spacer ConfigServer Services
Server Management Services from Way to The Web Ltd
Home
  • Products spacer
    • cPanel Server Service
      Configserver Exploit Scanner
      Configserver MailScanner Front-End
  • Free Scriptsspacer
    • ConfigServer Security & Firewall
      ConfigServer ModSecurity Control
      ConfigServer Mail Manage
      ConfigServer Mail Queues
      ConfigServer Explorer
      MailScanner Installer
Blog Forum Support

spacer ConfigServer eXploit Scanner (cxs) - $60/server Buy Now

ConfigServer eXploit Scanner (cxs) is a new tool from us that performs active scanning of files as they are uploaded to the server. Initial installation with recommended configuration options is included with the license.

Active scanning can be performed on all text files:

  • Actively scans all modified files within user accounts using the cxs Watch daemon regardless of how they were uploaded
  • PHP upload scripts (via a ModSecurity hook)
  • Perl upload scripts (via a ModSecurity hook)
  • CGI upload scripts (via a ModSecurity hook)
  • Any other web script type that utilizes the HTML form ENCTYPE multipart/form-data (via a ModSecurity hook)
  • Pure-ftpd uploads

The active scanning of files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. It can also prevent the uploading of PHP and perl shell scripts, commonly used  to launch more malicious attacks and for sending spam.

cxs also allows you to perform on-demand scanning of files, directories and user accounts for suspected exploits, viruses and suspicious resources (files, directories, symlinks, sockets). You can run scans of existing user data to see if exploits have been uploaded in the past or via methods not covered by the active scanning. It has been tuned for performance and scalability.

Exploit detection includes:

  • Over 3000 known exploit script fingerprint matches (in addition to standard ClamAV detection)
  • Known viruses via ClamAV
  • Regular expression pattern matching to help identify known/unknown exploits
  • Filename matching
  • Suspicious file names
  • Suspicious file types
  • Binary exeuctables
  • Some illegal web software installations
  • Custom user specified regular expression patterns
  • Comprehensive constant scanning of all user data using the cxs Watch daemon - scans all user files as soon as they are modified
  • Daily check for new Exploit Fingerprints
  • Check for old version of popular web scripts (e.g. Wordpress, Joomla, osCommerce)
  • Bayes probability scanning - scans scripts and passes the contents through an algorithm which produces a probability as to whether it is an exploit
  • New in v6: Monitor files and directories for changes and send an email report of activity
  • ... and more!

Included with the cxs Command Line Interface (CLI) is a web-based User Interface (UI) to help:

  • Run scans
  • Schedule and Edit scans via CRON
  • Compose CLI scan commands
  • View, Delete and Restore files from Quarantine
  • View documentation
  • Set and Edit default values for scans
  • Edit commonly used cxs files

Note: cxs is not a rootkit scanner, though it can help detect rootkits uploaded to user accounts.

Sample Pages

  1. cxs Main Page
  2. cxs CLI Documentation Page
  3. cxs Command Page
  4. cxs CRON Page
  5. cxs Quarantine Page
  6. cxs Scan Page
  7. cxs Monitor Report

Frequently Asked Questions

Please read the cxs FAQ before ordering cxs.

Product requirements:

  • cPanel/WHM
  • Redhat/CentOS/CloudLinux Linux v5/6/7
  • Apache v2+
  • ClamAV daemon process, for virus scanning
  • ModSecurity v2+, to enable upload script scanning (not supported for litespeed, nginx, etc. - only Apache v2+)
  • Pure-ftpd, compiled with --with-uploadscript for ftp upload scanning
  • csf, if you want pure-ftpd IP address blocking
Note: Support is not guaranteed for servers running services from 1h.com

Additional requirements for cxs Watch daemon:

  • Kernel with inotify support, e.g. RedHat/CentOS/CloudLinux v5/6/7+ OS vendor kernels - required for cxs Watch daemon
  • Linux::Inotify2 perl module - required for cxs Watch daemon
Note: The Virtuozzo VPS does not allow the changing of kernel parameters and may require /proc/sys/fs/inotify/max_user_watches to be increased by your provider if more inotify resources are required than is set, some providers may not be willing to do this. Also, a small number of VPS providers use a kernel with a broken inotify implementation which prevents the cxs Watch daemon from functioning and results in Out of Memory errors for which we have no solution.

Purchasing

cxs is a commercial product that is sold and licensed on a per server basis. Unlike competing products, it is strictly a one-time per server license purchase with updates for the life of the product, all at a reasonable price! Initial default installation on a single server per license is included in the price. Please see the FAQ for more information about discounts and installation.

All purchases are subject to security checks. Please read our Ordering Terms  and License Terms before purchasing.

Buy Now

Bulk purchase discounts are available. Please see the cxs FAQ.

A license for cxs is also included free when you purchase our cPanel Service Package

Documentation

  • changelog.txt
  • license.txt
  • version.txt
Ordering Sales FAQ Support FAQ T&C's Privacy Contact
1998-2016, Way to the Web Limited
"ConfigServer" and "Way to the Web" are trademarks of Way to the Web Limited
Related searches:
scanning exploit server daemon license
gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.