General

cPanel Service Package includes cxs for free

We’re currently offering cxs for free as part of our cPanel Service Package.Our new product is proving popular amongst web hosting providers concerned about exploits being uploaded to client sites affecting not only their account, but all accounts on the server.By including cxs with our cPanel Service Package we’re bolstering what is already a great package that helps in securing and managing your cPanel server, whether it is large or small, new or old.

ConfigServer eXploit Scanner (cxs) – Released!

ConfigServer eXploit Scanner (cxs) is a new tool from us that performs active scanning of files as they are uploaded to the server.

Active scanning is performed on all text files uploaded through:

  • PHP upload scripts (via a mod_security or suhosin hook)
  • Perl upload scripts (via a mod_security hook)
  • CGI upload scripts (via a mod_security hook)
  • Any other script type that utilizes the HTML form ENCTYPE multipart/form-data (via a mod_security hook)
  • Pure-ftpd

The active scanning of uploaded files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. This includes recent exploits such as the Dark Mailer spamming script and the Gumblar Virus.

cxs also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). It has been tuned for performance and scalability.

Included with the cxs Command Line Interface (CLI) is a web-based User Interface (UI) to help:

  • Run scans
  • Schedule and Edit scans via CRON
  • Compose CLI scan commands
  • View, Delete and Restore files from Quarantine
  • View documentation
  • Set and Edit default values for scans
  • Edit commonly used cxs files

cxs is currently a cPanel only product.More information, pricing and ordering available here:http://www.configserver.com/cp/cxs.html

New csf v4.78

Changes:

  • Modified DA installation to overcome permissions problems on some systems preventing the UI from working

Beta Testers for ConfigServer eXploit Scanner (cxs) product

We are looking for volunteer Beta Testers for a new product that we have in development:ConfigServer eXploit Scanner (cxs) is a new tool from us that performs active scanning of files as they are uploaded to the server:

  • PHP/Perl/CGI upload scripts (using a mod_security hook)
  • pure-ftpd

The active scanning of uploaded files can help prevent exploitation of an account by malware by deleting or moving to quarantine suspicious files before they become active. Apart from this option (to delete files) the product is non-destructive.cxs also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). Note: cxs is not a rootkit scannercxs is a commercial product that will be sold and licensed on a per server basis. Unlike competing products, it will strictly be a one-time per server license purchase with updates for the life of the product, all at a reasonable price :)This is now closed – thanks to all who are participating and we hope for a release of this product soon.

New csf v4.77

Changes:

  • Expanded dovecot regex matching
  • Fixed the generic installation to install regex.custom.pm

New csf v4.76

Changes:

  • Added check for FrontPage extensions to Server Check as they should be considered a security risk as they were EOL in 2006
  • Added support for the impending cPanel v11.25 Security Tokens feature

New csf v4.75

Changes:

  • Added a [block] section to the Login Failure alert.txt template. This new report template will be copied to /etc/csf/alert.txt.new on existing installations, rename it to alert.txt to use it
  • Modified existing lfd alerts to use currently used tags instead of appending block information to the IP address (alert.txt modified as above)
  • Added new options trigger for RT_LOCALHOSTRELAY_* to csf.conf for email sent via a local IP addresses, separating the trigger from RT_LOCALRELAY_* which is now only for /usr/sbin/sendmail. See csf.conf for more information
  • Added Relay Tracking to Direct Admin running exim. See RT_* and SMTPRELAY_LOG in csf.conf for more information
  • Added csf.mignore to allow ignoring of specified usernames or local IP addresses from RT_LOCALRELAY_ALERT
  • Modified csf UI to use a single dropdown for all lfd ignore files
  • Added proftpd regex matching for “UseReverseDNS on” in proftpd config

New csf v4.74

Changes:

  • Removed FUSER from csf.conf as it is no longer used
  • Added UNZIP to csf.conf which is required for Country Code to CIDR functions
  • Modified the Country Code allow/deny/allow_filter feature to generate CC CIDRs from the Maxmind GeoLite Country database instead of using iplocationtools.com. Note: GeoLite is much more accurate that the previous zones used. This also means that there are usually more CIDRs for each CC which adds to the burden of using this feature

New csf v4.73

Changes:

  • Added checks before Net::CIDR:Lite calls to ensure inputs are CIDR’s to prevent module failures
  • New feature – LF_CPANEL_ALERT. Send an email alert if anyone accesses WHM via root. An IP address will be reported again 1 hour after the last tracked access (or if lfd is restarted)

New csf v4.72

Changes:

  • Modified mail sending code to use a common procedure that copes better with differing combinations and variations of From:, To:, LF_ALERT_TO and LF_ALERT_FROM settings for lfd alerts