ConfigServer Community Forum

Default filemax = 10000, this causes an error in some directories with more than 10,000 files. Is there any problem increasing filemax to 50000?

Hello,

I've been struggling with this for a while now, I have wordpress sites where everything is up to date but attackers are still able to upload files to the server. One such person has been trying to upload a backdoor since 1am in the morning. I can see 5 files with the same name quarantined.

Is it possible to identify how these files were uploaded?

I'm starting to loose my mind here, I...

I've uninstalled cxs, but still getting FAILED cxswatch emails every few minutes. I've even unchecked cxswarch in service manager.

How do I finish this uninstall?

Hi:
Not sure how i should handle this.

We have lot of wp-content/cache/wp-rocket/www.mydomain.tld advises, that are normal beacuse we install wp-rocket on our hostings.

Problem is that i want to ignore the Suspicious directory email, but, if exploit appears on wp-content/cache/wp-rocket/www.mydomain.tld/exploit.php, it should be detect also.

how can this acchieve ?

thanks in advance

I have a client that suddenly could no longer send mail via SMTP through our server. I traced this to their IP being in the LF_SMTPAUTH.txt blocklist (in the CXS IP Reputation feature), which we have enabled.

I confirmed that the user had never had an SMTP failure with our server (further confirmed by trying to remove the IP via the cxs --Rremove command, which failed because our server was not...

Hi,
i have a exploit i cannot remove. i hace updated website and change all password. i also try to ban ips but csx continue to report it to me. fortunately it block and send it to quarantine. i want to remove it definily if possible.tjis is a wp website

Scan Status Fingerprint
Scan Time Tue Jan 19 10:01:00 2021
Scan Type Web
Original File...

Hello,

New here, I apologize if this has been asked before. Tried searching the CXS subforum but couldn't find a similar thread.

I'm new to CXS, just got it ~2 weeks ago. I seem to be experiencing an odd one. CXS doesn't seem to pick up malware files after the server has rebooted, it only starts detecting them when I click restart CXS Watch from the ConfigServer eXploit Scanner section.

I've...

You must install ClamAV (Clamavconnector on cPanel) or ensure clamd is running to use this product correctly
If the clamd socket is not automatically detected, and to clear this message, you must set clamdsock=/path/to/socket in /etc/cxs/cxs.defaults to the live socket location

how to solve this.

I got an email with this message:

Scanning web upload script file...
Time : Mon, 16 Sep 2019 15:23:48 -0500
Web referer URL :
Local IP : 162.241.XXX.XXX
Web upload script user : nobody (99)
Web upload script owner: ()
Web upload script path : /home/FOLDERNAME/public_html/wp-content
Web upload script URL :
Remote IP : 202.104.9.163
Deleted : No
Quarantined : Yes

NOTE: does not exist on this...

hi guy

Currently, I receive reports from CXS, same as this screen :

I want to customize the report

Remove some changes, and reorder the order of the fields

Is it possible to modify or customize this report? How ? where?? which file to edit?

Hello everybody,

What is autodiscover.cgi up to?

How on earth can autodiscover.cgi upload a web file?

Scanning web upload script file...
Time : Fri, 11 Sep 2020 19:30:11 +0100
Web referer URL :
Local IP : 127.0.0.1
Web upload script user : nobody (99)
Web upload script owner: root (0)
Web upload script path : /usr/local/cpanel/cgi-sys/autodiscover.cgi
Web upload script URL :
Remote IP :...

Hi there. This is my first post in this community.
I just got the very good cleanup service from Jacob performed on my server, and now I am getting 50+ emails per day about:

subject: cxs Scan on xxxx.mydomain..com (Hits:1) (Viruses:0) (Fingerprints:1)

I would like to either get a daily digest, or just suppress them. Is there any quick adjustment in the settings I can do?

Thanks

Hello,

I transferred a suspicious file via FTP and I get this email error:

# Clamd Error for : Undefined path for Socket::pack_sockaddr_un at /usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/Socket.pm line 873.

Anyone had this issue ?

Server OS: CentOS 7
WHM Cpanel latest version v90.0.5

Hello,

I receive this error when scan detects suspicious files:

Quarantine disabled - Directory has > incorrect structure and should be recreated

This are the 3 directories inside: cxscgi cxsmon cxsuser

permissions:

drwxr-xr-x. 5 root root 4096 Sep 4 15:28 quarantine
drwx-wx---. 2 root nobody 4096 Sep 4 15:28 cxscgi
drw-------. 2 root root 4096 Sep 4 15:28 cxsmon
drw-------. 2 root root...

Hello,

I migrate my WHM Cpanel to another server. Is there any instruction on how to install cxs on WHM Cpanel and how to backup and and restore CXS ?

Thank you !

Hi,

Is it possible in cxs to send antivirus reports to the user directly ?

Thanks.

Hi,

I have CXS and ImmunifyAV+ both installed but I had to uninstall ClamAV.
I keep on getting mail now that ClamAV is required etc.

What to do in such case ?

Thanks in advance.

Hi there Folks

CXS is still a mystery to me so, while I'm slowing getting to grips with it being on our servers, could someone advise what to do with this?

.../public_html/accesson1.php] does not exist on this server. ModSecurity is still triggering cxs to scan the attempted uploading of potentially malicious data

I get these messages everyday from CXS from various of our servers. Do I...

Hello,

I need to clean the server of this file:

How to use xtra file to do it?
Thanks

Hello, 2 days ago the CXS started to send me more than 9000 messages/day from this user. Almost every minute I got a new message.

cxswatch Scanning /home/deangelispedro/public_html/eventoscris/wp-includes/css/wp-config.php:

'/home/deangelispedro/public_html/eventoscris/wp-includes/css/wp-config.php'
(quarantined to /home/quarantine/cxsuser/deangelispedro/wp-config.php.1591704356_1) Known...