ConfigServer Community Forum

hi,
how to install ConfigServer exploit scanner on CentOS Web Panel,

Is there a different installation method, I get the following error when doing the installation?

Checking Perl modules...
Can't locate Linux/Inotify2.pm in @INC (@INC contains: /etc/cxs /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .)...

Hello,

I am a newbie in CXS, and i've just bought CXS several days ago for my web server.
i got this log messages

Feb 9 18:44:08 ovan cxswatch : WARNING: '/home/online/public_html/mobile_version/error_log' scanned 6 times in the last 30 seconds, you might want to ignore this resource
Feb 9 18:44:08 ovan cxswatch : Ignoring file for the next 300 seconds:...

I keep getting this error page when I try to Enable | Start the cxs Watch ...
Software error:

open3: exec of /usr/sbin/service cxswatch start failed: No such file or directory at /etc/cxs/ConfigServer/cxsServices.pm line 351.

For help, please send mail to this site's webmaster, giving this error message and the time and date of the error.

looks like something to do with the perl module...

I am seeing this on one of our installs:

Web upload script path : /home/csf/public_html/wp-content
Web upload script URL :
Remote IP : 111.111.111.111
Deleted : No
Quarantined : Yes

NOTE: does not exist on this server. However, ModSecurity is still triggering cxs to scan the attempted uploading of potentially malicious data

What is causing csf to populate instead of the username of the...

Hello,

When cxs ModSecurity Scanning enabled on a directadmin server which has got openlitespeed with comodo waf, does cxs work?

Anyone knows that are compatible?

Thanks

On our old servers we only every got a daily csx email if there was something to be alerted about. On our new server we get an email everyday even if there are no issues - a blank /empty email with just the command at the top.

----------- SCAN REPORT -----------
TimeStamp: Fri, 26 Jul 2019 00:00:02 -0400
(/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --ctime 25 --dbreport...

I would like to ignore cache files in WordPress. For example:

'/home/username/public_html/wp-content/cache/wp-cache-46468fced3eda21852947cfe41900145.php'
Regular expression match =

I have this in the /etc/cxs/cxs.ignore file and have confirmed that I have --ignore /etc/cxs/cxs.ignore enabled on cxscgi.sh, cxsftp.sh and cxswatch.sh

Is this the right way to do it?...

Hello.
We uploaded several shells for testing in the hosts which, fortunately, was a good result and was sent to us from the server as soon as the file was uploaded.

But there is a problem here when entering the plugins in whm and going to cxs control, the shell quarantine record is not automatically recorded, although the settings are refreshed and adjusted, but you must be sure to bring the...

When CSF runs the following
Subject: Cron /usr/sbin/cxs --report /var/log/cxsreports/scanweekly.log --mail root --smtp --quiet --nosummary --www --virusscan --voptions fmMhexT --all --smtp --mail root --options mMOLfuSGchexdnwZRrD

I get this output by email (hundreds of lines):
Use of uninitialized value in numeric lt (<) at...

Hi there,

I don't want to clog up support too much, so will try here first, hopefully someone can give me some advice and/or confirm whether I'm doing it right.

I've created a cxs.ignore file and started cxs with the --ignore option, so far so good.

Now what I would like to do is ignore some regex matches that are being detected via --options , in particular too many false positives with...

Hi:

I running cxs on debian server with command:

and it throw this error:

Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/��� Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/��� Unescaped...

Hi, just wondering if there was an update applied early this morning on CXS?

Time: Wed Apr 3 03:40:11 2019 -0400

The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:

/usr/sbin/cxs: FAILED
/sbin/cxs: FAILED...

Hi,

It's some time that I receive lfd scanner mails with this kind of errors from cxswatch:

Mar 4 01:02:18 srvcp01 cxswatch : Child 1: (Scan Error while processing) '/home/fateitalia/public_html/error_log'

What's the problem there?

Thanks,

when I click on the link on WHM-->Plugins--->ConfigServer eXploit Scanner
I get a Internal Server Error 500 Page:

No response from subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/configserver/cxs.cgi):

how to fix this?

How do I change the email address attached to my CXS license ?​

got a bayes medium detection today that is definitely an exploit but cannot submit via the CXS interface because it is in a zip
compressed file: revslider/V5rev.php ) Bayes exploit probability score
Original File md5sum d6365dfd71f0d2704f76330ab3b84765

Extracted PHP
MD5 827622aa39b891cb8d9c43f090efceae
SHA-1 91357d31683ce4c9a04ad86c8611cdbe0c6fd0b2

Error: File is not a script.You can only...

Hello, for the past weeks my server loads have been high and my datacenter tells me clamav is very active and it's called by cxs .

I have CLOUDLINUX 6.9 x86_64 standard, WHM 62.0 (build 21), CXS v6.35, and my loads are 4.99 5.93 5.45 for example.

I don't know what happened but clamav process is consuming very very cpu and memory.

Pid 492707
Owner root
Priority 0
CPU % 122.92
Memory % 1.76...

I am getting over 800 emails a day about how CXSWATCH is failing to start.

If I stop the service, will the scans I am getting emailed about stop?

And will it make CXS useless?

Thank you.

Aloha,

I recently purchased the ConfigServer cPanel setup package, and have now noted a ClamAV Logwatch error regarding it being outdated.

I've followed the instructions listed within the body of the email, and the update process states the package is not installed.

# yum update clamav
Loaded plugins: fastestmirror, rhnplugin, universal-hooks
This system is receiving updates from CLN....

I started getting this FAILED ⛔: cxswatch email last night and has been sending non stop for the last 5 hours.

I looked into upgrading CXS from cxs: v9.15 to v9.16 but when I try through WHM, I am getting Modification of non-creatable array value attempted, subscript -1 at /usr/sbin/cxs line 233.

Any assistance will be much appreciated. Thanks!