STICKY rules for CXS.XTRA regs.

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
68 posts Page 4 of 7

 

tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01


This actually worked:
regall:Undefined index: pin

with result:
# Regular expression match = [Undefined index: pin]:
'/home/webhost/public_html/images/ucon/error_log'

 

Sergio
Junior Member
Posts: 1366
Joined: 12 Dec 2006, 14:56


tvcnet wrote:
This actually worked:
regall:Undefined index: pin

with result:
# Regular expression match = [Undefined index: pin]:
'/home/webhost/public_html/images/ucon/error_log'
Sorry to tell you this, but the "error_log" file is going to be set as positive as what you are looking for is an error logged there, but that is not an exploit nor a script exploiting something, you are just searching for a chain of characters.

 

tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01


Got it.
Wouldn't that chain of characters have to be:
Undefined index: pin
?

Which as far as I can tell would only be found in this specific error log file used for this specific type of phishing script.

Thanks,
Jim

 

Sergio
Junior Member
Posts: 1366
Joined: 12 Dec 2006, 14:56


tvcnet wrote:
Got it.
Wouldn't that chain of characters have to be:
Undefined index: pin
?

Which as far as I can tell would only be found in this specific error log file used for this specific type of phishing script.

Thanks,
Jim
Do this, enter into your server as root and type the following:
less /usr/local/apache/log/error_log* | grep "Undefined index: pin"
this will show you how many times this error has been logged.

Just tell me what you see.

 

Sergio
Junior Member
Posts: 1366
Joined: 12 Dec 2006, 14:56


New regalls for the CSX XTRA file:
regall:test@test\.aol
Regards,

Sergio
monethart22
Junior Member
Posts: 1
Joined: 08 Sep 2010, 11:43


Sergio...Thanks for the stuffs and chirpy as well. I tried them and got it fixed!
Sergio
Junior Member
Posts: 1366
Joined: 12 Dec 2006, 14:56


I am including a new regall that you should add to your CXS as soon as you can:
%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F
this is part of an EVAL.

The following is what the code means:
document.write('<iframe src="http://
As you can see, this is very dangerous as the URL could be anything.

Sergio.
Sergio
Junior Member
Posts: 1366
Joined: 12 Dec 2006, 14:56


OsCommerce is getting hit with hacks to a file called "categories.php", most of the time the hacker is saving this file with a Trojan Virus or with another malicious code.

I have added a few new regall rules on the first post.

Sergio
tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01


Excellent! Thank you. -Jim
Sergio
Junior Member
Posts: 1366
Joined: 12 Dec 2006, 14:56


Sorry,
by mistake I didn't write one of the rules as it should be.

WRONG RULE:
regall:facebook\.com/crazytaxi/

FIXED RULE:
regall:facebook\.com\/crazytaxi\/

In the first post is already fixed.

Please note, if you have wrote as it is in the wrong rule, your CXS will not work.
68 posts Page 4 of 7