ConfigServer Services Blog

New cxs v3.24

Changes:

  • Added the following to Script Version Scanning:
    Joomla XCloner Ext, WP XCloner Ext
  • Added new advanced PHP decoders
  • Exploit fingerprint definitions database additions

New csf v6.36

Changes:

  • Removed VPS PASV check from Server Check in UI
  • Added new option URLGET – This option can be used to select either HTTP::Tiny or LWP::UserAgent to retrieve URL data. HTTP::Tiny is faster than LWP::UserAgent and is included in the csf distribution. LWP::UserAgent may have to be installed manually, but it can better support https:// URL’s. HTTP::Tiny is selected by default
  • Removed extraneous bracket in UI output when reporting errors in user supplied data
  • Added new options LF_EXIMSYNTAX, LF_EXIMSYNTAX_PERM – These will block IP addresses producing repeated exim syntax errors, typically seen from: spammers, hackers and broken MUAs and MTAs. This option is enabled by default
  • HTTP::Tiny upgraded to v0.036

New cxs v3.23

Changes:

  • Added the following to Script Version Scanning:
    CubeCart
  • Fixed cxs Watch in DA where new account creation was not automatically detected
  • HTTP::Tiny upgraded to v0.036

New cxs v3.22

Changes:

  • Added the following to Script Version Scanning:
  • AbanteCart, AEF, b2evolution, CMS Made Simple, CodeIgnitor, Concrete5, Dotclear, e107, Elgg, Feng Office, HESK, Jcow CE, MODX Evolution, MODX Revolution, Noahs Classifieds, OSClass, ownCloud, Oxwall, Piwigo, Piwik, Seo Panel, Serendipity, StatusNet, TomatoCart, Xoops, ZenPhoto, Zikula
  • Added the following popular WordPress extensions to Script Version Scanning:
    WP Sociable
    WP Share This
    WP WP Super Cache
    WP All In One WP Security & Firewall
    WP BulletProof Security
    WP FD Feedburner
    WP Google Adsense Plugin
    WP WordPress Simple Paypal Shopping Cart
    WP WordPress eShop
    WP WordPress s2Member
    WP UpdraftPlus
    WP BackUpWordPress
  • Added the following popular Joomnla extensions to Script Version Scanning:
    Joomla Akeeba
    Joomla AllVideos
    Joomla CDN for Joomla
    Joomla Community Builder
    Joomla JEvents
    Joomla Jomsocial
    Joomla K2
    Joomla Kunena
    Joomla Phoca Gallery
    Joomla sh404SEF
    Joomla Simple Image Gallery
    Joomla Xmap
  • Exploit fingerprint definitions database additions

New cxs v3.21

Changes:

  • Disable Script Version Scanning for web script scanning (cxscgi.sh) as it does not apply
  • Perl module Storable added to the required list
  • Added ten of the most popular WordPress extensions to Script Version Scanning:
    WP Akismet Ext v2
    WP Better WP Security Ext v3
    WP Contact Form 7 Ext v3
    WP Facebook Ext
    WP Google XML Sitemaps Ext v3
    WP Jetpack Ext v2
    WP NextGEN Gallery Ext v2
    WP Seo Ext
    WP W3 Total Cache Ext
    WP WooCommerce Ext v2
  • Added ten of the most popular Joomla extensions to Script Version Scanning:
    Joomla Advanced Module Manager Ext v4
    Joomla JCE Ext v2
    Joomla RAntiSpam Ext v3
    Joomla Joomla LiveHelpNow Chat Ext v2
    Joomla Rapid Contact Ext
    Joomla Asynchronous Google Analytics Ext v2
    Joomla Google Maps Ext v3
    Joomla Sourcerer Ext v4
    Joomla Tabs Ext v3
    Joomla Modules Anywhere Ext v3
  • Added the following to Script Version Scanning:
    OpenCart, Nucleus CMS, Open Classifieds, LimeSurvey, ClipBucket, WHMCS, Coppermine Photo Gallery
  • Exploit fingerprint definitions database additions

New cxs v3.20

Changes:

  • Changed –options [s] to be –[no]sversionscan (Script Version Scanning) to make it independent of –[no]exploitscan, allowing a fast scan for old script installs. This option is enabled by default. Use –nosversionscan to disable
  • Added the following to Script Version Scanning (see cxs POD):
    Typo3, Invision Power Board, WebCalendar, MyBB, Dolphin, SMF, OpenX Source, SugarCRM Community Edition, Contao CMS, PrestaShop, PHP-Fusion, phpPgAdmin, SquirrelMail, Roundcube, Kayako, osTicket
  • Added new –soptions [a] for –[no]sversionscan to report all versions of found scripts, not just old versions
  • Added new –soptions [d] for –[no]sversionscan to report the directory containing the script, not the trigger file
  • Exploit fingerprint definitions database additions

New csf v6.35

Changes:

  • Security fix with included cse when using inbuilt User Interface: prevent XSS due to malicious directory/file names

New cse v1.14

Changes:

  • Security fix: prevent XSS due to malicious directory/file names

New cxs v3.13

Changes:

  • UI button style modifications
  • Added phpList, Moodle, Magento Community Edition and MediaWiki version checking to –options [s]
  • Modified POD to screen wrap HTML code more effectively