Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
I am planning on purchasing the cxs scanner, because previously I was using apache / atomicorp modsec rules but as I shifted to litespeed the modsecurity rules are no longer working. Which is a shame as since using those none of the sites hosted on the server got hacked / defaced.
So now I need a solution and cxs seems somewhat of an answer but it also seems to be dependent on modsec...
I created a cron from the cxs interface to run a scan once a day. When I look at crontab -e under root, I dod not see the entry. Can someone tell me where it is stored?
A CXS scan (via manual Generate Commands) does not find/alert
1. cxs.xtra stuff if it's not in a php file or maybe other script files.
If there is cxs.ztra stuff in a .html file it will not report it.
Even if it's included in a Javascript code.
2. CXS does not report/find a very bad javascript/malware in index.html while all other
free website scanners I tested found it.
This was the...
Another problem, when pysh the boton QUARANTINE we have /cuarentenacxs directory and push VIEW QUARANTINE send message Directory is not a cxs quarantine directory and can't view results.
This is a bug too for this version?? this are fixed in the next version?
I noticed today on the top of my CXS it now says the following.
Running in Restricted Mode - remove /etc/cxs/cxs.restricted to enable full access to this User Interface
The nature of this User Interface allows direct and indirect access to the root shell on the server, therefore any user access to this interface could allow abritrary commands to be run as root and system files to be overwritten....
I am Zaphod from SpambotSecurity . com (broken to avoid linking by zaphod). I have been distributing a GNU/GPL V2 security suite for PHP websites since 2008 named ZB Block.
As of June 1st, you had an update to either this script, or another, which began misidentifying the signatures.inc file of my script, as a known exploit. Since my script, and this file especially only works off...
In each log scanner report I receive each hour there are references to
/var/log/cxswatch.log: (example follows)
Apr 4 15:34:07 buxton cxswatch : WARNING: '/home/waimeanu/public_html/silverstripe-cache/cache/zend_cache---internal-metadatas---i18nZend_Translate_RailsYaml_Options' scanned 6 times in the last 30 seconds, you might want to ignore this resource
Apr 4 15:34:07 buxton cxswatch :...
Updating to cPanel 11.36 I see in every module
(cxs / modsec / csf) this error:
Can't use string ( _defheader.tmpl ) as a HASH ref while strict refs in use at /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/Template/Context.pm line 809.
I saw another user just posted another topic about suspicious script locations, but I've created this separate topic because my question is different. The other user asked about a way to disable the scan for scripts in suspicious locations.
I do not want to disable the scan for scripts in suspicious locations. It's a good idea and I want to keep it active.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum