General

New cxs v1.14

Changes:

  • Added new experimental options –decode [file] and –depth [num]. See the perldoc documentation for more information
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.13

Changes:

  • Modified FrontPage extensions check to be case-insensitive
  • Use of –all –mail [email] and –nosummary will now only report suspicious accounts instead of all accounts. –report [file] will still contain the full report
  • Updated cxs perldoc help
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v4.87

Changes:

  • Ignore csf.rignore for LT_POP3D and LT_IMAPD
  • Removed unnecessary csf.locks during some GLOBAL list updates
  • Updated Copyright notice
  • Modified the block message for LF_MODSEC and LF_SUHOSIN to be more appropriate ( i.e. not “login failures” )
  • Added new block options for BIND denied requests: LF_BIND, LF_BIND_PERM, BIND_LOG. This works in the same way as the other similar blocks, e.g. LF_SUHOSIN. It will block IP addresses that have had BIND (named) requests denied more than LF_BIND times in LF_INTERVAL seconds. Currently named client denied log lines for “update” and “zone transfer” trigger the option
  • Modified GLOBAL_ routines to continue if retrieval for one fails instead of immediately exiting
  • Added IPv6 check to Server Check
  • Display DNS lookup results for IP addresses if CC_LOOKUPS is enabled on single line comments (lfd.log, csf.deny, etc)
  • Added new options LF_PERMBLOCK_ALERT and LF_NETBLOCK_ALERT so that the respective email alerts can be disabled
  • Updated IP::Country

New cxs v1.12

Changes:

  • New option (-X, –xtra [file]) to allow custom regular expression matches and filenames that cxs will additionally scan for
  • Exploit fingerprint definitions database additions

New cxs v1.11

Changes:

  • Modified hidden image text file to exclude most FrontPage extensions files
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v4.86

Changes:

  • Added Dovecot regex checking for LT_POP3D and LT_IMAPD
  • Modified Server Check for Fedora v10 EOL now that Fedora v12 has been released
  • Improved Dovecot IMAP and POP3D login failure regex
  • Ignore RELAYHOSTS setting for LT_POP3D and LT_IMAPD
  • Fixed TLSCipherSuite Server Check for proftpd
  • Added SSHD regex for “Did not receive identification string from IP” failures

New cxs v1.10

Changes:

  • Added new check to suspicious file routine to detect text files hiding as image files
  • Made file extension checks case-insensitive
  • Exploit fingerprint definitions database additions

New csf v4.85

Changes:

  • Further improvements to ICMP rule filters
  • Added backup mod_security log viewer for non-cPanel servers

New csf v4.84

Changes:

  • Mod_security log viewer removed from csf in favour of cmc
  • Improved ICMP rule filtering. This could help some hosts that experience connection issues with csf
  • Added ICMP regex checking to Port Scan Tracking. Add ICMP to PS_PORTS to include this, i.e. to Port Scan for all ports use:PS_PORTS = “0:65535,ICMP”This is now the default on new installations