General

New cxs v2.13

Changes:

  • During cxs Watch startup default to the POSIX locale to avoid error message ambiguity for intotify from the kernel
  • Improvements to –decode ([D]) option
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v2.12

Changes:

  • Improvements to –decode ([D]) option
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v5.31

Changes:

  • Updated the LF_TRIGGER_PERM explaination in csf.conf to properly reflect the possible settings of LF_TRIGGER
  • Perform account name sanitisation checks in lfd

New cxs v2.11

Changes:

  • Further SECURITY improvements to Quarantine functionality
  • All cxs users should upgrade to this release immediately

New cxs v2.10

Changes:

  • Fixed a SECURITY BUG in Quarantine file restore which could result in root privilege escalation. The destination restore file must not now exist before restoring will work. Our thanks to Jeff Petersen for reporting this issue
  • All cxs users should upgrade to this release immediately

New csf v5.30

Changes:

  • Fixed a SECURITY BUG that can be exploited remotely via log file spoofing resulting in root privilege escalation. Our thanks to Jeff Petersen for reporting this issue
  • All csf users should upgrade to this release immediately

New cxs v2.09

Changes:

  • New –options [R]. It will trigger a match for the inbuilt regex used by –options [D] when decoding PHP encoded (base64, etc) scripts
  • Improvements to –decode ([D]) option so that both the last and the penultimate decode level are both scanned
  • Added improved code for dropping privileges to the “nobody” user while running the interactive php interpreter as root
  • Ensure Quarantine only works on files
  • Updated UI text for options
  • Removed duplicated regex definitions from the database now that –options [R] has been added. Be sure to add R to your –options lists if you specify them if you still want to trap these.

New cxs v2.08

Changes:

  • Removed code that dropped privileges to the “nobody” user while running the interactive php interpreter as it broke subsequent scanning at depth
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v5.22

Changes:

  • New feature: Connection Limit Protection (CONNLIMIT, CONNLIMIT_LOGGING). This option configures iptables to offer more protection from DOS attacks against specific ports. It can also be used as a way to simply limit resource usage by IP address to specific server services. This option limits the number of concurrent new connections per IP address that can be made to specific ports. See csf.conf and readme.txt for more information and about the format of the CONNLIMIT option and its limitations
  • Minor csf UI Firewall Configuration virtual pagination improvements
  • Updated cPanel Server Check update settings for v11.30+
  • Removed cPanel Server Check for new versions due to changes in the v11.30+ versioning system making this redundant
  • Updated MySQL Server Check for v5.1.*
  • Added a warning to csf.conf for SYNFLOOD to only enable the option if you know you are under a SYN flood attack as it will restrict all new connection to the server if triggered

New cxs v2.07

Changes:

  • Improvements to –decode ([D]) option
  • New Feature – Added daily check for new Exploit Fingerprints. If cxs is scheduled to check for a new version daily, an additional check for new Exploit Fingerprints released since the last cxs version is performed. These will be downloaded and used on subsequent scans
  • Exploit fingerprint definitions database additions