cPanel

New cxs v1.25

Changes:

  • Improved handling of –decode failures
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cmc v1.02

Changes:

  • Create/modify /scripts/posteasyapache to rename the script /etc/cron.hourly/modsecparse.pl out of the way if the option to Disable it is used (you may need to enable and disable the option on existing installations to create the /scripts/posteasyapache entry)
  • Added a timed refresh to the ModSecurity Log view

New cxs v1.24

Changes:

  • Improvements to –decode [file]
  • Add the cxs command line to a report even if the scan report is empty
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.23

Changes:

  • Fixed a false-positive detection of c/c++ source files
  • Added filename legend to View option UI in Other Files
  • For single or multiple user scans, Symlinks within the homedir will now be ignored
  • Removed [\;\|\`\\] regex checks from the [f] and [d] –options, as it appears to be of little value (you could always add back such a check using a similar regex entry in an xtra file)
  • Modified hidden text in image file check to only report if the text is script code
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.22

Changes:

  • Fixed –options [D] output not going to a –report [file]
  • Improvement to –decode [file] variable detection
  • Exploit fingerprint definitions database additions

New cxs v1.21

Changes:

  • Added UID check to ensure updates are only performed by root (UID=0)
  • New –options [D]. This is an experimental option that puts any PHP scripts containing an eval() function that decodes base64 and rot13 data through the (experimental) –decode [file] option during a scan. This will then highlight the decoded result if it hits any regex, fingerprint or virus scan matches
  • Added eval(str_rot13 to –decode [file]
  • Fixed –decode [file] not scanning final decoded result with regex definitions and fingerprints
  • Improvements to –decode [file] detection and processing
  • Modified pure-uploadscript init file to cope with multiple pure-ftpd pids on restart and to stop pure-ftpd more cleanly
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.20

Changes:

  • Improvements to regex definitions database
  • Added new ignore options for sym:, psym: and hsym: to allow ignoring of symlinks
  • Modified –generate to add sym: for symlinks to ignore file
  • All UI user selections modified to be dropdown lists
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New cxs v1.19

Changes:

  • Fixed bug preventing csf from blocking FTP IP addresses when –block used
  • Added failure message from csf to FTP email if deny fails
  • Added new exploit scanning option W to be used with –option (must be explicitly added to the options list – the same way as the C option). The W option will chmod all world writable directories found to 755. Use this option with care as it could prevent web scripts from functioning on non-suPHP or non-SUEXEC enabled systems

New cxs v1.18

Changes:

  • Scanning speedup when using –voptions
  • Improvements to –decode performance and effectiveness
  • New optimised fingerprint database. This new database, though with fewer entries, is better targetted at detecting relevant exploits that ClamAV misses (the majority!)
  • Changed “Match for fingerprint of an exploit” to “Known exploit = [Fingerprint Match]”
  • Changed “Match for regular expression (regex)” to “Regular expression match = [regex]”