cxs

ConfigServer Script Updates

With the release of updates to all of our cPanel scripts, if you would like a convenient way to upgrade all of your installed ConfigServer scripts on a cPanel server then we have provided a simple script that can do this for you:
This script will update: cmm, cmc, cmq, cse, csf, cxs, msinstall, msfe
Only those scripts that are already installed will be updated. Those that are updated are done so regardless as to whether they are the same or an older version of those available.
To use this method you must be logged into root via SSH to the server and then run:

curl -s configserver.com/free/csupdate | perl

You should take care to read through the output to ensure that all the upgrades have worked as expected.

New cxs v2.97

Changes:
– Added support for cPanel v11.38.1+ AppConfig addon registration
– Added new option –comment “text” which can be used to add a short comment to files submitted using –wttw [file]
– Modified –wttw [file] to ensure that it is not already detected as a Virus or Fingerprint (now requires –force to report a false-positive)
– Fixed packed hex advanced decoder regex
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

NOTE: In accordance with the new conventions for v11.38.1+ AppConfig the url to the cxs WHM plugin will change from /cgi/addon_cxs.cgi to /cgi/configserver/cxs.cgi. This will only happen with cxs v2.97+ and cPanel v11.38.1+. Older version of cxs will continue to use the old URL. This has no particular relevance to users accessing through WHM, but will affect direct URL access by users or third party applications

New cxs v2.96

Changes:
– Fixed –xtra [file] detection for regfile: and file: entries
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New cxs v2.94

Changes:
– Removed a false-postitive fingerprint definition

New cxs v2.93

Changes:
– New features: –prenice [num], –pionice [num]. These options allow you to control the nice and ionice priorities of the running process. This can, for example, help even out the load on heavy IO servers or increase the speed of the scan on busy servers
– Exploit fingerprint definitions database additions

New cxs v2.92

Changes:
– Improvements to the main decoder regex
– Improvements to error reporting on UI restore
– Fixed typo in documentation regarding cxs.xtra :quarantine feature
– Added IP, where available, to –script [script] parameters passed to external script
– Exploit fingerprint definitions database additions

New cxs v2.91

Changes:
– Ensure cxswatch is stopped, disabled and removed on cxs uninstall
– Added cleaned script code scanning to text match and decoder regex detection to improve exploit script detection
– Modified –help to use the POD paginated viewer
– Exploit fingerprint definitions database additions

WHM/cPanel v11.36 in STABLE

cPanel v11.36 has now entered the STABLE tree and you will notice that most of your addon perl scripts failing. You can resolve this easily with our addons by reinstalling them. We have provided a simple script that can do this for you that we posted previously. This has to be done regardless as to whether you are running the latest versions:
This script will update: cmm, cmc, cmq, cse, csf, cxs, msinstall, msfe
Only those scripts that are already installed will be updated. Those that are updated are done so regardless as to whether they are the same or an older version of those available.
To use this method you must be logged into root via SSH to the server and then run:
curl -s configserver.com/free/csupdate | perl
You should take care to read through the output to ensure that all the upgrades have worked as expected.

New cxs v2.90

Changes:
– Added alternative php binary locations for generic installations
– Improvements to –decode ([D])
– Added new advanced PHP decoder
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New cxs v2.89

Changes:
– Improvements to –decode ([D])
– Repurposed –options [u] to specifically highlight scripts only within directories deemed suspicious, rather than general directories such as /image/ or /upload(s)/. This should make the option more useful and help avoid false-positives
– Exploit fingerprint definitions database additions