General

OVH.com Firewall Bug

It has come to our attention from multiple clients that there is a bug in the OVH.com server providers firewall that prevents access to some of our servers. This causes accessibility issues when trying to install or upgrade scripts, e.g. csf.

If you have a server at OVH.com with this issue and use their external firewall offering, then you need to either turn off their firewall for the server or, if possible, whitelist the IP addresses for:

download.configserver.com (currently 85.10.199.177) – for all our scripts
license.configserver.com (currently 85.13.213.202) – for cxs and msfe

Lastly, we would suggest you report the issue to OVH.com and hopefully they will fix their firewall product despite their protestations that they are not blocking anything.

New cxs v5.19

Changes:

  • Re-added POSIX Locale after changes in v5.16
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v7.65

Changes:

  • Fixed csf.blocklist for new installs which incorrectly had OPENBL enabled by default

New csf v7.64

Changes:

  • UI HTML updates and fixes
  • Modified openbl.org URLs in csf.blocklist to use https – this will likely need URLGET set to 2 (LWP)

New cxs v5.18

Changes:

  • Added white-space pre-wrapping to HTML emails
  • UI HTML updates and fixes
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v5.17

Changes:

  • Fixed –qcreate POD text
  • Added systemd support for pure-uploadscript

New cxs v5.16

Changes:

  • WARNING: The report format has changed in this version. If you are parsing cxs reports, they now show the filename and then all hits reported against that file before reporting the next file. Previously each reported hit was shown separately with the filename following
  • Renamed cxs cron job in /etc/cron.d/ from cxs.cron to cxs-cron to cater for non-LSB compliant Linux cron managers
  • New option –[no]html. With –[no]html enabled (default), emails will be sent in both plain-text and HTML formats. The option does not apply if –template [file] is used
  • Fixed cxs Watch to remove rateignore data for a file if it is deleted
  • Fixed rateignore hash array lookup and unneccessary rateignore removal causing files to be skipped
  • Added unsupported option –YRATEIGN. See POD for more information
  • Improvement to PHP script detection
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v7.63

Changes:

  • Modified Server Check to highlight PHP v5.3.* as EOL and therefore a security risk
  • Port 587 added to TCP_OUT/TCP6_OUT on all new installations (previously only on cPanel)
  • Added new CLI option to csf, -i –iplookup will lookup IP address geographical information using CC_LOOKUPS setting in /etc/csf/csf.conf
  • Manually allowed/denied permanent/temporary IPs through the csf CLI now include the CC information if no comment is used
  • Renamed csf and lfd cron jobs in /etc/cron.d/ to cater for non-LSB compliant Linux cron managers
  • Modified Server Check report to cater for servers running systemd
  • More Server Check fixes for out of date checks
  • Added 2 new alert settings for FTP and SMTP distributed attacks: LF_DISTFTP_ALERT and LF_DISTSMTP_ALERT

New cxs v5.15

Changes:

  • Fix for POD cron jobs RECOMMENDATIONS text

New cxs v5.14

Changes:

  • Modified –Wrateignore [secs] so that ignored resources are rescanned once [sec] expires
  • Modified cxs watch so that resource attribute changes only trigger an inotify event if –options [w] or [W] are used
  • cxswatch.sh now disables the world writable directory check options on new installations (–options -wW)
  • Removed options –Wsymlink [script], –Wsymlinkmax [num] and –Wsymlinksec [secs]. These options provided ineffective control of such exploits and caused performance isses with cxs Watch. The options will no longer function, but cxs commands will not fail if they are used
  • Updated cxs RECOMMENDATIONS section