ConfigServer Services Blog

New csf v4.81

Changes:

  • Fixed case sensitivity issue introduced in v4.80 with port specific lfd deny lines being ignored

New csf v4.80

Changes:

  • Modified WHM login regex to only trap successful root page displays for LF_CPANEL_ALERT
  • Apache status for PT_LOAD now checks http://127.0.0.1/server-status on GENERIC/DA servers. You need to ensure that the server-status page has access from 127.0.0.1 in the apache server-status Location container
  • Extended SU log file regex for Debian servers
  • Sanitise UI file edit HTML output
  • Improvements to the removal of alternative firewalls script
  • Added new options GLOBAL_DYNDNS, GLOBAL_DYNDNS_INTERVAL and GLOBAL_DYNDNS_IGNORE which provide for retrieval of a global DYNDNS list via URL
  • Improved firewall log lines detection for PS_INTERVAL and ST_ENABLE, especially on Debian
  • Improved detection of already blocked IP addresses

cPanel Service Package includes cxs for free

We’re currently offering cxs for free as part of our cPanel Service Package.Our new product is proving popular amongst web hosting providers concerned about exploits being uploaded to client sites affecting not only their account, but all accounts on the server.By including cxs with our cPanel Service Package we’re bolstering what is already a great package that helps in securing and managing your cPanel server, whether it is large or small, new or old.

New MailScanner Front-End (MSFE) v4.29

Changes:

  • Moved mailwatch from:/usr/local/cpanel/whostmgr/docroot/3rdparty/mailwatchto:/usr/local/cpanel/whostmgr/docroot/cgi/mailwatch
  • Made mailwatch cPanel 11.25 Security Token aware
  • Added new option “MailScanner Update Rules” to front-end which will force an update of the MailScanner rules with end-user settings
  • “Access Mailwatch” will now launch into the _blank target rather than a specified name to allow for multiple windows

New MailScanner Script v2.76

Changes:

  • New Mailscanner v4.78.17:http://www.mailscanner.info/ChangeLog
  • Preserve during update new files:/usr/mailscanner/etc/rules/README/usr/mailscanner/etc/rules/EXAMPLES

ConfigServer eXploit Scanner (cxs) – Released!

ConfigServer eXploit Scanner (cxs) is a new tool from us that performs active scanning of files as they are uploaded to the server.

Active scanning is performed on all text files uploaded through:

  • PHP upload scripts (via a mod_security or suhosin hook)
  • Perl upload scripts (via a mod_security hook)
  • CGI upload scripts (via a mod_security hook)
  • Any other script type that utilizes the HTML form ENCTYPE multipart/form-data (via a mod_security hook)
  • Pure-ftpd

The active scanning of uploaded files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. This includes recent exploits such as the Dark Mailer spamming script and the Gumblar Virus.

cxs also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). It has been tuned for performance and scalability.

Included with the cxs Command Line Interface (CLI) is a web-based User Interface (UI) to help:

  • Run scans
  • Schedule and Edit scans via CRON
  • Compose CLI scan commands
  • View, Delete and Restore files from Quarantine
  • View documentation
  • Set and Edit default values for scans
  • Edit commonly used cxs files

cxs is currently a cPanel only product.More information, pricing and ordering available here:http://www.configserver.com/cp/cxs.html

New csf v4.78

Changes:

  • Modified DA installation to overcome permissions problems on some systems preventing the UI from working

Beta Testers for ConfigServer eXploit Scanner (cxs) product

We are looking for volunteer Beta Testers for a new product that we have in development:ConfigServer eXploit Scanner (cxs) is a new tool from us that performs active scanning of files as they are uploaded to the server:

  • PHP/Perl/CGI upload scripts (using a mod_security hook)
  • pure-ftpd

The active scanning of uploaded files can help prevent exploitation of an account by malware by deleting or moving to quarantine suspicious files before they become active. Apart from this option (to delete files) the product is non-destructive.cxs also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). Note: cxs is not a rootkit scannercxs is a commercial product that will be sold and licensed on a per server basis. Unlike competing products, it will strictly be a one-time per server license purchase with updates for the life of the product, all at a reasonable price :)This is now closed – thanks to all who are participating and we hope for a release of this product soon.

New csf v4.77

Changes:

  • Expanded dovecot regex matching
  • Fixed the generic installation to install regex.custom.pm