We recommend that you purchase and trial a single license of cxs to ensure that cxs is right for you. We currently offer the following discounts for subsequent purchases at our discretion:
2-4 additional licenses 5% discount per license
5-9 additional licenses 10% discount per license
10-19 additional licenses 20% discount per license
20-49 additional licenses 30% discount per license (free installation not included for bulk purchases of 20 or more licenses)
50+ additional licenses 40% discount per license
Please contact us before ordering for a direct link for the discounted price if you have made multiple license purchases in the past. The online store only calculates the correct discount based on the number of licenses in the current order, not any past orders.
No. When you purchase a license for cxs you can continue to use that license on a single server for the lifetime of the product. During that time, you will be able to upgrade cxs free of charge.
A single initial default installation is included with purchase of cxs. This involves the installation of the product onto the server and the configuration of the application hooks (pure-ftpd and ModSecurity (if already installed)). It does not include performing a scan, interpretation of reports, or further configuration of the application specific hooks.
There is no discount if you choose to install cxs yourself.
If you are going to retire the server that you initially had cxs licensed for or you have been required to change the server's IP address, then the licensed IP address can be changed. There is a web-based system for making a limited number of IP changes per license, after which you will need to contact us to make any further changes. We do not allow IP address changes simply to move the product between different servers. A separate license for each server is required if you wish to use the product on multiple servers.
We offer 7 days of support via our helpdesk from the day your order has been processed for cxs. You can use the community support forums for questions about custom configuration of cxs.
cxs has been developed for server administrators, not end-users. It is designed for server administrators to more easily see what end-users are allowing to be uploaded to their web sites. It also provides a way to scan end-user web sites to see if suspicious files have already been uploaded or created.
cxs is foremost a command line utility that is run from the root shell via SSH, cron jobs and application specific scripts. It is aimed at server administrators, not end-users.
You need to be comfortable running shell commands and understanding the construction of Command Line Interface (CLI) applications.
Interpretation of the reports produced by cxs will require a basic knowledge of the Linux OS and various programming languages (especially Perl and PHP).
No. It will help notify you of suspicious files that either exist or are being uploaded to the server. It can help stop exploits from being uploaded to the server. It cannot prevent all types of exploits being uploaded or run on the server.
cxs is designed to detect exploit scripts, not altered web files with defacement HTML. You can, however, create your own detections using regular expressions if you want to detect that type of issue.
No. cxs will help identify exploits and suspicious files that it finds on the server and report them to you. It is then your responsibility to check each reported file and establish whether it is indeed an exploit or simply a false-positive (innocent).
Yes. cxs reports various types of suspicious files, directories and other resources within the scanned structure. It will almost always trigger false-positives as it is designed to highlight constructs and activities that are typically used by exploits. Unfortunately, legitimate scripts also do these things on occasion and cxs will report them for you to decide whether the activity is innocent or not.
If they are innocent you can use the ignore file feature to exclude them from scanning in the future.
No. It is your responsibility to interpret reports from cxs. An Exploit Scanning Reference is provided with each installation in /etc/cxs/reference.txt that explains what each report item has identified and why.
No. cxs is designed to scan web user accounts for suspicious files. While this may include the source files for root kits uploaded to those accounts, it will not detect such root kits once they are installed into the OS.
No. cxs is designed to scan web user accounts for suspicious files. If you were to run it on the OS directories it will identify almost every file as a false-positive.
Yes, cxs can scan inside zip, tar, tar.gz and tar.bz2 files.
No. cxs is foremost a command line utility that is run from the root shell via SSH, cron jobs and application specific scripts. The UI provides a useful interface to the common aspects of cxs allowing you to access a great deal of its functionality and documentation. However, it is not a substitute interface to the CLI.
There are several considerations must be taken into account should you decide to implement cxs on your server: