Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
I'm regularly getting an email form cxs Scan saying it is scanning a file but then Clamd gives an error saying there's a File path check failure: No such file or directory. ERROR
CXS is reporting some false positives on some directory names and cached files. These are re-created every 15minutes when the cache is and I'd like to ignore all the files and directories within certain folders of every users directory. I suspect I will need a regex way of doing this, but not sure how this works with CXS as I can't find any good examples.
The docs are not very clear about this. Does it add one IP for each list it founds or for all lists?
There is a big difference because one IP can be in multiple lists. My question is if CSF considers the unique IP before it adds to the block list or just reads all the block lists and adds duplicates.
I have a spammer accessing my server via an outside source. But that's really not the problem at the moment.
Some clients can't access their website.
Some get a 403 Permission Denied
You do not have permission for this request /wp-admin/post.php
when editing a page
I just got CXS and ran a full scan and got back hundreds of emails for vipercache directory
----------- SCAN REPORT -----------...
Hi,
sorry for question i am not expert of csx.I have a lot of alert from csx from different account.
example:
Scanning web upload script file...
Time : Wed, 18 May 2022 12:48:55 +0200
Web referer URL : www.google.com
Local IP : 51.255.xx.xx
Web upload script user : nobody (99)
Web upload script owner: xxxx(1017)
Web upload script path : /home/xxxx/public_html/wp-admin/admin-ajax.php
Web upload...
1) How do I check that CXS does not delete or blocks infected files from websites found in the daily/weekly scan? I want to be alerted by email but no that the files are deleted or quarantied
2) Can I perform a manually scan when I want for ALL the sites? The same questions biy apply the scan for ONE domain?
hello I'm new to the forum.
I would like to add the fingerprint md5 to the files reported in the emails. I don't understand which file I need to modify and which option should be added.
I would like to do this to be able to easily add the md5 files to the cxs whitelist.
thanks
I recently switched to Imunify360 on my server in favour of Clamd. I removed Clamav as 2 virus scanners is not necessary. Now CXS can not perform a virus scan since Clamav is removed.
Not a big problem of course as virus scanning has been taking over by Imunify360 but would be great if CXS could hook into the new scanner.
Hello guys, I have been having problems with the clamd that is taking the processing from my host so that everything is inoperative, and I see that CXS when it runs the daily Clamd script it crashes everything, someone here has already been through this and managed to solve this problem ? I tried to configure up to the CPU limit in Clamd's own settings and today I had another crash. I do not know...
I've set weekly scan on my cPanel server with CXS. At this time, the log is stored at /var/log/cxsreports/cxs.scan . As I see, this file is erased after each new scan.
Is there a way to set a new logfile per scan (such as /var/log/cxsresports/cxs-20210517.scan ) ?
I have the following question on how the IP Reputation files all.txt, etc get populated.
If an IP address triggers a BLOCK on one of my servers, does this automatically get reported to CXS? The reason I am asking, if a user enters their password wrong and gets blocked on our server, does CSF report that to the IP Reputation respiratory?
If it does report it, then if I unblock the IP address...
I've been struggling with this for a while now, I have wordpress sites where everything is up to date but attackers are still able to upload files to the server. One such person has been trying to upload a backdoor since 1am in the morning. I can see 5 files with the same name quarantined.
Is it possible to identify how these files were uploaded?
We have lot of wp-content/cache/wp-rocket/www.mydomain.tld advises, that are normal beacuse we install wp-rocket on our hostings.
Problem is that i want to ignore the Suspicious directory email, but, if exploit appears on wp-content/cache/wp-rocket/www.mydomain.tld/exploit.php, it should be detect also.
I have a client that suddenly could no longer send mail via SMTP through our server. I traced this to their IP being in the LF_SMTPAUTH.txt blocklist (in the CXS IP Reputation feature), which we have enabled.
I confirmed that the user had never had an SMTP failure with our server (further confirmed by trying to remove the IP via the cxs --Rremove command, which failed because our server was not...
Hi,
i have a exploit i cannot remove. i hace updated website and change all password. i also try to ban ips but csx continue to report it to me. fortunately it block and send it to quarantine. i want to remove it definily if possible.tjis is a wp website
Scan Status Fingerprint
Scan Time Tue Jan 19 10:01:00 2021
Scan Type Web
Original File...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum