Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
I have a customer with a 6GB cpanel account that I have had to restore a few times recently. Both times, the server nearly crashed, as the load approached 120! On the 3rd restore, I finally figured out what the problem... it was cxs scanning all the files being restored!
To solve the problem I did the following:
Went to Service Monitor in WHM and temporarily disabled monitoring of cxswatch....
For the past hour I have been flooded with tens of such emails from cxs. In the email it refers to a non existing file on the server,(I believe a bot is searching for exploitable scripts on the domain.) as the upload path ( each different path on each email) and the file does not exist. however cxs states that the file has been quarantined. How is this possible if the hacker cannot upload any...
We've been running into this issue for at least the last year now, and it appears the old post regarding this issue has disappeared, so I figured we would bring it back to your attention.
We run cPanel on all of our servers, we have CXS on about 10-15 of them. Sometimes pure-ftpd will randomly stop functioning for no apparent reason. The process will be running, but trying to connect will...
For some reason I'm constantly getting hit hard from obsmtp dot com which is a Google IP address. One of the matching IP addresses is 68.18.3.39. I want to completely block anything from 64.18.0.0 and on. Would the correct way to input that into my deny config file be like this?
68.18.0.0/32
Update:
I think I was able to get it.
68.18.0.0/16 I believe blocks all from 68.18.*.*
Got an odd problem on the last server you guys set up.
The cxs daily cron will sometimes just hang and prevent the logrotate process from running. I'll notice it when I receive an email that /var is running out of drive space, due to logs growing in size.
If I kill the cxs cron, then logrotate will run. I've noticed this happening about 3 or 4 different times since last december. Just noticed...
Hi Jonathan,
yesterday a hacker managed to ftp to a compromised password on a customer and uploaded a few modified files that he downloaded previously.
All the files are java scripts with the extension .JS, I have checked the code and added the code to the xtra file, using REGALL but CXS is not checking the .js files and the files are not quarantined.
first, cxs is awesome... incredible... like finding REAL NY PIZZA IN GEORGIA USA
--if i could.....
ok, i have a web cam for our studio
we use secure ftp
i have the program uploading a multiple camera single jpg image every 10 seconds
tail:
Jan 5 04:35:45 secure cxswatch : Ignoring file for the next 300 seconds: '/home/user/public_html/directory/thisfile.jpg'
Jan 5 04:42:29 secure cxswatch :...
WARNING: Quarantine disabled - Directory has incorrect permissions , run cxs --qcreate --quarantine /home/quarantine
I have moved the old quarantine directory elsewhere and ran cxs --qcreate --quarantine /home/quarantine but continue to get the error. I have also just tried chmod 0755 on the quarantine directory to no avail.
The last few days we notice that email reports from cxs if reporting a virus now say:
WARNING: Quarantine disabled - Directory missing, run cxs --qcreate --quarantine
WARNING: Quarantine disabled - Directory missing, run cxs --qcreate --quarantine
WARNING: Quarantine disabled - Directory [] has incorrect permissions , run cxs --qcreate --quarantine
I just done the cxs v4.04 update and it broke the Documentation info.
Other Documents
reference.txt install.txt changelog.txt license.txt
cxs POD
Usage: perldoc PageName|ModuleName|ProgramName Examples: perldoc -f PerlFunc perldoc -q FAQKeywords perldoc -v PerlVar The -h option prints more help. Also try perldoc perldoc to get acquainted with the system.
CXS is using over 50% of my dedicated server's CPU. is there a setting to limit it's CPU or resource usage? If not, what third party solution do you recommend? I am happy for this scan to take a lot longer as long as the CPU usage does not go above 20%.
Thanks,
NOTE: Support for using suhosin is deprecated and will be removed in
the near future - use ModSecurity instead. If you are unable to use
ModSecurity, you will have to rely on either cxs Watch or manual scans
Does this only apply to scanning of PHP Upload scripts?
What I mean is: I use CXS Watch, and I also use Suhosin. Will CXS Watch stop working for PHP if I keep using Suhosin (in the...
New option added: --defapache . This is the default account
under which apache runs. This will be set to apache by default
except on cPanel servers where it is set to nobody by default
I have a cPanel server. So it is set to nobody by default.
Is there a more secure value rather than nobody or is that value required (and secure as-is)?
I don't fully understand what nobody means and any...
This morning in my logs I noticed the following messages being repeated over and over with random usernames. Any idea what causes this and is it something I should be concerned about?
Oct 22 00:03:01 server6 cxswatch : Adding new cPanel user PR7E2ppU...
Oct 22 00:03:01 server6 cxswatch : Failed to add user PR7E2ppU: Invalid Home directory []
Oct 22 00:03:01 server6 cxswatch : ...done
Oct 22...
I am running CXS on my server and II have setup few WP blog with W3-Total-Cache. I am getting these alerts. Should I be concerned. :confused:
---------------------------------------------------------------------------
# Regular expression match = :
'plugins/w3-total-cache/inc/widget/new_relic.php'
# Regular expression match = :...
Hello
i see following log /var/log/cxswatch.log
how i can ignor this file for CXS?
becuase CXS check this file, so we not need CXS check this file, correct?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum