cPanel

New cxs v2.01

Changes:

  • Modified –decode [file] and –options [D] to drop privileges to the “nobody” user while running the interactive php interpreter and on the ownership of the decoded file while processing it

New cxs v2.00

Changes:

  • Added new scanning option: cxs Watch. This is an alternative to ftp and web script upload scanning. The cxs Watch daemon uses a separate process to watch entire user accounts for new and modified files and scans them immediately. The scanning children use up significantly fewer resources than the ftp and web script upload scanning methods. This new feature requires:

New cxs v1.57

Changes:

  • Fixed html problem viewing Quarantine via the UI in FF4

New cxs v1.56

Changes:

  • Reinstated the Scan Report header for the –all option lost in v1.55
  • Added new option –www to only scan within the public_html/ directory when using –allusers or –user [user]
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.55

Changes:

  • Modified FTP IP Address lookup code to only read the last 64K of the relevant log file, improving lookup speed and resource usage
  • Made /etc/init.d/pure-uploadscript LSB compliant
  • Exploit fingerprint definitions database additions

New csf v5.18

Changes:

  • Remove RT_POPRELAY_* from csf.conf on DA servers as it does not apply
  • Improved Server Check for cPanel Update configuration check
  • Modifed csf restart to not start bandmin during the stop phase
  • Modified LF_DIRWATCH to remove dependency on File::Type
  • Modified LF_DIRWATCH for speedups and removed the need for a file size limit
  • Debian v6 support confirmed
  • Added /etc/bind/named.conf.options to the list of named.conf files to check for recursion settings (for Debian)

New cxs v1.54

Changes:

  • Added a note to the CGI alert email for ModSecurity false-positives where the request body is inspected before Apache has a chance to determine whether the called script exists (i.e. a 404)
  • Added new option –wttw [file] which is available for submitting text exploits (i.e. PHP, Perl, Shell) to ConfigServer if cxs fails to detect it. The file is sent as an attachment via email. Please be sure to read the documentation before using this option
  • Exploit fingerprint definitions database additions

New cxs v1.53

Changes:

  • Sort File::Find directory traversal/files alphabetically
  • Multiple scanning performance and resource usage improvements
  • –voptions [M] removed as it serves no function
  • Added text for –options [M] (Known exploit) where we have it
  • Improvements to relative path file/directory scanning
  • Exploit fingerprint definitions database additions