ConfigServer Services Blog

New cxs v3.20

Changes:

  • Changed –options [s] to be –[no]sversionscan (Script Version Scanning) to make it independent of –[no]exploitscan, allowing a fast scan for old script installs. This option is enabled by default. Use –nosversionscan to disable
  • Added the following to Script Version Scanning (see cxs POD):
    Typo3, Invision Power Board, WebCalendar, MyBB, Dolphin, SMF, OpenX Source, SugarCRM Community Edition, Contao CMS, PrestaShop, PHP-Fusion, phpPgAdmin, SquirrelMail, Roundcube, Kayako, osTicket
  • Added new –soptions [a] for –[no]sversionscan to report all versions of found scripts, not just old versions
  • Added new –soptions [d] for –[no]sversionscan to report the directory containing the script, not the trigger file
  • Exploit fingerprint definitions database additions

New csf v6.35

Changes:

  • Security fix with included cse when using inbuilt User Interface: prevent XSS due to malicious directory/file names

New cse v1.14

Changes:

  • Security fix: prevent XSS due to malicious directory/file names

New cxs v3.13

Changes:

  • UI button style modifications
  • Added phpList, Moodle, Magento Community Edition and MediaWiki version checking to –options [s]
  • Modified POD to screen wrap HTML code more effectively

 

New csf v6.34

Changes:

  • Load DYNDNS and GLOBAL_DYNDNS from last known values when restarting csf instead of waiting for lfd to load the initial rules
  • Improved performance of file slurping
  • Cluster documentation correction in readme.txt
  • UI button style modifications
  • Added specific check for Spamhaus drop lists so that retrieval is never attempted beofer 2 hours elapses between attempts whether those retrieval attempts are successful or not
  • Improvements to SSHD regexes
  • Modified mod_security logging to include the last triggered rule id if present