Server Malware· 2018 (USA)

MONARX

Monarx tackles the hardest part of host-side malware detection: backdoors and webshells that signature scanners reliably miss. Where typical scanners look for known malicious patterns, Monarx applies behavioural analysis to identify suspicious code based on how it executes, what it talks to, and what it tries to do at runtime.

Visit Monarx ↗← All security solutions

HOW IT WORKS

In practice that means Monarx finds persistent infections where the attacker has hidden in plausible-looking PHP files, sometimes for months, in places where a signature-driven tool would never look. For a shared host where one infected site can pivot to the rest of the box, that detection difference compounds.

Monarx is sold to hosting providers and MSPs rather than to end-users. Pricing is custom and tied to server volume. The product complements (rather than replaces) a server-level WAF: Monarx is the scanner layer, not the firewall.

Category context: Server-side malware detection that scans files independent of the CMS; catches backdoors and webshells signature scanners miss. Used by hosts.

WHAT IT DOES

Behavioural malware detection (not signature-only)
Webshell and persistent-backdoor detection
Automated quarantine and remediation
Hosting-control-panel integrations
Threat intelligence shared across the install base

BEST FOR

Shared hosts who have been burned by signature scanners missing webshells
MSPs running multi-tenant infrastructure where persistent compromise is the worst-case outcome
Operators pairing it with a WAF for full server-level coverage

MONARX FAQ

What is Monarx?

Monarx is server-side malware detection software designed for hosting providers and MSPs. It uses behavioural analysis to identify malware (especially backdoors and webshells) based on how the code executes, rather than relying primarily on signatures. It is deployed across many shared hosting providers as the scanner layer of a server-level security stack.

How is Monarx different from a signature scanner?

Signature scanners look for known patterns in files. Monarx adds behavioural detection, which looks at what code actually does at runtime: what it executes, what it reaches out to, and what it tries to hide. This catches backdoors that have been obfuscated specifically to evade signature lookups, which is the typical failure mode of cheaper scanners on a busy shared host.

Does Monarx replace a server-level WAF?

No. Monarx is the malware-detection layer; a WAF (Imunify360, BitNinja) is the request-filtering layer. Most serious server-level stacks pair Monarx with a WAF, because the two layers cover different attack stages. Monarx catches what is already on disk; the WAF stops what is trying to get there.

Editorial independence

HostList is independent. This profile is editorial; HostList accepts no sponsorship, affiliate commission, or paid placement from Monarx or any security vendor. Our directory methodology is published in full at hostlist.io/hostscore. Have an update or correction? Tell us via About.