ConfigServer Services Blog

New cxs v2.01

Changes:

  • Modified –decode [file] and –options [D] to drop privileges to the “nobody” user while running the interactive php interpreter and on the ownership of the decoded file while processing it

New cxs v2.00

Changes:

  • Added new scanning option: cxs Watch. This is an alternative to ftp and web script upload scanning. The cxs Watch daemon uses a separate process to watch entire user accounts for new and modified files and scans them immediately. The scanning children use up significantly fewer resources than the ftp and web script upload scanning methods. This new feature requires:

New cxs v1.56

Changes:

  • Reinstated the Scan Report header for the –all option lost in v1.55
  • Added new option –www to only scan within the public_html/ directory when using –allusers or –user [user]
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.55

Changes:

  • Modified FTP IP Address lookup code to only read the last 64K of the relevant log file, improving lookup speed and resource usage
  • Made /etc/init.d/pure-uploadscript LSB compliant
  • Exploit fingerprint definitions database additions

New csf v5.19

Changes:

  • Added stats workaround for February/March calculations
  • Added new option CC_IGNORE – this Country Code list will prevent lfd from blocking IP address hits for the listed CC’s
  • Reduced CC_* memory usage when loading zones
  • Modified lfd logging for regex.pm and regex.custom.pm login failures to lfd.log to use the return reason from the regex match instead of a generic message. This does mean that the format for these messages has changed
  • DA Server Check for proftpd – check whether pureftp=1 in DA config
  • Replaced IP::Country and Geography::Countries with Geo::IP:: PurePerl using the MaxMind GeoLite Country database for CC_LOOKUPS
  • Added new option GUNZIP which is required to expand the MaxMind GeoLite Country database
  • Extended CC_LOOKUPS which can now be configured to report Country Code and Country and City using the MaxMind City Database. See csf.conf for more information
  • Added Donation buttons to csf UI main page

New csf v5.18

Changes:

  • Remove RT_POPRELAY_* from csf.conf on DA servers as it does not apply
  • Improved Server Check for cPanel Update configuration check
  • Modifed csf restart to not start bandmin during the stop phase
  • Modified LF_DIRWATCH to remove dependency on File::Type
  • Modified LF_DIRWATCH for speedups and removed the need for a file size limit
  • Debian v6 support confirmed
  • Added /etc/bind/named.conf.options to the list of named.conf files to check for recursion settings (for Debian)

New cxs v1.54

Changes:

  • Added a note to the CGI alert email for ModSecurity false-positives where the request body is inspected before Apache has a chance to determine whether the called script exists (i.e. a 404)
  • Added new option –wttw [file] which is available for submitting text exploits (i.e. PHP, Perl, Shell) to ConfigServer if cxs fails to detect it. The file is sent as an attachment via email. Please be sure to read the documentation before using this option
  • Exploit fingerprint definitions database additions

New cxs v1.53

Changes:

  • Sort File::Find directory traversal/files alphabetically
  • Multiple scanning performance and resource usage improvements
  • –voptions [M] removed as it serves no function
  • Added text for –options [M] (Known exploit) where we have it
  • Improvements to relative path file/directory scanning
  • Exploit fingerprint definitions database additions