ConfigServer Community Forum

just wondering if there is an upgrade or a plan to upgrade for the new Modsec v3 system?

currently i get errors if the vendor addon is enabled...

Error: API failure: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: AH00526: Syntax error on line 35 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Rules...

Hi, I have some issues using CSX.
When scanning the reports give me File path check failure: Permission denied. ERROR on all files.

the exact line is:

# Clamd Error for : /home/bsov/domains/somedomain.nl/public_html/img/logo2.png: File path check failure: Permission denied. ERROR

Also when I run the script from the shell I get the same error.

Also the CX control menu yields no results.

I...

I would like to ignore all error_log under /home/*/public_html/ panoramacharter.ltd

192.168.1.1

Hi guys.

I saw your post regarding blocking suspicious PHP files, but I have questions regarding this...

I receive batch of emails like this from time to time:
Scanning web upload script file... Time : Wed, 21 Dec 2022 13:36:03 -0500 Web referer URL : www.google.com Local IP : 192.XXX.XXX.XXX Web upload script user : mywebsite
(1008) Web upload script owner: mywebsite (1008) Web upload script...

My quarantine report is blank.

I do have /home/quarantine dir with content

Scan reports also show files getting quarantined

cpanel / Ubuntu 20

I'm trying to make cxs ignore the wordpress file admin-ajax.php so I created a file named cxs.ignore (it didn't exist) and put the following in it:

hfile:/public_html/wp-admin/admin-ajax.php

Restarted the service but I'm still receiving emails about that file.

I read somewhere else on this forum that I needed to edit cxswatch.sh and add --ignore /etc/cxs/cxs.ignore but my cxswatch.sh has...

Hi,

I'm regularly getting an email form cxs Scan saying it is scanning a file but then Clamd gives an error saying there's a File path check failure: No such file or directory. ERROR

cxswatch Scanning /home/username/public_html/wp-content/cache/db/singletables/c99:

then:

# Clamd Error for : /home/username/public_html/wp-content/cache/db/singletables/c99: File path check failure: No such...

Hello,

CXS is reporting some false positives on some directory names and cached files. These are re-created every 15minutes when the cache is and I'd like to ignore all the files and directories within certain folders of every users directory. I suspect I will need a regex way of doing this, but not sure how this works with CXS as I can't find any good examples.

Many thanks
Tony

The docs are not very clear about this. Does it add one IP for each list it founds or for all lists?

There is a big difference because one IP can be in multiple lists. My question is if CSF considers the unique IP before it adds to the block list or just reads all the block lists and adds duplicates.

I have a spammer accessing my server via an outside source. But that's really not the problem at the moment.
Some clients can't access their website.
Some get a 403 Permission Denied
You do not have permission for this request /wp-admin/post.php
when editing a page

I just got CXS and ran a full scan and got back hundreds of emails for vipercache directory
----------- SCAN REPORT -----------...

Hi,
sorry for question i am not expert of csx.I have a lot of alert from csx from different account.
example:
Scanning web upload script file...
Time : Wed, 18 May 2022 12:48:55 +0200
Web referer URL : www.google.com
Local IP : 51.255.xx.xx
Web upload script user : nobody (99)
Web upload script owner: xxxx(1017)
Web upload script path : /home/xxxx/public_html/wp-admin/admin-ajax.php
Web upload...

Hi,

I have just installed CXS in my server

1) How do I check that CXS does not delete or blocks infected files from websites found in the daily/weekly scan? I want to be alerted by email but no that the files are deleted or quarantied

2) Can I perform a manually scan when I want for ALL the sites? The same questions biy apply the scan for ONE domain?

Thanks,
Francisco

hello I'm new to the forum.
I would like to add the fingerprint md5 to the files reported in the emails. I don't understand which file I need to modify and which option should be added.
I would like to do this to be able to easily add the md5 files to the cxs whitelist.
thanks

Hi,

I am trying to install CXS as per the instructions on the website, but am getting an error and support is closed for the holidays.

# wget
--2021-12-27 00:12:28--
Resolving download.configserver.com (download.configserver.com)... 94.x.x.x
Connecting to download.configserver.com (download.configserver.com)|94..x.x.x|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length:...

Current Version: ConfigServer eXploit Scanner - cxs v6.35
Running in Unrestricted Mode

Trying to upgrade to v6.38 and i get the following error:

Upgrading cxs...

Upgrading cxs from v6.35 to 6.38...
Retrieving new cxs installer...
...100%

Unpacking new cxs package...

gzip: stdin: unexpected end of file
tar: Child returned status 1
tar: Error is not recoverable: exiting now
sh: line 0: cd:...

I recently switched to Imunify360 on my server in favour of Clamd. I removed Clamav as 2 virus scanners is not necessary. Now CXS can not perform a virus scan since Clamav is removed.

Not a big problem of course as virus scanning has been taking over by Imunify360 but would be great if CXS could hook into the new scanner.

Hello guys, I have been having problems with the clamd that is taking the processing from my host so that everything is inoperative, and I see that CXS when it runs the daily Clamd script it crashes everything, someone here has already been through this and managed to solve this problem ? I tried to configure up to the CPU limit in Clamd's own settings and today I had another crash. I do not know...

Good morning,

I've set weekly scan on my cPanel server with CXS. At this time, the log is stored at /var/log/cxsreports/cxs.scan . As I see, this file is erased after each new scan.

Is there a way to set a new logfile per scan (such as /var/log/cxsresports/cxs-20210517.scan ) ?

Thanks in advance.

Hello,

I've been receiving the following nightly errors.

ERROR: getpatch: Can't download daily-26096.cdiff from database.clamav.net
ERROR: Can't download daily.cvd from database.clamav.net

Any guidance would be greatly appreciated.

Thank you,
Tim

I have the following question on how the IP Reputation files all.txt, etc get populated.

If an IP address triggers a BLOCK on one of my servers, does this automatically get reported to CXS? The reason I am asking, if a user enters their password wrong and gets blocked on our server, does CSF report that to the IP Reputation respiratory?

If it does report it, then if I unblock the IP address...