ConfigServer Community Forum

NOTE: Support for using suhosin is deprecated and will be removed in
the near future - use ModSecurity instead. If you are unable to use
ModSecurity, you will have to rely on either cxs Watch or manual scans

Does this only apply to scanning of PHP Upload scripts?

What I mean is: I use CXS Watch, and I also use Suhosin. Will CXS Watch stop working for PHP if I keep using Suhosin (in the...

New option added: --defapache . This is the default account
under which apache runs. This will be set to apache by default
except on cPanel servers where it is set to nobody by default

I have a cPanel server. So it is set to nobody by default.

Is there a more secure value rather than nobody or is that value required (and secure as-is)?

I don't fully understand what nobody means and any...

This morning in my logs I noticed the following messages being repeated over and over with random usernames. Any idea what causes this and is it something I should be concerned about?

Oct 22 00:03:01 server6 cxswatch : Adding new cPanel user PR7E2ppU...
Oct 22 00:03:01 server6 cxswatch : Failed to add user PR7E2ppU: Invalid Home directory []
Oct 22 00:03:01 server6 cxswatch : ...done
Oct 22...

Hello,

I am running CXS on my server and II have setup few WP blog with W3-Total-Cache. I am getting these alerts. Should I be concerned. :confused:
---------------------------------------------------------------------------
# Regular expression match = :
'plugins/w3-total-cache/inc/widget/new_relic.php'
# Regular expression match = :...

s = Old script version installed

I am not using the s and the report is returning to Old Script generating major problems for the analysis of the report. You can check please?

/usr/sbin/cxs --logfile /var/log/cxs.log --options m --user ZZZ --novirusscan --web --www

Report: :confused:
# Script version check

Hello
i see following log /var/log/cxswatch.log
how i can ignor this file for CXS?
becuase CXS check this file, so we not need CXS check this file, correct?

Thanks.

I've removed cxs from my server as I'm going to install it on a new one I'm moving to.

Below seems to state that I have to retire the old server before I change to the new server IP. Is that correct? :)

If you are going to retire the server that you initially had cxs licensed for or you have been required to change the server's IP address, then the licensed IP address can be changed. There is...

Hi Everyone
I have a very very critical problem with CXS! Scan the server and the CXS Quarantine many fatal files like index.php and config.php!!!!!!!!!! No idea how to restore these files and I am in a hurry ... so please please response me ASAP
Thanks

Hello,

I am planning on purchasing the cxs scanner, because previously I was using apache / atomicorp modsec rules but as I shifted to litespeed the modsecurity rules are no longer working. Which is a shame as since using those none of the sites hosted on the server got hacked / defaced.

So now I need a solution and cxs seems somewhat of an answer but it also seems to be dependent on modsec...

Hello,

My scan report shows the below warning message :

WARNING: Quarantine disabled - Directory does not exist

This started after upgrade to 3.07

Any idea on what's going wrong please ?

Thanks for your help.

when i go to Generate cxs commands i can see bottom save defaults

just 2 bottom

view shell command and run sacn :confused:

i try to install again but not solve it

I created a cron from the cxs interface to run a scan once a day. When I look at crontab -e under root, I dod not see the entry. Can someone tell me where it is stored?

Hi!

A CXS scan (via manual Generate Commands) does not find/alert

1. cxs.xtra stuff if it's not in a php file or maybe other script files.
If there is cxs.ztra stuff in a .html file it will not report it.
Even if it's included in a Javascript code.

2. CXS does not report/find a very bad javascript/malware in index.html while all other
free website scanners I tested found it.
This was the...

Hi,

We have Version cxs v3.04 when repair this Bug ??

Another problem, when pysh the boton QUARANTINE we have /cuarentenacxs directory and push VIEW QUARANTINE send message Directory is not a cxs quarantine directory and can't view results.

This is a bug too for this version?? this are fixed in the next version?

Best Regards

If you want to completely disable UI access, create the file /etc/cxs/cxs.disableui or click the Disable UI button below.

There isn't a Disable UI button below.

I noticed today on the top of my CXS it now says the following.

Running in Restricted Mode - remove /etc/cxs/cxs.restricted to enable full access to this User Interface
The nature of this User Interface allows direct and indirect access to the root shell on the server, therefore any user access to this interface could allow abritrary commands to be run as root and system files to be overwritten....

This may be a bug...

Noticed over the past week that several viruses that are detected by ClamAV as being
PHP Shell Exploits are NOT getting quarantined...

Here is my default cxs config.

/usr/sbin/cxs --allusers --clamdsock /var/clamd --doptions Mv --exploitscan --filemax 10000 --ignore /etc/cxs/cxs.ignore --logfile /var/log/cxs.log --mail root@server.tld --MD5 --options mMOLfSGchexdnwZDR...

Howdy,

I am Zaphod from SpambotSecurity . com (broken to avoid linking by zaphod). I have been distributing a GNU/GPL V2 security suite for PHP websites since 2008 named ZB Block.

As of June 1st, you had an update to either this script, or another, which began misidentifying the signatures.inc file of my script, as a known exploit. Since my script, and this file especially only works off...

hello,

how i make restore all files and of the all account users in one time?

thanks

Can you tell me how to automatically quarantine these types of files

----------- SCAN REPORT -----------
(/usr/sbin/cxs --allusers --clamdsock /tmp/clamd --deep --doptions Mv --exploitscan --filemax 0 --ignore /etc/cxs/cxs.ignore --logfile /var/log/cxs.log --mail --options mMOLfSGchexdnwZDRu --qoptions Mv --quarantine /home/quarantine --quiet --report /var/log/cxs.scan --sizemax 500000 --smtp...