Page 1 of 1

csx fingerprint cannot remove definitely

Posted: 25 Jan 2021, 07:17
by leonep
Hi,
i have a exploit i cannot remove. i hace updated website and change all password. i also try to ban ips but csx continue to report it to me. fortunately it block and send it to quarantine. i want to remove it definily if possible.tjis is a wp website

Scan Status Fingerprint
Scan Time Tue Jan 19 10:01:00 2021
Scan Type Web
Original File /tmp/20210119-100100-YAafzAY669wC7hX3itd0JwAAAMY-file-wdAtM9
Original File Size 3KB
Original File Type FingerPrint
Original File Owner nobody/nobody (99/99)
Original File Perms -rw------- (0600)
Original File atime Tue Jan 19 10:01:00 2021
Original File ctime Tue Jan 19 10:01:00 2021
Original File mtime Tue Jan 19 10:01:00 2021
Original File md5sum c29357ea231367ad8fa2988c66049a40
Original File Status Quarantined file (exists)
Quarantine File /home/quarantine/cxscgi/20210119-100100-YAafzAY669wC7hX3itd0JwAAAMY-file-wdAtM9.1611046860_1
Web User nobody (99)
Web Script Owner ()
Web Script File /home/xxxxx/public_html/wp-content/plugins/ioptimization
Web Script URL https://xxxx.it/wp-content/plugins/iopt ... e.php?rchk
Web Remote IP a.b.c.d
Web Remote Referrer www.google.com
Scan Message Known exploit = [Fingerprint Match] [PHP Exploit [P1791]]
Scan Command (/usr/sbin/cxs --nobayes --cgi --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --noforce --html --ignore /etc/cxs/cxs.ignore --mail root --options mMOLfSGchexdnwZDRru --qoptions Mv --quarantine /home/quarantine --quiet --sizemax 1000000 --smtp --ssl --summary --sversionscan --timemax 30 --nounofficial --virusscan --vmrssmax 2000000 /tmp/20210119-100100-YAafzAY669wC7hX3itd0JwAAAMY-file-wdAtM9)

[ exploit removed ]