ConfigServer Community Forum

I've removed cxs from my server as I'm going to install it on a new one I'm moving to.

Below seems to state that I have to retire the old server before I change to the new server IP. Is that correct? :)

If you are going to retire the server that you initially had cxs licensed for or you have been required to change the server's IP address, then the licensed IP address can be changed. There is...

Hi Everyone
I have a very very critical problem with CXS! Scan the server and the CXS Quarantine many fatal files like index.php and config.php!!!!!!!!!! No idea how to restore these files and I am in a hurry ... so please please response me ASAP
Thanks

Hello,

I am planning on purchasing the cxs scanner, because previously I was using apache / atomicorp modsec rules but as I shifted to litespeed the modsecurity rules are no longer working. Which is a shame as since using those none of the sites hosted on the server got hacked / defaced.

So now I need a solution and cxs seems somewhat of an answer but it also seems to be dependent on modsec...

Hello,

My scan report shows the below warning message :

WARNING: Quarantine disabled - Directory does not exist

This started after upgrade to 3.07

Any idea on what's going wrong please ?

Thanks for your help.

when i go to Generate cxs commands i can see bottom save defaults

just 2 bottom

view shell command and run sacn :confused:

i try to install again but not solve it

I created a cron from the cxs interface to run a scan once a day. When I look at crontab -e under root, I dod not see the entry. Can someone tell me where it is stored?

Hi!

A CXS scan (via manual Generate Commands) does not find/alert

1. cxs.xtra stuff if it's not in a php file or maybe other script files.
If there is cxs.ztra stuff in a .html file it will not report it.
Even if it's included in a Javascript code.

2. CXS does not report/find a very bad javascript/malware in index.html while all other
free website scanners I tested found it.
This was the...

Hi,

We have Version cxs v3.04 when repair this Bug ??

Another problem, when pysh the boton QUARANTINE we have /cuarentenacxs directory and push VIEW QUARANTINE send message Directory is not a cxs quarantine directory and can't view results.

This is a bug too for this version?? this are fixed in the next version?

Best Regards

If you want to completely disable UI access, create the file /etc/cxs/cxs.disableui or click the Disable UI button below.

There isn't a Disable UI button below.

I noticed today on the top of my CXS it now says the following.

Running in Restricted Mode - remove /etc/cxs/cxs.restricted to enable full access to this User Interface
The nature of this User Interface allows direct and indirect access to the root shell on the server, therefore any user access to this interface could allow abritrary commands to be run as root and system files to be overwritten....

This may be a bug...

Noticed over the past week that several viruses that are detected by ClamAV as being
PHP Shell Exploits are NOT getting quarantined...

Here is my default cxs config.

/usr/sbin/cxs --allusers --clamdsock /var/clamd --doptions Mv --exploitscan --filemax 10000 --ignore /etc/cxs/cxs.ignore --logfile /var/log/cxs.log --mail root@server.tld --MD5 --options mMOLfSGchexdnwZDR...

Howdy,

I am Zaphod from SpambotSecurity . com (broken to avoid linking by zaphod). I have been distributing a GNU/GPL V2 security suite for PHP websites since 2008 named ZB Block.

As of June 1st, you had an update to either this script, or another, which began misidentifying the signatures.inc file of my script, as a known exploit. Since my script, and this file especially only works off...

hello,

how i make restore all files and of the all account users in one time?

thanks

Can you tell me how to automatically quarantine these types of files

----------- SCAN REPORT -----------
(/usr/sbin/cxs --allusers --clamdsock /tmp/clamd --deep --doptions Mv --exploitscan --filemax 0 --ignore /etc/cxs/cxs.ignore --logfile /var/log/cxs.log --mail --options mMOLfSGchexdnwZDRu --qoptions Mv --quarantine /home/quarantine --quiet --report /var/log/cxs.scan --sizemax 500000 --smtp...

hello,

i just installed cxs and scan my server

after i did this, i received several emails like this

cxswatch failed @ Fri Mar 8 19:43:15 2013. A restart was attempted automagically.
Service Check Method:
Number of Restart Attempts: 4

i rebooted my server and i still receive this

any ideas ?

Hi,

My iteration of CXS used to work, and all of a sudden ceased working. I am getting this error when attempting to launch it.

ConfigServer eXploit Scanner - cxs version failed at /usr/local/cpanel/whostmgr/docroot/cgi/addon_cxs.cgi line 19.

I searched the error and didn't find anything useful. Is this a known issue? Is there an easy solution?

thanks
dan

In each log scanner report I receive each hour there are references to

/var/log/cxswatch.log: (example follows)

Apr 4 15:34:07 buxton cxswatch : WARNING: '/home/waimeanu/public_html/silverstripe-cache/cache/zend_cache---internal-metadatas---i18nZend_Translate_RailsYaml_Options' scanned 6 times in the last 30 seconds, you might want to ignore this resource
Apr 4 15:34:07 buxton cxswatch :...

Hi,

i receive a report(Email) form CXS when someone upload php-shell script.
i want to get upload-er IP in report.

First I contact cPanel support, investigating it they found that the
CallUploadScript yes causing the problem.

All that immediately after today's update.

Is there a fix / walkthrough,? it's a bug ? I should remove from all server the
CallUploadScript parameter at least temporary ?

Hi,

How do i add some custom rule?

I found out some file with name dvmessages.php causing ddos on joomla site and i want cxs clean it every cron is running. Any idea how to do it?

dvmessages.php file contains:

defined( '_JEXEC' ) or die(@eval(base64_decode($_REQUEST )));
jimport( 'joomla.plugin.plugin' );