Featured post

New Pricing for January 2015, plus Holiday Schedule

Script and Service Pricing – 2015

Prices for our script applications and server services will see changes in the new year from 1st January 2015.

If you want to purchase at the current prices you should do so before 1st January 2015 as we will not be offering the old prices from that date onwards.

Holiday Schedule

We will be closing our Store from 22nd to the 29th of December 2014.

We will be closing our Help Desk from 24nd to the 29th of December 2014.

cxs and “CryptoPHP”

CryptoPHP:

http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/

cxs can detect “CryptoPHP” for currently reported variants (and has done so for some time with then known variants).

A few things to note:

  • As with all exploits, new variants are developed regularly so they will not always be detected
  • Ensure that you have a daily cron job to update cxs
  • cxs will not necessarily prevent an account being exploited as this “infection” is caused by clients installing illegal (“nulled”) applications that have already been exploited
  • As with all exploits, regular full cxs scans have to be run to detect newly reported variants that may have previously evaded cxs Watch
  • If you find new variants that are not detected by cxs, submit them to us in the normal manner (see the cxs –wttw [script] option in the documentation)

New cxs v5.07

Changes:

  • Modified new installs to better initially update to the latest fingerprints
  • Ignore and Xtra files can now use an Include statement to include additional files. If cxswatch is running then it will also watch the included files for changes and reload if necessary
  • Added new quarantine option –qignore [method] which used when restoring a file using –qrestore [file] will create an entry in –ignore [file] before restoring the file. See POD for more info
  • Optimised fingerprint database to remove duplicates and old entries of no value reducing the size without reducing effectiveness
  • Exploit fingerprint definitions database additions

New csf v7.56

Changes:

  • Fixed issue with Restricted UI item sanity checks failing
  • Modified LF_CSF on cPanel servers to detect a change in the cPanel version and then trigger a restart of ConfigServer scripts (lfd, MailScanner cxs Watch). Restart triggers are limited to every 12 hours and will only trigger if upcp is not running

cPanel v11.46 and csf/lfd

With the release of cPanel v11.46, changes in the cPanel provided Perl environment may cause errors in lfd with URL retrieval. To resolve the problem all that should be required is a restart of lfd. This can be done either from within the WHM csf UI or from the root shell with:

/etc/init.d/lfd restart

Check /var/log/lfd.log afterwards. This should only occur on time after the initial upgrade into cPanel v11.46.

To pre-empt the issue, you could add the above command to /scripts/postupcp

cPanel v11.46 and MailScanner

With the release of cPanel v11.46, changes in the cPanel provided Perl environment may cause problems with email delivery immediately following the upgrade. To resolve the problem all that should be required is a restart of MailScanner. This can be done either from within the WHM MailScanner UI or from the root shell with:

/etc/init.d/MailScanner restart

Check /var/log/maillog to ensure emails are processing afterwards. This should only occur on time after the initial upgrade into cPanel v11.46.

To pre-empt the issue, you could add the above command to /scripts/postupcp