Search found 13 matches

by shenzy
17 Apr 2018, 06:55
Forum: General Discussion (cxs)
Topic: world writable directory -> change to 755
Replies: 3
Views: 5520

Re: world writable directory -> change to 755

That option has not been removed, it is still there. Search the cxs documentation for the --options setting, specifically --options W. Hello Sara, In the GUI (cxs Command Wizard) there is only option to ask to detect the folders with 777 permissions (w option) but there is no option to add the para...
by shenzy
17 Apr 2018, 02:25
Forum: General Discussion (cxs)
Topic: world writable directory -> change to 755
Replies: 3
Views: 5520

world writable directory -> change to 755

Hello,
In the previous versions there is the option to automatically change the permissions 777 to 755, could you put that option back?
by shenzy
24 Apr 2017, 00:08
Forum: Suggestions (csf)
Topic: Alert for distributed smtpauth attack ONLY when successful Login
Replies: 1
Views: 3874

Alert for distributed smtpauth attack ONLY when successful Login

Hello,
The 99% of my "distributed smtpauth attack alerts" are for "535 Incorrect authentication". It would be nice if the alert is sent only when successful access to the email account is detected.
by shenzy
08 Jul 2015, 16:29
Forum: General Discussion (csf)
Topic: RT_RELAY explanation?
Replies: 1
Views: 3145

Re: RT_RELAY explanation?

I have the same question.
In my case i have RT_RELAY_LIMIT = 250
And I receive "RELAY Alert for xxx.xxx.xxx.xxx" but the mails in the report (the first 10 emails) are mails for local accounts ?? .
by shenzy
09 May 2014, 16:47
Forum: General Discussion (cxs)
Topic: how to determine if a false positive
Replies: 1
Views: 3394

Re: how to determine if a false positive

I have the same question.
by shenzy
17 Jan 2014, 13:49
Forum: Suggestions (csf)
Topic: Automatic Block Mail Account (distributed SMTP Logins)
Replies: 2
Views: 5999

Automatic Block Mail Account (distributed SMTP Logins)

Hello, The option for block distributed SMTP Logins is very usefull, but is necessary some advanced option to permit the automatic block of one email account involved in "more than X" continous distributed smtp logins. For example, I have configured the distributed smtp logins detection to...
by shenzy
13 Dec 2012, 18:44
Forum: General Discussion (cxs)
Topic: CXS 2.81 false positive with Wordpress Plugin?
Replies: 1
Views: 5415

CXS 2.81 false positive with Wordpress Plugin?

Some sites with Wordpress and the plugin "Better WP Security" result in : Known exploit = [Fingerprint Match] [Exploited .htaccess [P0184]]: ¿Is an exploit or a false positive? .htacces contet: # BEGIN Better WP Security Options -Indexes Order allow,deny Allow from all Deny from 81.114.75....
by shenzy
22 Jul 2012, 21:29
Forum: Suggestions (csf)
Topic: Prevent bad use of an email account (virus)
Replies: 2
Views: 5842

Re: Prevent bad use of an email account (virus)

:) # Distributed SMTP Logins. This option will keep track of successful SMTP # logins. If the number of successful logins to an individual account is at # least LF_DISTSMTP in LF_INTERVAL from at least LF_DISTSMTP_UNIQ IP addresses, # then all of the IP addresses will be blocked. These options only ...
by shenzy
07 Jul 2012, 18:48
Forum: Suggestions (csf)
Topic: Prevent bad use of an email account (virus)
Replies: 2
Views: 5842

Prevent bad use of an email account (virus)

Hello, It is common when a computer is infected with virus, sent to "other computers" mail password you have set, then these computers are beginning to use the mailbox to send viruses or spam. When this happens, they come in a short time many alerts like "AUTHRELAY, Remote IP - xxx.xx...
by shenzy
15 Oct 2009, 21:53
Forum: Report Bugs (csf)
Topic: false whm root login alert
Replies: 6
Views: 10000

thank you very much!!