cPanel

New cxs v2.72

Changes:
– Added PNG and JPEG filetypes for hidden script scanning
– Fixed an issue where cxs was sometimes leaving temporary files in /tmp after compressed file expansion

New cxs v2.71

Changes:
– cxs will now treat .htaccess files as script files and fingerprints have been added for common exploits
– Added more information about existing csf anf cxs integration options (i.e. UI, ModSecurity, pure-ftpd)
– Added information that restores from quarantine must be done through the UI
– Exploit fingerprint definitions database additions

New csf v5.62

Changes:
– Added ModSecurity connection dropping to the LF_MODSEC regex
– Added new option – ETH6_DEVICE. By adding a device to this option, ip6tables can be configured only on the specified device. Otherwise, ETH_DEVICE and then the default setting will be used
– Added new option – LF_SCRIPT_ACTION. On cPanel servers, this can contain the path to a script that is run whenever LF_SCRIPT_ALERT is triggered
– Fixed stats graph average calculation and display if average equals 0
– Split Slow MySQL Queries stats graphs from MySQL Queries
– Improvements to Apache CPU Usage stats graphs

New cxs v2.70

Changes:
– Improvements to cxs Watch daemon ignore/xtra and new update reloading without restart
– Switched to using Sys::Hostname in cxs Watch daemon
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New cxs v2.69

Changes:
– Switched to using Sys::Hostname to determine hostname as CloudLinux restricts access to /proc/sys/kernel/hostname for some reason

New cxs v2.68

Changes:
– Modified POD and UI to show full rather than abbreviated commands
– Added new option –template [file]. When using –mail [email] a standard email format is used. To customise this format an email template file can be used instead. You can now use this to email the Linux owner of the affected script under certain circumstances. See the cxs Documentation for more information
– Added new advanced PHP decoder for –decode ([D])
– Improvements to advanced PHP decoders to –decode ([D])
– Fixed PHP decoder issue that could restrict decoder depth under certain circumstances
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New cxs v2.67

Changes:
– NOTE: If you are using the cxs ModSecurity hook and ModSecurity v2.6, you must now specify the ModSecurity configuration setting SecTmpDir. If you have not set SecTmpDir in your ModSecurity configuration, then you need to add the following on its own line before or after the ModSecurity cxs line: “SecTmpDir /tmp” and then restart httpd. The file you need to add this to, if not already present, on a cPanel server is: /usr/local/apache/conf/modsec2.user.conf
– Unless specified, –qoptions now defaults to [Mv] when –quarantine [dir] is used. Any existing installations using –quarantine [dir] will now have –qoptions [Mv] enabled, unless otherwise specified on the command line or in cxs.defaults
– Added undocumented feature –YSKIPREG to ignore inbuilt regex matching when using –options [m], –xtra [file] contents will still match
– Added undocumented feature –YSKIPMD5 to ignore inbuilt fingerprint matching when using –options [M], –xtra [file]

New cxs v2.66

Changes:
– Improvements to string detection in –decode ([D])
– Added new advanced PHP decoder for –decode ([D])
– Removed a false-positive fingerprint detection
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New cxs v2.65

Changes:
– Added new advanced PHP decoder for –decode ([D])
– Improvements made to md5sum ignore procedure
– Fixed problem when using md5sum ignore within archives