cpmalscan.com

What It Is

CPMalScan is an automated security product for cPanel/WHM and DirectAdmin servers, positioned as a host-level malware scanner with basic web protection. It covers capabilities such as Web Application Firewall, file upload scanning, file change monitoring, daily automated scans, on-demand scans, anti-phishing, SQL injection protection, malicious bot blocking, and brute-force defense. It is suitable for managed website servers and multi-account hosting environments.

Core Capabilities and Deployment

Based on the available content, CPMalScan’s main strength is that it packages common day-to-day server admin security risks into an integrated solution. Real-time uploaded file detection is useful for CMS platforms such as WordPress and Joomla; file monitoring can identify newly added or modified suspicious files; anti-phishing can detect and remove phishing pages; while WAF, SQL injection protection, and brute-force defense focus more on front-line blocking. Deployment appears lightweight: the trial only requires running a single installation command on the server, and it can be managed through WHM. DirectAdmin is also supported. However, the text does not disclose details about the detection engine, malware signature sources, quarantine/rollback process, alerting channels, or API integration capabilities.

Pricing and Suitable Scale

Its commercial model is licensed per server/IP, with a 30-day full-featured free trial that requires no registration or credit card. Personal costs $5/month and supports up to 10 accounts; Professional costs $10/month and supports up to 50 accounts; Business costs $20/month with unlimited accounts. All plans are said to include the full set of security features, automatic cleanup, and 24/7 support. Note that multiple servers require separate licenses; if the number of accounts exceeds the plan limit, the scanner will stop working within 24 hours.

Pros and Cons

The advantages are its low installation barrier, clear and relatively affordable pricing, and coverage of common hosting security issues such as malicious files, web attacks, brute-force attempts, and malicious bots. It also fits well into WHM-based management workflows. The downside is that the publicly available information does not provide enough evidence to establish strong trust in the vendor’s security credibility: there is no visible compliance certification, independent testing, sample database explanation, false-positive handling mechanism, or detailed alerting capability. The terms of service also state that the software is provided “as is,” with strong liability limitations.

Who It’s For and Access from China

It is better suited to individual site owners, small server administrators, WordPress/Joomla maintainers, and hosting resellers using cPanel/WHM or DirectAdmin. For large enterprise compliance environments, its logging, alerting, audit, and compliance capabilities should be further verified. Access from China and supported payment methods are not disclosed in the source text, so they should be considered unknown. Alternatives such as Imunify360 and maldet may be worth comparing.