ConfigServer eXploit Scanner (cxs) - $60/server
Buy Now
ConfigServer eXploit Scanner (cxs) is a new tool from us
that performs active scanning of files as they are
uploaded to the server. Initial
installation with recommended configuration options is
included with the license.
Active scanning can be
performed on all text files:
- Actively scans
all modified files within
user accounts using the cxs Watch daemon regardless of
how they were uploaded
- PHP upload scripts (via a ModSecurity hook)
- Perl upload scripts (via a ModSecurity hook)
- CGI upload scripts (via a ModSecurity hook)
- Any other web script type
that utilizes the HTML
form ENCTYPE
multipart/form-data (via a ModSecurity hook)
- Pure-ftpd uploads
The active scanning of files can help prevent
exploitation of an account by malware by deleting or moving
suspicious files to quarantine before they become active.
It can also prevent the uploading of PHP
and perl shell scripts, commonly used to launch more
malicious attacks and for sending spam.
cxs also allows you to perform on-demand scanning
of files, directories and user accounts for suspected
exploits, viruses and suspicious resources (files,
directories, symlinks, sockets).
You can run scans of existing user data
to see if exploits have been uploaded in the past or via
methods not covered by the active scanning. It has been
tuned for performance and scalability.
Exploit detection includes:
- Over 3000 known exploit script
fingerprint matches (in addition to standard ClamAV
detection)
- Known viruses via ClamAV
- Regular expression pattern
matching to help identify known/unknown exploits
- Filename matching
- Suspicious file names
- Suspicious file types
- Binary exeuctables
- Some illegal web software
installations
- Custom user specified regular
expression patterns
- Comprehensive constant scanning
of all user data using the cxs Watch daemon - scans all
user files as soon as they are modified
- Daily check for new Exploit
Fingerprints
- Check for old version of popular web scripts (e.g.
Wordpress, Joomla, osCommerce)
- Bayes probability scanning - scans
scripts and passes the contents through an algorithm
which produces a probability as to whether it is an
exploit
- New in v6: Monitor files
and directories for changes and send an email report of
activity
- ... and more!
Included with the cxs Command Line Interface (CLI) is a
web-based User Interface (UI) to help:
- Run scans
- Schedule and Edit scans via CRON
- Compose CLI scan commands
- View, Delete and Restore files from Quarantine
- View documentation
- Set and Edit default values for scans
- Edit commonly used cxs files
Note: cxs is not a rootkit scanner, though it can
help detect rootkits uploaded to
user accounts.
Sample Pages
-
cxs
Main Page
-
cxs
CLI Documentation Page
-
cxs
Command Page
-
cxs
CRON Page
-
cxs Quarantine Page
-
cxs
Scan Page
-
cxs
Monitor Report
Frequently Asked
Questions
Please read
the cxs
FAQ
before ordering cxs.
Product requirements:
- cPanel/WHM
- Redhat/CentOS/CloudLinux
Linux v5/6/7
- Apache v2+
- ClamAV daemon process, for virus scanning
- ModSecurity v2+, to enable upload script scanning
(not supported for litespeed, nginx, etc. - only Apache
v2+)
- Pure-ftpd, compiled with --with-uploadscript for ftp
upload scanning
- csf, if you want pure-ftpd IP
address blocking
Note: Support is not guaranteed for servers running
services from 1h.com
Additional
requirements for cxs Watch daemon:
- Kernel with inotify support, e.g.
RedHat/CentOS/CloudLinux v5/6/7+ OS vendor kernels -
required for cxs Watch daemon
- Linux::Inotify2 perl module -
required for cxs Watch daemon
Note: The Virtuozzo VPS does not allow the changing of
kernel parameters and may require /proc/sys/fs/inotify/max_user_watches
to be increased by your provider if more inotify resources are required
than is set, some providers may not be willing to do this.
Also, a small number of VPS providers use a kernel with a broken inotify
implementation which prevents the cxs Watch daemon from functioning and
results in Out of Memory errors for which we have no solution.
Purchasing
cxs is a commercial product that is
sold and licensed on a per server basis. Unlike competing
products, it
is strictly a one-time per server
license purchase with updates for the life of the product,
all at a reasonable price!
Initial default installation on a single
server per license is included in the price. Please see the
FAQ for more information about
discounts and installation.
All purchases are subject to security
checks. Please read our Ordering
Terms and
License Terms before purchasing.
Buy Now
Bulk purchase discounts
are available. Please see the cxs FAQ.
A license for cxs is also included
free
when you purchase our cPanel Service
Package
Documentation
-
changelog.txt
-
license.txt
-
version.txt
|