Pyxsoft — Anti-malware + WAF for cPanel servers

Works with cPanel/WHM on AlmaLinux, CloudLinux, Rocky Linux, RHEL & CentOS — versions 7, 8, 9 and 10.

Live numbers

What Pyxsoft handles, every day

10M+

attacks blocked daily across the network

4M+

malware signatures + advanced code analysis engine

attack categories blocked at the WAF layer

30s

from one curl line to a protected server

Detection vs prevention

Detection isn't prevention.

Your scanner finds malware after it lands. By then the file is on disk, the site is modified, the IP is being flagged, and the ticket is in your queue. Pyxsoft fills the gap your scanner can't cover.

What your scanner sees — after the fact

A file that already wrote to /home/user/public_html
A site that's already serving the malicious payload to visitors
A client that's already on the phone with your support team
A shared IP that's already showing up on Spamhaus or SORBS

What Pyxsoft blocks — in real time

The malicious upload request, server-side, before it reaches disk
The SQL injection or XSS probe, blocked at the WAF layer
The obfuscated PHP payload that signature scanners miss
The automated bot scraping for vulnerable plugins and CMS exploits

Pyxsoft doesn't replace your scanner. It adds the prevention layer your scanner doesn't have.

What you get

One install. Four engines working in your favor.

Built specifically for cPanel servers — no DNS changes, no proxy, no per-site configuration.

Malware scanner that finds what others miss

4M+ signatures + Advanced Code Analysis Engine
Anti-evasion that catches obfuscated PHP shells
Real-time filesystem watcher — caught at upload

Built for shared hosting workloads

Integrated WAF, server-side

SQL injection, XSS, brute-force, web shells, malicious bots
Blocks the request before Apache hands it to the application
No DNS changes, no proxy in front of your customers

6 attack categories blocked

Hosting differentiator

AI-assisted WAF event explanations

Plain-English reason for every block — no log archaeology
Tier-1 support can explain false positives to clients in seconds
Reduces the back-and-forth between support and senior sysadmins

Built into the dashboard

Speed boost included

Apache offload: WAF serves static files directly
Automatic gzip on dynamic PHP responses
Optimized browser cache headers across the server

Faster Lighthouse scores for clients

How it works

From zero to protected in three steps.

No agents, no DNS changes, no per-domain configuration. SSH in, paste one line, you are done.

Run the install

SSH into your cPanel server as root, paste the command, hit enter. The installer detects your OS and configures itself.

curl -s https://www.pyxsoft.com/install-cpanel | bash

Auto-scan kicks in

Pyxsoft inventories every public_html across the server and runs the first malware scan automatically. You get a report in the WHM panel. No tickets, no client downtime.

WAF goes live

The WAF starts blocking requests immediately — SQL injection, brute force, web shells, malicious uploads. Daily attack stats ship to your dashboard, per server.

Customer-facing dashboard

Your customers see security working.

Most security tools are invisible to your end customers — until something breaks. Pyxsoft installs a Pyxsoft-branded WAF dashboard right inside their cPanel. Every login, they see the protection they're paying you for.

Live attack visibility — per domain
Each customer logs into cPanel and sees the attacks blocked on their own sites. Daily timeline, top attack types, top countries, top blocked IPs.
AI explanations on demand
Customer clicks any blocked request and reads a plain-English explanation streamed by Pyxsoft AI. The support ticket they were about to file? They close the tab instead.
Bilingual, zero-config
English and Spanish out of the box, switchable in one click. Auto-detects every domain on the account. Nothing for the customer to configure.

Why hosting providers choose Pyxsoft

Built for fleets, not for single sites.

$11/server, unlimited sites

Predictable per-server cost. Your margin is yours, even if a client has 200 add-on domains.

Install in 30 seconds

One curl line. No agents, no proxies, no DNS changes. Roll it out across a fleet via Ansible or just paste it.

AI-explained blocks

Your scanner gives you a filename. Pyxsoft gives you the reason. Tier-1 closes false-positive tickets without pinging a senior sysadmin.

Faster sites included

WAF doubles as a static file server with gzip and caching baked in. Clients notice the Lighthouse bump.

Volume pricing

Volume discounts, transparent.

Same product, less per server as you scale. Unlimited sites and users at every tier.

Single license

$11 / month

1 server · unlimited sites & users

10 license pack

$100 / month

10 servers · unlimited sites & users

Save $10/mo

25 license pack

$240 / month

25 servers · unlimited sites & users

Save $35/mo

See full pricing

Frequently asked

What hosting providers ask before installing.

I already have ImunifyAV (or another malware scanner). Why do I need Pyxsoft?

Different layer of defense. ImunifyAV and similar scanners are detection tools — they find malware after it has already landed on the server. Pyxsoft is a prevention tool — the integrated WAF blocks the malicious upload or request before it reaches your customer's website at all. Most hosting providers run Pyxsoft alongside their existing scanner: one catches what already arrived, the other stops what's trying to arrive next. The Advanced Code Analysis Engine in Pyxsoft also catches obfuscated and packed payloads that signature-only scanners miss.

Do my customers see the Pyxsoft branding inside their cPanel?

Yes. Once installed, Pyxsoft adds a 'Site Protection' tile inside every customer's cPanel. They see live attacks blocked on their own domains, click any block for an AI-streamed explanation, and can switch the dashboard between English and Spanish. The dashboard is currently branded as Pyxsoft (no whitelabel option). For most hosting providers this is a feature, not a bug — your customers see a dedicated, professional security tool and stop wondering whether their site is protected.

Will Pyxsoft slow my server down?

No. The WAF runs in front of Apache and serves static files directly, which usually makes the server faster. The malware scanner runs on a configurable schedule and respects your server's load.

Will it break my clients' websites?

Pyxsoft ships in monitor mode for the first scan window so you can review what it would block before enforcing. The AI-assisted event explanations make false-positive triage fast for tier-1 support.

How long does the install actually take?

The curl one-liner returns control in seconds, and end-to-end installation typically completes in under a minute on a normal connection. The first malware scan runs automatically afterward in the background.

How is this different from a typical malware scanner or WAF?

Most cPanel scanners are signature-only. Pyxsoft pairs 4M+ signatures with an Advanced Code Analysis Engine that catches obfuscated and packed payloads. The WAF is integrated server-side — no DNS changes, no proxy, no per-domain config — and the AI explanations cut your support load.

What happens if malware passes through?

The real-time filesystem watcher catches files the moment they hit disk. If a payload is created, it lands in quarantine immediately and you get an alert. Daily per-server stats give you visibility into what was blocked and what was caught.

Do I need root access to install?

Yes. Pyxsoft installs at the server level, which is what makes the unlimited-sites pricing possible. If you only have a single domain without root, use PowerWAF (powerwaf.com) — it's a domain-level variant of the same engine.

What happens after the 7-day free trial?

If you don't activate a license, Pyxsoft stops protecting new requests but leaves your server in the state it found it — no config rewrites, no surprises. Uninstall is one command.

Cut malware tickets on your next cPanel server today.

7-day free trial. No credit card. Install in one curl line. Uninstall in one command.