ConfigServer Community Forum

Hello,

I am planning on purchasing the cxs scanner, because previously I was using apache / atomicorp modsec rules but as I shifted to litespeed the modsecurity rules are no longer working. Which is a shame as since using those none of the sites hosted on the server got hacked / defaced.

So now I need a solution and cxs seems somewhat of an answer but it also seems to be dependent on modsec which causes more confusion. Please help in making me a more informed decision.

Cheers!

You might have better luck contacting ConfigServer at their sales@ address.

http://www.configserver.com/contact.html

hpk wrote:Hello,

I am planning on purchasing the cxs scanner, because previously I was using apache / atomicorp modsec rules but as I shifted to litespeed the modsecurity rules are no longer working. Which is a shame as since using those none of the sites hosted on the server got hacked / defaced.

So now I need a solution and cxs seems somewhat of an answer but it also seems to be dependent on modsec which causes more confusion. Please help in making me a more informed decision.

CXS web script scanning via mod-security is not compatible with litespeed due to litespeed's incomplete implementation of mod_security. If you have enabled suhosin, you could alternatively use the suhosin hook instead which will at least scan uploads via php script.

However, unless your server is a Virtuozzo or OpenVZ VPS, is severely overloaded or does not have sufficient resources, you should be able to use cxswatch, which does not depend on mod_security and is a more comprehensive scanning method.

Regards,
Sarah