Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
From:
Fixed a SECURITY BUG in Quarantine file restore which could result in root privilege escalation. The destination restore file must not now exist before restoring will work. Our thanks to Jeff Petersen for reporting this issue
All cxs users should upgrade to this release immediately
From:
Further SECURITY improvements to Quarantine functionality
After some extensive testing we've discovered a feature in ModSecurity where a cxs scan can report a seemingly non-existent script on a server which is being exploited.
The symptoms:
Web upload script user: nobody (99)
Web upload script owner: ()
Web upload script: /home/user/public_html/store/admin
Remote IP: 1.2.3.4
Deleted: No
Quarantined: No
To enable file upload scanning for web scripts, ModSecurity needs to have the option SecRequestBodyAccess enabled (as explained in the install document).
This option configures whether request bodies will be buffered and processed by ModSecurity.
You will need to ensure that other any ModSecurity rules that you have have been correctly written to deal with POST_PAYLOADS. If they have not, then...
When you run cxs you will invariably encounter false-positives that trigger one or more of the scanning options.
We do not recommend that you simply stop using the option that triggers, rather it would be better to simply ignore the false-positive files using an ignore file as per the documentation.
The best way to generate the ignore file is to create it first, e.g.:
touch...
I'm getting a version check that's telling me the versions of the RSForms mod_rsform and mod_rsform_list are old. It seems to be looking for version at least 3.3.3, but the current version of the module is 3.1.0, according to the RS Joomla site:
RSForm! Pro Module 3.1.0
With this module you can publish your form into a module (template position).
I have a problem for about a month. Before everything was running ok but for about a month cxs daily and weekly scans didn't ignore the directories that are written in the cxs.ignore file.
The directories i am having trouble are directadmins user logs directories that are found at /home/ /domains/ /logs
I have 2 line related for this in the cxs.ignore file:
Hi all,
I would like to add inside txt file all remote IP addresses that CXS detects via SCAN because then I would like to block these IP addresses on my external firewall.
Has anyone had this need and can tell me how to do it or redirect me to some good manual/topic on the forum that talks about it (I tried to search but I found nothing about it)?
I have been seeing the following in my logs since the last updates and wondered if this was a bug?
Haven't been able to find anything in my research that leads me to a solution.
Any ideas?
cxswatch.service: Failed with result 'signal'.: 1 Time(s)
cxswatch.service: Main process exited, code=killed, status=9/KILL: 1 Time(s)
lfd.service: Failed with result 'signal'.: 2 Time(s)
lfd.service:...
Hello!
I'm having some problems with a invasion on a few WHM accounts, CXS is able to locate just a small portion of them and put them on quarantine.
We're also scanning with Imunify and removing the files and injections manually.
There is someway for me to make CXS more effective? I've been just running a few custom commands on the accounts and cleaning based on the report.
just wondering if there is an upgrade or a plan to upgrade for the new Modsec v3 system?
currently i get errors if the vendor addon is enabled...
Error: API failure: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: AH00526: Syntax error on line 35 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Rules...
I saw your post regarding blocking suspicious PHP files, but I have questions regarding this...
I receive batch of emails like this from time to time:
Scanning web upload script file... Time : Wed, 21 Dec 2022 13:36:03 -0500 Web referer URL : www.google.com Local IP : 192.XXX.XXX.XXX Web upload script user : mywebsite
(1008) Web upload script owner: mywebsite (1008) Web upload script...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum