New cxs v8.10


  • Modified UI display of the current configuration for the various cxs commands so that it shows a quarantine error if present
  • Added buttons to UI to display the current configuration for the Daily and Weekly cxs commands
  • Added golang file detection for exploit fingerprints

New csf v11.07


  • Added missing WAITLOCK to iptables when processing advanced port filters in csf and lfd and checking csf status in UI
  • Added WAITLOCK, if enabled, to iptables-restore commands during FASTSTART
  • Server Check Report – removed ini_set check as so many scripts use ini_set nowadays. Updated text on various checks
  • Updated the postfix SMTP AUTH regex
  • Added new SSHD “maximum authentication attempts exceeded” regex
  • Set basic PATH before running to avoid binary location issues
  • csf now runs directly without forcing it through /bin/sh. If present, csf chmods the script 0700 and checks for a shebang. If the shebang is missing #!/bin/bash is added to the top. The script is then run
  • Added seventh parameter to to allow Cloudflare blocking if a CUSTOM regex is triggered (see latest in distro)
  • Rearranged UI tabs and shortened tab names. Moved quick actions to the top of the “csf” tab pane
  • Added “AUTH command used when not advertised” to the LF_EXIMSYNTAX regex check
  • Added new csf CLI cluster option: -ci, –cignore ip [comment] This will add the IP to each remote /etc/csf/csf.ignore member and then restart lfd. This has also been added to the UI
  • Fixed cluster grep output in UI
  • Modified MESSENGERV2 to support combined certificates+keys in cPanel v68+
  • Added triggered setting and, if applicable, temporary TTL to the “Blocked:” status in block alert emails
  • Added “wildcard” option to “Search System Logs” UI to use ZGREP to search the specified log with a wildcard suffix
  • ZGREP option added to csf.conf which must point to the zgrep binary
  • Added git binaries to csf.pignore on cPanel servers for upcoming v72/74 features

New cxs v8.08


  • Added buttons to UI to display the current configuration for the various cxs commands
  • Added timeout to d/b connect to prevent hanging processes waiting for a d/b lock
  • Improved efficiency of /etc/cxs/cxscgi.queue processing
  • Improved efficiency of quarantine scan processing in UI

New cxs v8.05


  • Added new option –cutcgimail. This option suppresses emails sent by cxs for ModSecurity hits from /etc/cxs/ where the reported web script does not exist on the server. Any configured quarantine or delete operations will still be performed. Note: This option is the synonymous with the unsupported –YSKIPCGI option which will continue to work in the same way
  • Added –cutcgimail to the cxs ModSecurity Wizard as “Reduce the number of emails from ModSecurity hits”
  • Changed the wording in the email sent where the reported web script does not exist on the server
  • Improvements to the saving logic in the various UI Wizards

New cxs v8.03


  • Fix issue using stat() after abs_path() on an orphaned sylink

    NOTE: If you received error “Use of uninitialized value $arg in stat”
    during a a cron job scan, that scan will still have completed
    successfully and this fixes that issue

  • Ensure d/b is closed after processing dbreport
  • Ensure crond is restarted after making changes to cxs-cron