ConfigServer Community Forum

Hi all,
I would like to add inside txt file all remote IP addresses that CXS detects via SCAN because then I would like to block these IP addresses on my external firewall.
Has anyone had this need and can tell me how to do it or redirect me to some good manual/topic on the forum that talks about it (I tried to search but I found nothing about it)?

Thank you very much.

Hi, Sarah.
Would you be kind to tell me what I am doing wrong on the following rule that I have created on CXS?

InmunifyAV+ is detecting the following code as malicious, so, I have added the rule in cxs.xtra to quarantine the file but is not working.

This is the code that I want to block:

(the letters inside brackets are random and can be upper and/or lower case.

All the rules are created...

I have been seeing the following in my logs since the last updates and wondered if this was a bug?
Haven't been able to find anything in my research that leads me to a solution.

Any ideas?

cxswatch.service: Failed with result 'signal'.: 1 Time(s)
cxswatch.service: Main process exited, code=killed, status=9/KILL: 1 Time(s)
lfd.service: Failed with result 'signal'.: 2 Time(s)
lfd.service:...

Hello!
I'm having some problems with a invasion on a few WHM accounts, CXS is able to locate just a small portion of them and put them on quarantine.
We're also scanning with Imunify and removing the files and injections manually.

There is someway for me to make CXS more effective? I've been just running a few custom commands on the accounts and cleaning based on the report.

I quite often receive cxswatch notifications such as this:

cxswatch Scanning /home/-----------/public_html/administrator/cache/page/6bcd733d21761eedca1b4bdf7116d137-cache-page-38b9d565663691ecd167624392049896.php:

'/home/--------/public_html/administrator/cache/page/6bcd733d21761eedca1b4bdf7116d137-cache-page-38b9d565663691ecd167624392049896.php'
Universal decode regex match =

My server is...

just wondering if there is an upgrade or a plan to upgrade for the new Modsec v3 system?

currently i get errors if the vendor addon is enabled...

Error: API failure: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: AH00526: Syntax error on line 35 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Rules...

Hi, I have some issues using CSX.
When scanning the reports give me File path check failure: Permission denied. ERROR on all files.

the exact line is:

# Clamd Error for : /home/bsov/domains/somedomain.nl/public_html/img/logo2.png: File path check failure: Permission denied. ERROR

Also when I run the script from the shell I get the same error.

Also the CX control menu yields no results.

I...

I would like to ignore all error_log under /home/*/public_html/ panoramacharter.ltd

192.168.1.1

Hi guys.

I saw your post regarding blocking suspicious PHP files, but I have questions regarding this...

I receive batch of emails like this from time to time:
Scanning web upload script file... Time : Wed, 21 Dec 2022 13:36:03 -0500 Web referer URL : www.google.com Local IP : 192.XXX.XXX.XXX Web upload script user : mywebsite
(1008) Web upload script owner: mywebsite (1008) Web upload script...

My quarantine report is blank.

I do have /home/quarantine dir with content

Scan reports also show files getting quarantined

cpanel / Ubuntu 20

I'm trying to make cxs ignore the wordpress file admin-ajax.php so I created a file named cxs.ignore (it didn't exist) and put the following in it:

hfile:/public_html/wp-admin/admin-ajax.php

Restarted the service but I'm still receiving emails about that file.

I read somewhere else on this forum that I needed to edit cxswatch.sh and add --ignore /etc/cxs/cxs.ignore but my cxswatch.sh has...

Hi,

I'm regularly getting an email form cxs Scan saying it is scanning a file but then Clamd gives an error saying there's a File path check failure: No such file or directory. ERROR

cxswatch Scanning /home/username/public_html/wp-content/cache/db/singletables/c99:

then:

# Clamd Error for : /home/username/public_html/wp-content/cache/db/singletables/c99: File path check failure: No such...

Hello,

CXS is reporting some false positives on some directory names and cached files. These are re-created every 15minutes when the cache is and I'd like to ignore all the files and directories within certain folders of every users directory. I suspect I will need a regex way of doing this, but not sure how this works with CXS as I can't find any good examples.

Many thanks
Tony

The docs are not very clear about this. Does it add one IP for each list it founds or for all lists?

There is a big difference because one IP can be in multiple lists. My question is if CSF considers the unique IP before it adds to the block list or just reads all the block lists and adds duplicates.

I have a spammer accessing my server via an outside source. But that's really not the problem at the moment.
Some clients can't access their website.
Some get a 403 Permission Denied
You do not have permission for this request /wp-admin/post.php
when editing a page

I just got CXS and ran a full scan and got back hundreds of emails for vipercache directory
----------- SCAN REPORT -----------...

Hi,
sorry for question i am not expert of csx.I have a lot of alert from csx from different account.
example:
Scanning web upload script file...
Time : Wed, 18 May 2022 12:48:55 +0200
Web referer URL : www.google.com
Local IP : 51.255.xx.xx
Web upload script user : nobody (99)
Web upload script owner: xxxx(1017)
Web upload script path : /home/xxxx/public_html/wp-admin/admin-ajax.php
Web upload...

Hi,

I have just installed CXS in my server

1) How do I check that CXS does not delete or blocks infected files from websites found in the daily/weekly scan? I want to be alerted by email but no that the files are deleted or quarantied

2) Can I perform a manually scan when I want for ALL the sites? The same questions biy apply the scan for ONE domain?

Thanks,
Francisco

hello I'm new to the forum.
I would like to add the fingerprint md5 to the files reported in the emails. I don't understand which file I need to modify and which option should be added.
I would like to do this to be able to easily add the md5 files to the cxs whitelist.
thanks

Hi,

I am trying to install CXS as per the instructions on the website, but am getting an error and support is closed for the holidays.

# wget
--2021-12-27 00:12:28--
Resolving download.configserver.com (download.configserver.com)... 94.x.x.x
Connecting to download.configserver.com (download.configserver.com)|94..x.x.x|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length:...

Current Version: ConfigServer eXploit Scanner - cxs v6.35
Running in Unrestricted Mode

Trying to upgrade to v6.38 and i get the following error:

Upgrading cxs...

Upgrading cxs from v6.35 to 6.38...
Retrieving new cxs installer...
...100%

Unpacking new cxs package...

gzip: stdin: unexpected end of file
tar: Child returned status 1
tar: Error is not recoverable: exiting now
sh: line 0: cd:...