Hello
i found a file it have this code

#!/bin/sh
#
# This file is part of the phpseclib project.
#
# (c) Andreas Fischer
#
# For the full copyright and license information, please view the LICENSE
# file that was distributed with this source code.
#
set -e
set -x

USERNAME='phpseclib'
PASSWORD='EePoov8po1aethu2kied1ne0'

# Create phpseclib user and home directory
sudo useradd --create-home...

Hi Guys,
Examples I'm trying to match (last 5 chars random):
/tmp/.xcloner-10d02
/tmp/.xcloner-a714a
/tmp/.xcloner-f6e8e

My cxs.ignore rule:
pdir:^\/tmp\/\.xcloner- +$

Still getting notified. Yes, I've restarted cxs Watch. Please help - thanks :)

Hi,

How do i change quarantine directory from /usr/suspicious_files to /home/quarantine on CXS UI > Quarantine ?

Thank you

hi guys!
Im trying this, but i can't how resolve and i have any idea.

is possible obtain warning messages from ftp when i try upload files via some client as filezilla?

example : upload eicar.com.txt file (is a virus file) , filezilla show the message :

Starting upload of /Users/XXX/Downloads/eicar.com.txt
Status: File transfer successful, transferred 68 bytes in 1 second

when i refresh...

Hi,

1.- I have this configuration:

/usr/sbin/cxs --options -wW --Wstart --allusers --www --smtp --mail root --Wmaxchild 3 --Wloglevel 0 --Wsleep 3 --filemax 0 --Wrateignore 300 --quarantine /home/quarantine/ --qoptions MV --block

It works smoothly except for the --block feature... I've been testing and after upgrading a virus test via FTP it deletes it but doesn't block my IP.

I want to...

Hi to all,

We have a problem with a typo3 installation and cxs / modsec.
When saving a page in typo3 backend the following error messages appear:
Code: Select all
Error in init.php: Path to TYPO3 main dir could not be resolved correctly.

This happens if the last 6 characters of this path, ..../etc/cxs/ (end of $temp_path), is NOT typo3/ for some reason.
You may have a strange server...

Hi guys:
Which are step to migrate csx from old server to new server, putting config from old cxs in new cxs server, but diferent ip??
Regards.

After enabling IP reputation integration, I had multiple occasions of cpanel monitoriog reporting lfd failures and subsequent restarts on 2 servers. From lfd.log I was able to determine that the URI::Escape module was not installed. I manually installed that and thought the lfd stops and starts would be corrected. Alas I am now seeing FASTART errors that seem to coincide with the failures. I...

hello
how are you?

How can I find files that start with a specific text?
for example
Files that begin with the text below

$ us ['__ test__'

tnx

The CXS page on this website includes the following:
New in v7: IP Reputation System. The system provides a variety of IP blocklists gathered from information that is submitted by participating servers. This dual aspect provides the information to help protect the server using the reputation from active attacks
New in v7: Major update to Script Version Scanning. cxs now scans for more than 200...

Hi,

Sorry new to CSX so be gentle :-)

I have the following report, is this a real or a false positive?

Thanks
/daveb

Scanning web upload script file...
Time : Tue, 19 Sep 2017 08:42:25 +1000
Web referer URL :
Local IP : 103.237.108.162
Web upload script user : nobody (99)
Web upload script owner: ()
Web upload script path : /home/purecalm/public_html/wp-content
Web upload script URL :...

Searched and found this link.

After entering the command, I get a return to prompt with no output.

OS is CENTOS 6.8 standard v66.0.22

tried CSF -u got this

root@chaos # csf -u
Oops: Unable to download: Can't connect to download.configserver.com:443 (timeout)

Hello,
i have the latest version of CXS in cpanel.
Also i have some extra clamav rules from Atomicorp.
When i scan with clamscan -r -i /home/path/public_html
i can find some virus, for example Atomicorp.PHP.Malware.19.UNOFFICIAL FOUND
However when i scan with cxs, even if i enable all options for virus i find nothing.
For example:
/usr/sbin/cxs --report /var/log/cxs.scan --logfile...

I get people trolling I guess looking for scripts on the server to try to exploit.
I did change the username and domain name.
What I am wondering is how can I block and/or ban the IP address of the person after xx amount of hits?!?!

Scanning web upload script file...
Time : Mon, 4 Sep 2017 11:12:56 -0700
Web referer URL :
Local IP : 123.123.123.123
Web upload script user : nobody (99)
Web...

Hello,

I dont know how to report code not detected by CXS, so this is my contribution:

I found this today: a process running on my server, mining bitcoin or something like this.

The process:

The code I found on file:

So, this code download a binary and run on the server.

Hope CXS team can add this to be detected, because the CXS 6.39 (running as daemon cxswatch) dont detected today....

Hello, I just purchased CXS and implemented to my server, WHM&cPanel

everything works fine, except one thing:

after i enable cxs ModSecurity Scanning - Install and Enable Apache ModSecurity scanning

I can login to my website, but i can't edit pages. when i click update or submit, system will tell me : Forbidden You don't have permission to access / on this server

if i disable cxs...

Hello,

Is it possible to add multiple email recipients for the -mail option in CXS command line?

Thanks.

Current Version: ConfigServer eXploit Scanner - cxs v6.35
Running in Unrestricted Mode

Trying to upgrade to v6.38 and i get the following error:

Upgrading cxs...

Upgrading cxs from v6.35 to 6.38...
Retrieving new cxs installer...
...100%

Unpacking new cxs package...

gzip: stdin: unexpected end of file
tar: Child returned status 1
tar: Error is not recoverable: exiting now
sh: line 0: cd:...

Hi everybody,
I wonder if there is a way to scan exist files? If you know, please tell me!
Thank you!

Hello Chirpy!

The root email address is receiving cxs scan emails fine which is excellent. How can one configured CXS to send an email to the script owner's email address as well notifying of the quarantined file?

Thank you.