Defensia integrates natively with cPanel. It reads cPHulk, monitors all your domains via domlogs, protects Postfix and Dovecot, and adds a management panel to WHM — all with a single command.
Start FreeNative cPanel integration — not a generic tool bolted on top.
Polls cPHulk's own database every 30 seconds. Detects brute force attempts that fail2ban can't see because cPHulk intercepts at PAM level.
Auto-discovers all domains from /usr/local/apache/logs/domlogs/. Full OWASP WAF engine with SQL injection, XSS, RCE, and path traversal detection.
Detects SASL auth failures, IMAP/POP3 brute force, relay abuse attempts, and hostname anomalies. Auto-detects mail.log location.
Monitors vsftpd, ProFTPD, and Pure-FTPd login failures. Auto-detects which FTP server is running.
Agent status, active bans, monitored domains, and one-click management — all from WHM > Plugins. No separate login needed.
Events, bans, WAF analytics, CVE scanning, and security score — all in a web dashboard that works across all your servers.
fail2ban can't read cPHulk data. Defensia polls the cPHulk SQLite database directly every 30 seconds.
Database: /var/cpanel/hulkd/cphulk.sqlite · Polled every 30 seconds · Zero config
Defensia auto-discovers all domains from /usr/local/apache/logs/domlogs/ and monitors each one with the full OWASP WAF engine.
SSL log variants (-ssl_log) auto-merged. New domains detected automatically — no restart needed.
Defensia covers the same ground at a fraction of the price — and works on any Linux server, not just cPanel.
| Feature | Defensia | Imunify360 |
|---|---|---|
| Price (per server) | €9/mo | $12-45/mo |
| cPanel required | No (any Linux) | Yes (cPanel/Plesk only) |
| cPHulk integration | Native (SQLite) | Replaces cPHulk |
| WAF engine | OWASP CRS scoring | ModSecurity |
| SSH brute force | 15 patterns + journald | PAM module |
| Email protection | Postfix + Dovecot | Postfix (limited) |
| Multi-server dashboard | Included | Separate product |
| CVE scanning | NVD + EPSS + CISA KEV | No |
| Open source agent | Yes (MIT) | No |
| Docker / K8s support | Yes | No |
Everything a shared hosting server needs — SSH, email, FTP, web, and cPanel login protection.
The WHM addon gives you at-a-glance status, active ban count, monitored domains, and one-click agent management.
Full dashboard with charts, event logs, and WAF analytics at defensia.cloud
Simple per-server pricing. No per-account fees. No hidden costs.
SSH protection + dashboard
Full WAF + CVE + alerts
Billed annually
No. Defensia reads cPHulk's SQLite database — it doesn't replace or interfere with cPHulk. Both can run simultaneously. Defensia adds escalating bans, cross-server propagation, and a dashboard on top of what cPHulk already does.
No. The agent auto-detects cPHulk, Apache domlogs, mail.log, and FTP logs. Everything works out of the box. You can fine-tune WAF scores and ban durations from the web dashboard if you want.
Unlimited. Defensia pricing is per server, not per cPanel account. A shared hosting server with 500 accounts pays the same as one with 5.
No. The addon installs via a simple shell script — no cPanel Store account or partner agreement needed. It registers directly with WHM.
Yes. Hosting providers can purchase server slots and assign them to client servers. Standard pricing applies — per server, no per-account fees.
The agent works on any Linux server including Plesk. A dedicated Plesk extension is planned. The core protection (SSH, WAF, email, FTP) works today.
Yes. Defensia has native CloudLinux support including journald fallback for EL8/EL9 systems where /var/log/secure doesn't exist.
One command installs the WHM addon and the security agent. Free for your first server.
Start Free See Pricing