5. How to use Realtime File Upload Scanner (cPanel)


The Home page enables to configure the plugin.

Modes available :

* Watcher Mode: This home directory or the document root of all user accounts are monitored for any changes.

Watcher mode options:

Entire Home Directory: This scans for the entire home directory.

public_html : This scans for the public_html folder.

* Filter Mode:

In this mode files uploaded through HTTP and FTP are monitored to detect and remove any malicious files. HTTP filtering uses mod_security and hence mod_security must be installed in the server for this mode to work.

Filter Mode Options:

Select the FTP server used, ie either PureFTPd or ProFTPD. Uncheck HTTP/FTP filter to disable it.

Read more about watcher mode and filter mode from the link below:



There are options to perform scan in two methods:

* Scan All cPanel Accounts: This will scan all cPanel account. Click on the button and you will get the status “ClamAV Scanning has started”.

To view the scan status,  click on “Click Status” . You will get options to Stop Current Scanning and list Infected List.It will run the command:

* Scan selected cPanel accounts: By this option, you can scan the selected cPanel accounts.

* Scanning Status: Click on the option to see the scanning status.

* Infected List : Click on the option to list the infected list after scanning.

RTFUS HTTP File Upload Log Page:

All the files uploaded via HTTP is logged in this tab. There are 6 columns in this page which displays the following :

• Date
• Uploaded IP
• Uploader Script
• Uploaded File
• Location
• Comment

Read more about HTTP File Upload Log from the link below:


RTFUS FTP File Upload Log Page:

The FTP upload list consist of :

Date: This is the date of upload of the file.

Uploaded IP:  The IP address of the machine from which the file was uploaded.

Username: The user who has uploaded the file.
Location: the location to which file was uploaded.

File size: Size of the uploaded file.

Status: Status of uploads.

RTFUS Watch Log:

The scan reports of all created, modified and moved files during the Watcher Mode, that are being monitored can be found under Watch log tab.

The list consist of Date, Uploaded file, status.

There are two status:

Found: If there are infection found.
Ok: If there are no infections.

RTFUS Rejected File List:

This will show the log of files that was rejected during HTTP and HTTP uploads.

RTFUS Setting:

The settings option have the following features:

* Extensions to be blocked: Enter the extension you need to block, separated by “|”, and they will be rejected automatically while uploading.
Click on “Submit” button.

* Enable IP blocking: IP blocking can be enabled by using CSF or APF or IPTABLES whichever is installled. Click on “Submit” button.

*Enable Email Alert: You can enable email alert when a file has been blocked while uploading through FTP / HTTP; so as to actively warn users and to prevent any script vulnerability. Enter the Email address to which you need to recieve the alert.
Click on “Submit” button.

*Flush FTP Reject Log: You can remove the FTP rejected log by clicking the button.

*Flush HTTP Reject Log: You can remove the HTTP rejected log by clicking the button.

*Flush ClamAV Infected : You can remove the ClamAV  log by clicking the button.
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

1. Overview

The Realtime File Upload Scanner (cPanel) enables you to monitor all files uploaded via HTTP/FTP...

7. The HTTP tab in real-time file upload scanner explained

All the files uploaded via http is logged in this tab. There are 6 columns in this page. * DATE:...

9. How to enable and disable security definitions?

How to enable security definitions? --> Click the settings tab in the plugin --> Click on...

3. Compatibilities and Dependencies

Supported OS :   Centos 6 & 7 , RHEL 6 &7   Supported cPanel versions :   WHM 11.38...

6. What is watcher mode and Filter mode?

Watcher mode In this mode home directory or the document root of all user accounts are monitored...