Skip to main content
Two products · One license · One install

Anti-Malware and a server-side WAF, working together on every cPanel server.

Pyxsoft pairs a real-time malware scanner with a pre-Apache WAF. One license covers both. Install it once, and every domain on the server is protected — with a customer-facing dashboard your end users actually see.

Pyxsoft Anti-MalwarePyxsoft WAF (pxShield)
Pyxsoft Anti-Malware

A scanner that catches what signature-only tools miss.

Real-time filesystem watching, scheduled global scans, and an Advanced Code Analysis Engine that recognises obfuscated payloads — tuned specifically for cPanel shared-hosting workloads.

Instant Scanner

  • Real-time monitoring via the Linux kernel filesystem watcher
  • Files scanned the moment they are created or modified
  • Auto-quarantine, delete, or report — configurable per threat type
  • Catches uploads from FTP, web forms, scripts, and archive extraction
Anti-evasion engine

Advanced Code Analysis Engine

  • Heuristic detection of obfuscated and packed PHP shells
  • Identifies threats not yet present in the signature database
  • Pattern recognition + behavioral analysis (Deep Scan)
  • Closes the gap that signature-only scanners leave open

4M+ malware signatures

  • Continuous signature updates pushed automatically
  • Detects viruses, trojans, ransomware, backdoors, spyware, rootkits
  • Compressed-file scanning — extracted contents inspected on the fly
  • First-scan-on-install runs across every public_html on the server

Global Scanner

  • Scheduled server-wide scans — pick days and time of day
  • Three CPU modes (Normal / Low / Lowest) for shared hosting workloads
  • Per-finding actions: report, quarantine, or delete
  • Optimised to coexist with cPanel — system folders excluded by default

Quarantine system

  • Detected files are isolated in a secure server location
  • Review and restore wrongly-flagged files in one click
  • Permanent delete is available but never automatic by default
  • No risk of losing legitimate customer data while you investigate

Symlink protection

  • Removes symlinks pointing to system folders (e.g. /etc, /bin)
  • Blocks symlinks targeting other users' home directories
  • Cleans up broken symlinks attackers leave behind
  • Stops a common privilege-escalation and cross-account leak vector

Built for shared hosting

  • Tuned for low CPU and RAM footprint
  • cPanel system directories excluded automatically
  • Resume support so reboots don't restart full scans from scratch
  • Won't interfere with backups, mail spool, or virtfs

Daily reports & stats

  • Per-server scan results surfaced in WHM
  • Per-account breakdown so you know which client is hot
  • Daily attack and infection counters for trend analysis
  • Useful evidence to share with end customers when needed

Detected threat types

Across signature, heuristic, and behavioral analysis.

  • Viruses
  • Trojans
  • Ransomware
  • Backdoors
  • Spyware
  • Rootkits
  • PHP web shells
  • Cryptominers
  • Defacement scripts
  • Malicious symlinks
Pyxsoft WAF · powered by pxShield

A real WAF, not just an Apache rule set.

pxShield runs as a dedicated security layer in front of Apache, blocking malicious requests before they reach the web server — and doubling as a static-file accelerator for the sites it protects.

Pre-Apache request filtering

  • pxShield runs as a reverse proxy in front of Apache
  • Malicious traffic is dropped before it hits the web server
  • Apache stops wasting CPU and RAM on attack traffic
  • No DNS changes, no per-domain config, no proxy outside your box
Hosting differentiator

AI-explained blocks

  • Plain-English reason for every blocked request — streamed on click
  • Tier-1 support resolves false positives without paging a senior admin
  • Cuts the back-and-forth between hosting support and end customers
  • Available in WHM and inside the customer cPanel dashboard

Customer-facing cPanel dashboard

  • A 'Site Protection' tile lands in every cPanel account automatically
  • Live attacks blocked per domain — timeline, top types, top countries
  • Click any blocked request for an AI-streamed explanation
  • Bilingual EN/ES, switchable in one click — zero customer setup

WHM admin dashboard

  • Live request graph for the last 180 minutes
  • 30-day blocked-attacks history for trend reporting
  • Top blocked IPs, most-targeted domains, top attack types
  • Last 10 attacks with full request detail and AI explainer

Speed boost included

  • Apache offload — pxShield serves static files directly
  • Automatic gzip on dynamic responses (PHP, etc.)
  • Optimised browser cache headers across the server
  • WAF doubles as a performance layer — clients notice the Lighthouse bump

Server-wide protection by default

  • Standard rules apply automatically to every domain on the server
  • No per-site activation, no agent install on customer accounts
  • Per-domain customisation and exceptions available when you need them
  • Roll out across a fleet of servers via Ansible or one curl line

Threat intelligence

  • Per-IP attack ranking — find the persistent offenders fast
  • Geographic insight (top countries) for region-based mitigation
  • Most-targeted domains so you know which clients are under pressure
  • Useful proof when communicating proactively with end customers

Safe rollout: monitor first, enforce after

  • Ships in monitor mode for the first scan window
  • Review what would be blocked before flipping to enforce
  • AI-assisted false-positive triage keeps tier-1 support unblocked
  • Uninstall in one command — no config rewrites left behind

Attack categories blocked

Stopped server-side, before Apache hands the request to the application.

  • SQL injection
  • Cross-site scripting (XSS)
  • Command injection
  • Directory traversal
  • Brute-force attacks
  • Web shells
  • Malicious file uploads
  • Bot scraping & probing
  • Zero-day attacks
  • Credential stuffing
One license, both products

Anti-Malware and WAF ship as one product, billed per server.

You don't pay extra for the WAF, and you don't pay extra for the scanner. The same install command activates both engines, and one license key covers an entire server — unlimited sites, unlimited users.

$11
per server / month — both products bundled
30s
from one curl line to a protected server
sites and users at every tier
Free, separate product

Need a firewall too? Pyxsoft Firewall is free.

A modern WHM-native firewall built for nftables (with iptables compatibility). Open/close ports, manage IP allow/deny, and a built-in login-failure guard — no charge, no license, ships alongside the rest of the stack.

See Pyxsoft Firewall

Both engines live on your next cPanel server today.

7-day free trial. No credit card. Install in one curl line. Uninstall in one command.

curl -s https://www.pyxsoft.com/install-cpanel | bash
See volume pricingTalk to sales

cPanel/WHM on AlmaLinux · CloudLinux · Rocky Linux · RHEL · CentOS — versions 7, 8, 9 and 10.