ConfigServer Community Forum

Hello, Since the day before yesterday, our nightly RBL check fails with the following message: Subject: Cron <root@host> /usr/sbin/csf --rbl our@emailhere.com Body: iptables: Chain already exists. iptables: Resource temporarily unavailable. iptables: Resource temporarily unavailable. This happens to...

Thank you, I tried that the first time but it doesn't work. Need to escape some characters, but I can't find out the exact command with all these characters to be escaped:(

Hello, I would like your help guys on how to properply ignore this command line, I don't know which characters to escape and have this working properly :( Executable: /home/virtfs/username/bin/bash Command Line: /usr/local/cpanel/bin/jailshell -c cd /home/username/public_html; php -f processmaker/wo...

Hello, I constantly receive this e-mail for all my server every few days. Any ideas? A new app has been registered with AppConfig. Name: csf Service: whostmgr ACLS required: software-ConfigServer-csf System User: root URL(s): /cgi/configserver/csf.cgi Display Name: ConfigServer Security&<b>Firew...

I cannot add each one of these false positives in /etc/cxs/cxs.ignore, because:

1) There are many usernames
2) They use different file locations
3) They keep adding them daily (and cxswatch blocks them).

One simple question for the authors: How can I ignore "symlink" alerts?

Hello, There are a many legitimate scripts that have this on the, for example: com_joomlaupdate: // Create the symlink - only possible within PHP context. There's no support built in the FTP protocol, so no postproc use is possible here :( if( !AKFactory::get('kickstart.setup.dryrun','0') ) @symlink...

Hello, In my daily scan I use the following crontab: /usr/sbin/cxs -mail ###@#####.## --exp --novir -o mMOSGchdnD -Z --sum -T 5 -all --ignore /etc/cxs/cxs.ignore for some reason in more than a dozen servers I received today about 50-200 hits per server with the following reason: # Regular expression...

Hello,

There is an application that creates PHP files with randon content and random name, however each file is exactly 27 bytes. Is there an option to exclude PHP files with 27 bytes size?

Hello, Since CXS 2.84, I've started receiving several quarantine alerts with this reason: Suspicious file location for a script [application/x-php] The problem is that several known applications put an empty index.php file (just the HTML tags) to prevent directory listing of that HTML file. Shouldn'...

Hello,

You might want to show us some other examples rather than "Scan Timeout", since I don't see anything strange in these notifications. 9348 hits might be from world writable or suspicious directories, but I see only 1 noticeable hit (Virus/Fingerprint).