I would really like to see this available on directadmin also, whats the possibility? Only thing i've found similar is one called upload guardian and it doesnt do a good enough job and not up to date like cxs is, and is way too expensive. What will it take for a DA version? I think it would be popular..
I have situation where I need quarantine several Regular expression match files, but if I enable (m) regex pattern match , cxs will quarantine all Regular expression match files, and that is not acceptable option because there are over few thousand false-positive detections.
I can add md5sum to the cxs.xtra, but hacker can easily change (and that's happening very often) one or few...
I would like to have option to include variety of information from request headers, such as user browser agent, cookies if present etc etc.. most of our users connect from proxies so it will be hopeful if we can get this information as well. i don't see any harm if you can include it as optional future.
I think that great option would also be to live scan/watch just particular user/users. Our servers are high load servers and during the working hours it is difficult or impossible to do a live scan. Usually after cxs scan does its job you know which accounts are risk hazard. By my experience on one server there are usually just few accounts that are risk hazard till they are updated or...
A nice feature would be to block the IP that uploaded the malicious file, like pure-uploadscript or mod_security rules. This might be done with a similar logic to this (I think):
1) cxswatch sees a virus or fingerprint
2) Check /var/log/messages (last X lines) to see if the same filename was uploaded via FTP
3) Check /usr/local/apache/domlogs/username/* (last X lines) to see which IP...
I use the contents of the email report from upload scripts to file abuse reports. It currently does not report the destination IP or the time the violation occurred. This information is useful in abuse reports.
Scanning web upload script file...
Web upload script user: nobody (99)
Web upload script owner: ()
Web upload script: /home/xxxxxx/public_html/catalog/admin/banner_manager.php
Remote...
Hi, this may be my first post on this forum so a quick hello will do!
Anyway, I think this could be an important feature of CXS. So, I use CXS Watch which is great, however, if someone uploads a file called example.php and it turns out the file has no malicious intent, to restore it I have to add it to the CXS.ignore file, which is all fine. I add the entry example.php and I know that this file...
Hi folks,
I've just started observing a relatively new format for the gzinflate/base64 hacks, now starting with:
Here is a picture snippet of a hack I observed this past week, which CXS does not pick up as a hack (when it should have).
It's a pretty egregious web orb / filesman type hack which CXS should have caught:
Hello, when cxs detects files uploaded via web scripts and emails an alert it sends as user 'nobody'. Is there any way to have it send as root, or maybe configured smtp credentials so that I can dis-allow server wide, sending email as 'nobody'?
if sellect (T) script file from whm interface it will delete all scripts example php, Future cxs develop if seperate script type will be good for us ,
i dont want to upload any of users .pl .cgi or pyton or any of scripting languages without php because others control of uploads not supporting cxs now, may be they upload any of virus or suspicious files without scan
Hi Jonathan,
If you don't mind, I will like to ask for a new suggestion on CXS, there is a button that says QUARANTINE that when is clicked it brings you to another page that shows another link to VIEW QUARANTINE, I think is better to only have one button, so, why not change the QUARANTINE button at the top of the UI to go straight to VIEW QUARANTINE?
Hi Chirpy,
thank you for the new Quarantine option on the UI, it helps a lot to clean accounts that have been compromised. It is really useful to use this new option on one account basis as using it on a cron check could give a lot of false positives.
But on the other hand, it will be great to have another option to automatically quarantine files reported containing a virus on an automatic cron...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum