403 errors

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Post Reply
n2rga
Junior Member
Posts: 9
Joined: 09 Apr 2014, 03:48

403 errors

Post by n2rga »

I have a spammer accessing my server via an outside source. But that's really not the problem at the moment.
Some clients can't access their website.
Some get a 403 Permission Denied
You do not have permission for this request /wp-admin/post.php
when editing a page

I just got CXS and ran a full scan and got back hundreds of emails for vipercache directory
----------- SCAN REPORT -----------
TimeStamp: Mon, 27 Jun 2022 17:15:01 -0400
(/usr/sbin/cxs --allusers --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 0 --noforce --html --ignore /etc/cxs/cxs.ignore --mail root --options mMOLfSGchexdnZDRru --noprobability --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 1000000 --smtp --ssl --summary --sversionscan --timemax 30 --nounofficial --virusscan --vmrssmax 2000000 --Wloglevel 0 --Wmaxchild 3 --Wnotify inotify --Wrateignore 300 --Wrefresh 7 --Wsleep 3 --Wstart --www --xtra /etc/cxs/cxs.xtra)

cxswatch Scanning /home/kingXXXXXX/public_html/wp-content/uploads/vipercache/www.kingscountyXXXXXXXXX.com_launch-of-nine-chinese-amateur-radio-satellites-postponed-24-hours:

'/home/kingXXXXXX/public_html/wp-content/uploads/vipercache/www.kingscountyXXXXXXXXXXXXX.com_launch-of-nine-chinese-amateur-radio-satellites-postponed-24-hours'
# Suspicious directory

----------- SCAN SUMMARY -----------
Scanned directories: 1
Scanned files: 2
Ignored items: 0
Suspicious matches: 1
Viruses found: 0
Fingerprint matches: 0
Data scanned: 0.07 MB
Scan peak memory: 148676 kB
Scan time/item: 0.030 sec
Scan time: 0.091 sec
The next day scan finished and saw 403 errors and a client saying they can't get into their sites. I myself see it in my site.
Should I uninstall CXS?
I have since put vipercache directory in the ignore file and the emails have stoped.
How do I fix access to the server.
I don't think I was hacked. just a spammer from an outside source.
According to Spamhaus removals
Thank you for contacting Spamhaus XBL Removals,

Please use https://translate.google.com/ for language, if needed.

A device (server, computer, mobile phone, etc), or an app on a device that is using 66.XX.XX.XXX is infected, insecure or compromised, and it is sending spam:

srcip: 66.XX.XX.XXX
Subject: Future Fusion Net Question
timestamp: 2022-06-16
Help client is upset.

Mitch
Post Reply