Who is Chirpy? ConfigServer Services
cPanel Server Services from Way to The Web Ltd
Home Site Blog Services Support Terms & Conditions Privacy Policy Contact Us
cPanel Server Services
cPanel MailScanner Service
Server Recovery Service
Exploit Scan Service
General Server Management
cPanel MailScanner Front-End
Services FAQ
Ordering Terms & Conditions
 
ConfigServer Scripts Forum
ConfigServer eXploit Scanner
ConfigServer Firewall
ConfigServer ModSec Control
ConfigServer Explorer
ConfigServer Mail Queues
ConfigServer Mail Manage
 
Why you should use :fail:
Searching for Spammers
Latest Vulns & Viruses
 
Free MailScanner Installer
Free ClamAV install for MS
Upgrading MS and ClamAV
 
Way to the Web Limited

cxs logo cxs Frequently Asked Questions (FAQ)

Do you offer bulk purchase discounts on cxs?

You must first purchase and trial a single license of cxs to ensure that cxs is right for you. We then currently offer the following discounts for subsequent purchases at our discretion:

2-4 additional licenses 5% discount per license
5-9 additional licenses 10% discount per license
10-19 additional licenses 20% discount per license
20-49 additional licenses 30% discount per license
50+ additional licenses 40% discount per license (free installation not included for 50 or more licenses)

Please contact us if you wish to make a bulk purchase of licenses.

Is there an ongoing or renewal license for cxs?

No. When you purchase a license for cxs you can continue to use that license on a single server for the lifetime of the product. During that time, you will be able to upgrade cxs free of charge.

Do you install cxs?

We can perform a single installation per cxs license for you without additional charge. This only involves the installation of the product onto the server and the configuration of the application hooks (pure-ftpd and mod_security (if already installed)). It does not include performing any scans, interpretation of reports, further configuration of the application specific hooks or configuration of cron jobs.

Free installation is not included for 50 or more licenses.

There is no discount if you choose to install cxs yourself.

Can I move cxs to a new server and change the IP address it is registered to?

If you are going to retire the server that you initially had cxs licensed for or have been required to change the server's IP address, then we can change the licensed IP address for you at our discretion. We do not accept IP address changes simply to move the product between different servers. A separate license for each server is required if you wish to use the product on multiple servers.

 You can change the IP address that the license is registered to by contacting us with the old and new IP addresses. IP address changes for your license are at our discretion and we accept no more than one request per license per month. You must then uninstall the product from the old IP address.

Do you offer ongoing support for cxs?

We offer 7 days of support via our helpdesk from the day your order has been processed for cxs. After 7 days you can use our support forums for additional queries.

Who is cxs for?

cxs has been developed for server administrators, not end-users. It is designed for server administrators to more easily see what end-users are allowing to be uploaded to their web sites. It also provides a way to scan end-user web sites to see if suspicious files have already been uploaded or created.

What level of Linux server management expertise will I need to use cxs?

cxs is foremost a command line utility that is run from the root shell via SSH, cron jobs and application specific scripts. It is aimed at server administrators, not end-users.

You need to be comfortable running shell commands and understanding the construction of Command Line Interface (CLI) applications.

Interpretation of the reports produced by cxs will require a basic knowledge of the Linux OS and various programming languages (especially Perl and PHP).

Will cxs prevent exploitation of my server?

No. It will help notify you of suspicious files that either exist or are being uploaded to the server. It can help stop exploits from being uploaded to the server. It cannot prevent all types of exploits being uploaded or run on the server.

Will cxs clean up exploits found on my server?

No. cxs will help identify exploits and suspicious files that it finds on the server and report them to you. It is then your responsibility to check each reported file and establish whether it is indeed an exploit or simply a false-positive (innocent).

Will cxs report false-positives?

Yes. cxs reports various types of suspicious files, directories and other resources within the scanned structure. It will almost always trigger false-positives as it is designed to highlight constructs and activities that are typically used by exploits. Unfortunately, legitimate scripts also do these things on occasion and cxs will report them for you to decide whether the activity is innocent or not.

If they are innocent you can use the ignore file feature to exclude them from scanning in the future.

Can you interpret my reports for me and tell me what to do?

No. It is your responsibility to interpret reports from cxs. An Exploit Scanning Reference is provided with each installation in /etc/cxs/reference.txt that explains what each report item has identified and why.

Can cxs detect root kits installed on my server?

No. cxs is designed to scan web user accounts for suspicious files. While this may include the source files for root kits uploaded to those accounts, it will not detect such root kits once they are installed into the OS.

Can I use cxs to scan my entire server for exploits?

No. cxs is designed to scan web user accounts for suspicious files. If you were to run it on the OS directories it will identify almost every file as a false-positive.

Does cxs scan inside compressed files (e.g. tarballs, zip files, etc)?

No. It currently only scans normal files. However, the ClamAV Daemon process will scan such files if configured to do so and complete virus scanning is enabled through the CLI.

Does the UI provided with cxs provide a front-end to all functions of the product?

No. cxs is foremost a command line utility that is run from the root shell via SSH, cron jobs and application specific scripts. The UI provides a useful interface to the common aspects of cxs allowing you to access a great deal of its functionality and documentation. However, it is not a substitute interface to the CLI.

What problems can arise from using cxs?

There are several considerations must be taken into account should you decide to implement cxs on your server:

  • Extensive scans on the server will use server resources and can impact performance. By its nature it is I/O intensive as it processes large numbers of files. The use of ClamAV can increase the load on the server significantly. These issues can be helped by the judicious use of the CLI options provided with cxs.
  • If you specifically configure the deletion or quarantine of suspicious file uploads via web scripts or FTP, it could cause considerable support issues where false-positives are detected.
  • Additionally, for FTP, if you configure the deletion or quarantine of suspicious file uploads it could potentially lead to data loss or corruption.
  • It could add significantly to the support of clients when investigating the reason for upload file deletions and configuring exceptions for false-positives.
  • It could lead to a deluge of emails being sent, if you have configured cxs to send them, if numerous false-positives are detected.

 

©1998-2010, Way to the Web Limited
ConfigServer, Way to the Web, WebUMake and WebUMake Hosting are trademarks of Way to the Web Limited