STICKY rules for CXS.XTRA regs.

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
67 posts Page 4 of 7
Post Reply

 

tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01
Post by tvcnet » 21 Apr 2010, 19:08
Quote
This actually worked:
regall:Undefined index: pin

with result:
# Regular expression match = [Undefined index: pin]:
'/home/webhost/public_html/images/ucon/error_log'
Top

 

Sergio
Junior Member
Posts: 1353
Joined: 12 Dec 2006, 14:56
Post by Sergio » 21 Apr 2010, 20:10
Quote
tvcnet wrote:
This actually worked:
regall:Undefined index: pin

with result:
# Regular expression match = [Undefined index: pin]:
'/home/webhost/public_html/images/ucon/error_log'
Sorry to tell you this, but the "error_log" file is going to be set as positive as what you are looking for is an error logged there, but that is not an exploit nor a script exploiting something, you are just searching for a chain of characters.
Top

 

tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01
Post by tvcnet » 21 Apr 2010, 20:44
Quote
Got it.
Wouldn't that chain of characters have to be:
Undefined index: pin
?

Which as far as I can tell would only be found in this specific error log file used for this specific type of phishing script.

Thanks,
Jim
Top

 

Sergio
Junior Member
Posts: 1353
Joined: 12 Dec 2006, 14:56
Post by Sergio » 22 Apr 2010, 13:55
Quote
tvcnet wrote:
Got it.
Wouldn't that chain of characters have to be:
Undefined index: pin
?

Which as far as I can tell would only be found in this specific error log file used for this specific type of phishing script.

Thanks,
Jim
Do this, enter into your server as root and type the following:
less /usr/local/apache/log/error_log* | grep "Undefined index: pin"
this will show you how many times this error has been logged.

Just tell me what you see.
Top

 

Sergio
Junior Member
Posts: 1353
Joined: 12 Dec 2006, 14:56
Post by Sergio » 17 Jul 2010, 20:42
Quote
New regalls for the CSX XTRA file:
regall:test@test\.aol
Regards,

Sergio
Top
monethart22
Junior Member
Posts: 1
Joined: 08 Sep 2010, 11:43
Post by monethart22 » 16 Sep 2010, 17:46
Quote
Sergio...Thanks for the stuffs and chirpy as well. I tried them and got it fixed!
Top
Sergio
Junior Member
Posts: 1353
Joined: 12 Dec 2006, 14:56
Post by Sergio » 21 Sep 2010, 17:00
Quote
I am including a new regall that you should add to your CXS as soon as you can:
%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F
this is part of an EVAL.

The following is what the code means:
document.write('<iframe src="http://
As you can see, this is very dangerous as the URL could be anything.

Sergio.
Top
Sergio
Junior Member
Posts: 1353
Joined: 12 Dec 2006, 14:56
Post by Sergio » 16 Dec 2010, 01:37
Quote
OsCommerce is getting hit with hacks to a file called "categories.php", most of the time the hacker is saving this file with a Trojan Virus or with another malicious code.

I have added a few new regall rules on the first post.

Sergio
Top
tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01
Post by tvcnet » 16 Dec 2010, 02:04
Quote
Excellent! Thank you. -Jim
Top
Sergio
Junior Member
Posts: 1353
Joined: 12 Dec 2006, 14:56
Post by Sergio » 16 Dec 2010, 18:43
Quote
Sorry,
by mistake I didn't write one of the rules as it should be.

WRONG RULE:
regall:facebook\.com/crazytaxi/

FIXED RULE:
regall:facebook\.com\/crazytaxi\/

In the first post is already fixed.

Please note, if you have wrote as it is in the wrong rule, your CXS will not work.
Top
Post Reply
67 posts Page 4 of 7
Return to “General Discussion (cxs)”