STICKY rules for CXS.XTRA regs.

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01

Post by tvcnet »

This actually worked:
regall:Undefined index: pin

with result:
# Regular expression match = [Undefined index: pin]:
'/home/webhost/public_html/images/ucon/error_log'

Sergio
Junior Member
Posts: 1383
Joined: 12 Dec 2006, 14:56

Post by Sergio »

tvcnet wrote:This actually worked:
regall:Undefined index: pin

with result:
# Regular expression match = [Undefined index: pin]:
'/home/webhost/public_html/images/ucon/error_log'
Sorry to tell you this, but the "error_log" file is going to be set as positive as what you are looking for is an error logged there, but that is not an exploit nor a script exploiting something, you are just searching for a chain of characters.

tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01

Post by tvcnet »

Got it.
Wouldn't that chain of characters have to be:
Undefined index: pin
?

Which as far as I can tell would only be found in this specific error log file used for this specific type of phishing script.

Thanks,
Jim

Sergio
Junior Member
Posts: 1383
Joined: 12 Dec 2006, 14:56

Post by Sergio »

tvcnet wrote:Got it.
Wouldn't that chain of characters have to be:
Undefined index: pin
?

Which as far as I can tell would only be found in this specific error log file used for this specific type of phishing script.

Thanks,
Jim
Do this, enter into your server as root and type the following:
less /usr/local/apache/log/error_log* | grep "Undefined index: pin"
this will show you how many times this error has been logged.

Just tell me what you see.

Sergio
Junior Member
Posts: 1383
Joined: 12 Dec 2006, 14:56

Post by Sergio »

New regalls for the CSX XTRA file:
regall:test@test\.aol
Regards,

Sergio

monethart22
Junior Member
Posts: 1
Joined: 08 Sep 2010, 11:43

Re: Set a Sticky for CSF.XTRA regs.

Post by monethart22 »

Sergio...Thanks for the stuffs and chirpy as well. I tried them and got it fixed!

Sergio
Junior Member
Posts: 1383
Joined: 12 Dec 2006, 14:56

Re: Set a Sticky for CSF.XTRA regs.

Post by Sergio »

I am including a new regall that you should add to your CXS as soon as you can:
%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F
this is part of an EVAL.

The following is what the code means:
document.write('<iframe src="http://
As you can see, this is very dangerous as the URL could be anything.

Sergio.

Sergio
Junior Member
Posts: 1383
Joined: 12 Dec 2006, 14:56

Re: Set a Sticky for CSF.XTRA regs.

Post by Sergio »

OsCommerce is getting hit with hacks to a file called "categories.php", most of the time the hacker is saving this file with a Trojan Virus or with another malicious code.

I have added a few new regall rules on the first post.

Sergio

tvcnet
Junior Member
Posts: 38
Joined: 30 Sep 2009, 00:01

Re: Set a Sticky for CSF.XTRA regs.

Post by tvcnet »

Excellent! Thank you. -Jim

Sergio
Junior Member
Posts: 1383
Joined: 12 Dec 2006, 14:56

TYPOS in last rule.

Post by Sergio »

Sorry,
by mistake I didn't write one of the rules as it should be.

WRONG RULE:
regall:facebook\.com/crazytaxi/

FIXED RULE:
regall:facebook\.com\/crazytaxi\/

In the first post is already fixed.

Please note, if you have wrote as it is in the wrong rule, your CXS will not work.

Post Reply