Search found 12 matches

by gvard
30 May 2017, 08:55
Forum: General Discussion (csf)
Topic: RBL check -- iptables messages
Replies: 3
Views: 3705

RBL check -- iptables messages

Hello, Since the day before yesterday, our nightly RBL check fails with the following message: Subject: Cron <root@host> /usr/sbin/csf --rbl our@emailhere.com Body: iptables: Chain already exists. iptables: Resource temporarily unavailable. iptables: Resource temporarily unavailable. This happens to...
by gvard
17 Sep 2014, 16:33
Forum: General Discussion (csf)
Topic: How to properly ignore this command line
Replies: 2
Views: 3029

Re: How to properly ignore this command line

Thank you, I tried that the first time but it doesn't work. Need to escape some characters, but I can't find out the exact command with all these characters to be escaped:(
by gvard
10 Sep 2014, 13:14
Forum: General Discussion (csf)
Topic: How to properly ignore this command line
Replies: 2
Views: 3029

How to properly ignore this command line

Hello, I would like your help guys on how to properply ignore this command line, I don't know which characters to escape and have this working properly :( Executable: /home/virtfs/username/bin/bash Command Line: /usr/local/cpanel/bin/jailshell -c cd /home/username/public_html; php -f processmaker/wo...
by gvard
21 Jul 2013, 09:17
Forum: General Discussion (csf)
Topic: New app registered with whostmgr AppConfig: csf
Replies: 1
Views: 3050

New app registered with whostmgr AppConfig: csf

Hello, I constantly receive this e-mail for all my server every few days. Any ideas? A new app has been registered with AppConfig. Name: csf Service: whostmgr ACLS required: software-ConfigServer-csf System User: root URL(s): /cgi/configserver/csf.cgi Display Name: ConfigServer Security&<b>Firew...
by gvard
07 Jun 2013, 15:16
Forum: General Discussion (cxs)
Topic: CXS reporting symlink -- no option in crontab
Replies: 6
Views: 9183

Re: CXS reporting symlink -- no option in crontab

I cannot add each one of these false positives in /etc/cxs/cxs.ignore, because:

1) There are many usernames
2) They use different file locations
3) They keep adding them daily (and cxswatch blocks them).

One simple question for the authors: How can I ignore "symlink" alerts?
by gvard
07 Jun 2013, 07:45
Forum: General Discussion (cxs)
Topic: CXS reporting symlink -- no option in crontab
Replies: 6
Views: 9183

Re: CXS reporting symlink -- no option in crontab

Hello, There are a many legitimate scripts that have this on the, for example: com_joomlaupdate: // Create the symlink - only possible within PHP context. There's no support built in the FTP protocol, so no postproc use is possible here :( if( !AKFactory::get('kickstart.setup.dryrun','0') ) @symlink...
by gvard
06 Jun 2013, 08:57
Forum: General Discussion (cxs)
Topic: CXS reporting symlink -- no option in crontab
Replies: 6
Views: 9183

CXS reporting symlink -- no option in crontab

Hello, In my daily scan I use the following crontab: /usr/sbin/cxs -mail ###@#####.## --exp --novir -o mMOSGchdnD -Z --sum -T 5 -all --ignore /etc/cxs/cxs.ignore for some reason in more than a dozen servers I received today about 50-200 hits per server with the following reason: # Regular expression...
by gvard
19 Jan 2013, 08:20
Forum: General Discussion (cxs)
Topic: CXS 2.84: Cannot disable "suspicious location"
Replies: 6
Views: 8192

Re: CXS 2.84: Cannot disable "suspicious location"

Hello,

There is an application that creates PHP files with randon content and random name, however each file is exactly 27 bytes. Is there an option to exclude PHP files with 27 bytes size?
by gvard
18 Jan 2013, 09:21
Forum: General Discussion (cxs)
Topic: CXS 2.84: Cannot disable "suspicious location"
Replies: 6
Views: 8192

CXS 2.84: Cannot disable "suspicious location"

Hello, Since CXS 2.84, I've started receiving several quarantine alerts with this reason: Suspicious file location for a script [application/x-php] The problem is that several known applications put an empty index.php file (just the HTML tags) to prevent directory listing of that HTML file. Shouldn'...
by gvard
09 Dec 2012, 14:41
Forum: General Discussion (cxs)
Topic: CXS Sending multiple reports on full scan
Replies: 9
Views: 10463

Re: CXS Sending multiple reports on full scan

Hello,

You might want to show us some other examples rather than "Scan Timeout", since I don't see anything strange in these notifications. 9348 hits might be from world writable or suspicious directories, but I see only 1 noticeable hit (Virus/Fingerprint).