affected by the issue I explained above. Please note that the extension wasn't intentionally installed on your servers and Plesk is not trying to force the Imunify extension by any mean. Nevertheless, the severity of the case is acknowledged. We understand the negative impact from this installation and we are extremely sorry for the entire situation. You can disable Imunify by adding the following directive to the panel.ini file:



or completely disable automatic extension installations with:
@Sebahat.hadzhi

Problem here is that Plesk addresses one problem, being the "unwanted" installation of Imunify.

Nevertheless, this "issue" (or bug) has been present for a longer time period - removing Imunify extensions has (always) been a (tiny) bit problematic.

In addition, Imunify extensions do not really add value, certainly not taking into account the price of the extensions.

At this moment, adding Imunify will make things worse in the sense that security will not be enhanced (read: the opposite is more likely) and also in the sense that code related / installation related / uninstallation related issues are encountered or to be expected.

In my humble opinion, the main problem that should be addressed by Plesk is how Imunify interferes with (read: obstructs / hinders) other extensions, like for instance the Plesk firewall extension, and/or how Imunify reduces security whilst still introducting all kinds of issues.

As a final note, Plesk can give the advice to blacklist Imunify in panel.ini, but that is also a root cause of a FUTURE problem : deactivating and/or removing Imunify will require additional steps (like removing files and REconfiguring Plesk firewall properly) - most people are not aware of this!

If you would ask me, then Plesk team should abandon Imunify (and not embrace it!) and improve simple extensions like Plesk Firewall extensions.

Just sharing a thought on this matter.

Kind regards....
 
Back
Top