cPanel

New cxs v2.91

Changes:
– Ensure cxswatch is stopped, disabled and removed on cxs uninstall
– Added cleaned script code scanning to text match and decoder regex detection to improve exploit script detection
– Modified –help to use the POD paginated viewer
– Exploit fingerprint definitions database additions

WHM/cPanel v11.36 in STABLE

cPanel v11.36 has now entered the STABLE tree and you will notice that most of your addon perl scripts failing. You can resolve this easily with our addons by reinstalling them. We have provided a simple script that can do this for you that we posted previously. This has to be done regardless as to whether you are running the latest versions:
This script will update: cmm, cmc, cmq, cse, csf, cxs, msinstall, msfe
Only those scripts that are already installed will be updated. Those that are updated are done so regardless as to whether they are the same or an older version of those available.
To use this method you must be logged into root via SSH to the server and then run:
curl -s configserver.com/free/csupdate | perl
You should take care to read through the output to ensure that all the upgrades have worked as expected.

New cxs v2.90

Changes:
– Added alternative php binary locations for generic installations
– Improvements to –decode ([D])
– Added new advanced PHP decoder
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New cxs v2.89

Changes:
– Improvements to –decode ([D])
– Repurposed –options [u] to specifically highlight scripts only within directories deemed suspicious, rather than general directories such as /image/ or /upload(s)/. This should make the option more useful and help avoid false-positives
– Exploit fingerprint definitions database additions

New cxs v2.88

Changes:
– Include gzdecode() detection for PHP scripts
– Switched from using LWP to HTTP::Tiny to reduce memory footprint and reliance on the LWP perl module. The HTTP::Tiny module is included in the distribution, so no further action is necessary
– Modified cxs watch daemon to use POSIX::setsid()
– Modified cxs quarantine routine to reduce memory footprint
– Modified loading of Pod::Usage only if necessary to reduce memory footprint
– Modified cxs watch to not fail startup if new watch resource disappears before completion
– Exploit fingerprint definitions database additions

New csf v6.03

Changes:
– Switched from using LWP to HTTP::Tiny to reduce memory footprint and reliance on the LWP perl module. The HTTP::Tiny module is included in the distribution, so no further action is necessary
– Modified lfd perl module loading to be conditional where possible to reduce lfd memory footprint
– Modify initial file processing to reduce lfd memory footprint
– Modify PS_PORTS processing to reduce lfd memory footprint
– Moved init of Geo::IP::PurePerl into iplookup subroutine
– Removed “DEFERRED” login failure checking from CPANEL_LOG regex due to false-positives
– Modify LF_DIRWATCH_DISABLE so that only files are added to suspicious.tar and removed. Suspicious directories will no longer be removed
– Removed File::Path – no longer required

New csf v6.02

Changes:
– Modify MESSENGER HTML header to return code 403 instead of 200
– Modify UI daemon to fallback to IPv4 if IPV6 setting is not enabled
– Added new options LF_SYMLINK and LF_SYMLINK_PERM. This feature enables detection of repeated Apache symlink race condition triggers from the Apache patch provided by:
http://www.mail-archive.com/dev@httpd.apache.org/msg55666.html
This patch has also been included by cPanel via the easyapache option:
“Symlink Race Condition Protection”

New MailScanner Script v2.89

Changes:
– Modify clean.incoming.cron to tidy /var/spool/MailScanner/incoming/SpamAssassin-Temp
– Fix bug in virus scanner update wrappers that fail to tidy temp files

New cxs v2.87

Changes:
– Improvements to the main decoder regex
– Reverted to using temporary files during PHP file decoding due to a major bug in PHP v5.4.* which produces “Ran out of opcode space!” in interactive mode
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions