Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Since CXS 2.84, I've started receiving several quarantine alerts with this reason:
Suspicious file location for a script [application/x-php]
The problem is that several known applications put an empty index.php file (just the HTML tags) to prevent directory listing of that HTML file. Shouldn't this search option be assigned a letter in qoptions, so we could enable it when we needed it? Also, is there an option to exclude files that have this pattern:
It is regarded as a suspicious file which are detected through --options [f]. Ignoring such files can be done through the normal mechanisms in a cxs.ignore file (see cxs.ignore.example), e.g. using md5sums for a unique ignore.
we are receiving hundreds of false positives from 8 servers using cxs.
it's not the file problem, it's the location that it is considered suspicious. there are a lot of scripts that put files on suspicious locations: wordpress, joomla, drupal, etc.
we are literally receiving on alert per minute since this option was enabled.
we can't ignore so many files, it should be an option to disable location check.
There is an application that creates PHP files with randon content and random name, however each file is exactly 27 bytes. Is there an option to exclude PHP files with 27 bytes size?
there are a lot of files that are created, a lot of modules within wordpress and joomla create files in suspicious locations.
if you are in shared hosting business and have 5.000 WPs or Joomlas, this becomes a real nightmare.
we have stopped cxs for now unfortunately. it is filling up our report email address with hundreds of false positives per hour.
gvard wrote:There is an application that creates PHP files with randon content and random name, however each file is exactly 27 bytes. Is there an option to exclude PHP files with 27 bytes size?