General

New cxs v3.27

Changes:

  • NOTE: Support for using suhosin is deprecated and will be removed in the near future – use ModSecurity instead. If you are unable to use ModSecurity, you will have to rely on either cxs Watch or manual scans
  • New option added: –defapache [user]. This is the default account under which apache runs. This will be set to “apache” by default except on cPanel servers where it is set to “nobody” by default
  • Make cxs watch restart reason more verbose
  • Improved file type detection for files within archives
  • Improvements to the main decoder regex
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

 

New csf v6.37

Changes:

  • Fixed issue that produced false-positive failures for IP address actions through UI when checking for a valid IP address
  • Modified lfd to support the use of either “password” or “pass” in /root/.my.cnf for ST_MYSQL
  • Updated CLUSTER information in readme.txt

 

New cxs v3.26

Changes:

  • Fixed issue with cxs process termination due to scanning timeouts
  • Prevent regex hangs due to some exploit tactics
  • Fixed quarantine UI not restoring file permissions correctly

 

Atomic Secured Linux Delayed ModSecurity Rules

In their infinite wisdom, ASL have decided to no longer provide their delayed ModSecurity rules as from today with no warning whatsoever. They were a very useful resource to those that did not wish to pay for the supported live rules, but they are now gone.

The update script that we provided with our services packages will now no longer function. You can either continue using the rules that are installed, but if you require updated rules in the future, you will need to pay ASL for them.

New cxs v3.25

Changes:

  • Extended fingerprint checks for alternative linefeeds in scripts
  • Fixed functionality of the included test.cgi upload test script
  • Enforce stricter permissions on /var/log/cxswatch.log
  • Disable option to upgrade cxs in DA UI and instruct to use CLI
  • Added use of –force to –upgrade to redo upgrade to latest version if required
  • Additional checks to terminate php child process if timeout occurs
  • Exploit fingerprint definitions database additions

New cxs v3.24

Changes:

  • Added the following to Script Version Scanning:
    Joomla XCloner Ext, WP XCloner Ext
  • Added new advanced PHP decoders
  • Exploit fingerprint definitions database additions

New csf v6.36

Changes:

  • Removed VPS PASV check from Server Check in UI
  • Added new option URLGET – This option can be used to select either HTTP::Tiny or LWP::UserAgent to retrieve URL data. HTTP::Tiny is faster than LWP::UserAgent and is included in the csf distribution. LWP::UserAgent may have to be installed manually, but it can better support https:// URL’s. HTTP::Tiny is selected by default
  • Removed extraneous bracket in UI output when reporting errors in user supplied data
  • Added new options LF_EXIMSYNTAX, LF_EXIMSYNTAX_PERM – These will block IP addresses producing repeated exim syntax errors, typically seen from: spammers, hackers and broken MUAs and MTAs. This option is enabled by default
  • HTTP::Tiny upgraded to v0.036

New cxs v3.23

Changes:

  • Added the following to Script Version Scanning:
    CubeCart
  • Fixed cxs Watch in DA where new account creation was not automatically detected
  • HTTP::Tiny upgraded to v0.036

New cxs v3.22

Changes:

  • Added the following to Script Version Scanning:
  • AbanteCart, AEF, b2evolution, CMS Made Simple, CodeIgnitor, Concrete5, Dotclear, e107, Elgg, Feng Office, HESK, Jcow CE, MODX Evolution, MODX Revolution, Noahs Classifieds, OSClass, ownCloud, Oxwall, Piwigo, Piwik, Seo Panel, Serendipity, StatusNet, TomatoCart, Xoops, ZenPhoto, Zikula
  • Added the following popular WordPress extensions to Script Version Scanning:
    WP Sociable
    WP Share This
    WP WP Super Cache
    WP All In One WP Security & Firewall
    WP BulletProof Security
    WP FD Feedburner
    WP Google Adsense Plugin
    WP WordPress Simple Paypal Shopping Cart
    WP WordPress eShop
    WP WordPress s2Member
    WP UpdraftPlus
    WP BackUpWordPress
  • Added the following popular Joomnla extensions to Script Version Scanning:
    Joomla Akeeba
    Joomla AllVideos
    Joomla CDN for Joomla
    Joomla Community Builder
    Joomla JEvents
    Joomla Jomsocial
    Joomla K2
    Joomla Kunena
    Joomla Phoca Gallery
    Joomla sh404SEF
    Joomla Simple Image Gallery
    Joomla Xmap
  • Exploit fingerprint definitions database additions

New cxs v3.21

Changes:

  • Disable Script Version Scanning for web script scanning (cxscgi.sh) as it does not apply
  • Perl module Storable added to the required list
  • Added ten of the most popular WordPress extensions to Script Version Scanning:
    WP Akismet Ext v2
    WP Better WP Security Ext v3
    WP Contact Form 7 Ext v3
    WP Facebook Ext
    WP Google XML Sitemaps Ext v3
    WP Jetpack Ext v2
    WP NextGEN Gallery Ext v2
    WP Seo Ext
    WP W3 Total Cache Ext
    WP WooCommerce Ext v2
  • Added ten of the most popular Joomla extensions to Script Version Scanning:
    Joomla Advanced Module Manager Ext v4
    Joomla JCE Ext v2
    Joomla RAntiSpam Ext v3
    Joomla Joomla LiveHelpNow Chat Ext v2
    Joomla Rapid Contact Ext
    Joomla Asynchronous Google Analytics Ext v2
    Joomla Google Maps Ext v3
    Joomla Sourcerer Ext v4
    Joomla Tabs Ext v3
    Joomla Modules Anywhere Ext v3
  • Added the following to Script Version Scanning:
    OpenCart, Nucleus CMS, Open Classifieds, LimeSurvey, ClipBucket, WHMCS, Coppermine Photo Gallery
  • Exploit fingerprint definitions database additions