General

New cxs v8.11

Changes:

  • New –options [I]. This option will trigger a match for Ioncube files. As Ioncube files cannot be decoded by cxs, this option can be used to block uploads of Ioncube files in cxscgi.sh. Otherwise, the script will have to be detected using –xtra [file] and the MD5SUM of the script
  • Modified option -wttw [file] to prevent reporting of Ioncube files as we cannot decode them and so cannot determine their function
  • Option for Ioncube trigger added to UI wizards

New cxs v8.10

Changes:

  • Modified UI display of the current configuration for the various cxs commands so that it shows a quarantine error if present
  • Added buttons to UI to display the current configuration for the Daily and Weekly cxs commands
  • Added golang file detection for exploit fingerprints

New csf v11.07

Changes:

  • Added missing WAITLOCK to iptables when processing advanced port filters in csf and lfd and checking csf status in UI
  • Added WAITLOCK, if enabled, to iptables-restore commands during FASTSTART
  • Server Check Report – removed ini_set check as so many scripts use ini_set nowadays. Updated text on various checks
  • Updated the postfix SMTP AUTH regex
  • Added new SSHD “maximum authentication attempts exceeded” regex
  • Set basic PATH before running csfpre.sh/csfpost.sh to avoid binary location issues
  • csf now runs csfpre.sh/csfpost.sh directly without forcing it through /bin/sh. If present, csf chmods the script 0700 and checks for a shebang. If the shebang is missing #!/bin/bash is added to the top. The script is then run
  • Added seventh parameter to regex.custom.pm to allow Cloudflare blocking if a CUSTOM regex is triggered (see latest regex.custom.pm in distro)
  • Rearranged UI tabs and shortened tab names. Moved quick actions to the top of the “csf” tab pane
  • Added “AUTH command used when not advertised” to the LF_EXIMSYNTAX regex check
  • Added new csf CLI cluster option: -ci, –cignore ip [comment] This will add the IP to each remote /etc/csf/csf.ignore member and then restart lfd. This has also been added to the UI
  • Fixed cluster grep output in UI
  • Modified MESSENGERV2 to support combined certificates+keys in cPanel v68+
  • Added triggered setting and, if applicable, temporary TTL to the “Blocked:” status in block alert emails
  • Added “wildcard” option to “Search System Logs” UI to use ZGREP to search the specified log with a wildcard suffix
  • ZGREP option added to csf.conf which must point to the zgrep binary
  • Added git binaries to csf.pignore on cPanel servers for upcoming v72/74 features

New cxs v8.09

Changes:

  • Fixed UI not allowing Save Wizard Defaults if in Restricted Mode
  • Fixed Save Wizard Defaults when –www, –smtp or –dbreport disabled

New cxs v8.08

Changes:

  • Added buttons to UI to display the current configuration for the various cxs commands
  • Added timeout to d/b connect to prevent hanging processes waiting for a d/b lock
  • Improved efficiency of /etc/cxs/cxscgi.queue processing
  • Improved efficiency of quarantine scan processing in UI

New cxs v8.07

Changes:

  • Fixed issue where cxsWatch was needlessly updating the SQLite D/B on each scanned file which was causing some performance problems

New cxs v8.06

Changes:

  • Fixed bug when using –config [file] in /etc/cxs/cxsftp.sh

New cxs v8.05

Changes:

  • Added new option –cutcgimail. This option suppresses emails sent by cxs for ModSecurity hits from /etc/cxs/cxscgi.sh where the reported web script does not exist on the server. Any configured quarantine or delete operations will still be performed. Note: This option is the synonymous with the unsupported –YSKIPCGI option which will continue to work in the same way
  • Added –cutcgimail to the cxs ModSecurity Wizard as “Reduce the number of emails from ModSecurity hits”
  • Changed the wording in the email sent where the reported web script does not exist on the server
  • Improvements to the saving logic in the various UI Wizards

New cxs v8.03

Changes:

  • Fix issue using stat() after abs_path() on an orphaned sylink

    NOTE: If you received error “Use of uninitialized value $arg in stat”
    during a a cron job scan, that scan will still have completed
    successfully and this fixes that issue

  • Ensure d/b is closed after processing dbreport
  • Ensure crond is restarted after making changes to cxs-cron