ConfigServer Services Blog

New cxs v2.68

Changes:
– Modified POD and UI to show full rather than abbreviated commands
– Added new option –template [file]. When using –mail [email] a standard email format is used. To customise this format an email template file can be used instead. You can now use this to email the Linux owner of the affected script under certain circumstances. See the cxs Documentation for more information
– Added new advanced PHP decoder for –decode ([D])
– Improvements to advanced PHP decoders to –decode ([D])
– Fixed PHP decoder issue that could restrict decoder depth under certain circumstances
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New cxs v2.67

Changes:
– NOTE: If you are using the cxs ModSecurity hook and ModSecurity v2.6, you must now specify the ModSecurity configuration setting SecTmpDir. If you have not set SecTmpDir in your ModSecurity configuration, then you need to add the following on its own line before or after the ModSecurity cxs line: “SecTmpDir /tmp” and then restart httpd. The file you need to add this to, if not already present, on a cPanel server is: /usr/local/apache/conf/modsec2.user.conf
– Unless specified, –qoptions now defaults to [Mv] when –quarantine [dir] is used. Any existing installations using –quarantine [dir] will now have –qoptions [Mv] enabled, unless otherwise specified on the command line or in cxs.defaults
– Added undocumented feature –YSKIPREG to ignore inbuilt regex matching when using –options [m], –xtra [file] contents will still match
– Added undocumented feature –YSKIPMD5 to ignore inbuilt fingerprint matching when using –options [M], –xtra [file]

New csf v5.60

Changes:
– Added new options to include the Spamhaus Extended DROP list. These additional netblocks are included in the main Spamhaus chain. The feature uses LF_SPAMHAUS_EXTENDED and LF_SPAMHAUS_EXTENDED_URL which are enabled by default, but used only if LF_SPAMHAUS is enabled. To force a reload of the SPAMHAUS list to include the Extended list, delete /etc/csf/csf.spamhaus file after upgrading to this version and then restart lfd
– Added new options to allow blocking of TOR Bulk Exit nodes. This works in the same manner as the LF_SPAMHAUS and LF_DSHIELD options. The feature uses LF_TOR and LF_TOR_URL and is disabled by default. Warning: This could block legitimate users who are trying to protect their anonymity, so use with caution
– Fix LF_NETBLOCK to skip IPv6 addresses as it is unsupported as has long been stated in csf.conf
– Added missing

html elements in UI
– Added unblock button to UI IP searches when results is either in csf.deny or a temporary block
– Implemented a locking system to mitigate iptables stability issues when loading concurrent iptables chains in lfd
– Fixed bug in the display of the 30 days ST_SYSTEM stats
– Added new option ST_SYSTEM_MAXDAYS. This allows you to define the maximum number of days of stats to collect (default 30 days)
– Increased stats graph sizes
– Added CIDR checking of csf.allow to the CLI command csf –deny
– Added checking of csf.ignore to the CLI command csf –deny

New cxs v2.66

Changes:
– Improvements to string detection in –decode ([D])
– Added new advanced PHP decoder for –decode ([D])
– Removed a false-positive fingerprint detection
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New cxs v2.65

Changes:
– Added new advanced PHP decoder for –decode ([D])
– Improvements made to md5sum ignore procedure
– Fixed problem when using md5sum ignore within archives

New cxs v2.64

Changes:
– Improvements to –decode ([D]) variable detection
– Added new advanced PHP decoder for –decode ([D])
– Exploit fingerprint definitions database additions

New csf v5.59

Changes:
– Fixed a loop which caused high load when using GLOBAL_IGNORE
– Improvements to GLOBAL_IGNORE load speed and effectiveness
– Improvements to CC_IGNORE load speed

New csf v5.58

Changes:
– Corrected ST_APACHE error message return text
– Add meaningful message if stats graph generation fails in UI
– Added new icon in UI for “Quick Allow” that inserts the current visitors IP address
– Added new icon in UI for “Quick Ignore” that inserts the current visitors IP address
– Replaced some of the included icons

New cxs v2.63

Changes:
– Additional reasons for scan skipping added for –debug output
– Reload ignore file in cxs watch parent as well as children for rate limit warning
– New feature added –Wrateignore [secs]. To help prevent excessive resource usage, cxs Watch will ignore files for [secs] seconds if the rate limit warning is issued. Scanning will then resume. Set this to 0 to disable the ignore feature. This option is set to 300 (i.e. 5 mins) for new installations

New csf v5.57

Changes:
– Added new option PT_APACHESTATUS to configure the URL to the Apache Status URL during PT_LOAD alert report
– Added Apache Statistics to ST_SYSTEM. A new option ST_APACHE must be set to collect these statistics and PT_APACHESTATUS must be correctly set. ST_APACHE is disabled by default
– Modification to SYSLOG option to remove the later introduced “nofatal” option to improve backwards compatibility, also enable the “pid” option to log the process ID
– Added new options SYSLOG_CHECK and SYSLOG_LOG to check whether syslog is running. See csf.conf for more information. This option is disabled by default, but we recommend that it is enabled on all servers
– Added SYSLOG_CHECK to Server Check Report recommended settings