Requirements CentOS 7 64 bits, fresh install. After the installation you will get: The server with Virtualmin Apache PHP 7 Pyxsoft Anti Hackers Steps: 1. Update the system Connect to your server via SSH as root user and perform the next command: # yum update 2. Set the hostname Ensure that your server has the…
Try connecting to your Pyxsoft interface using your web browser and connecting to <ip>:2930 If you don’t see the Pyxsoft panel, follow the next steps to resolve it: 1. Ensure that pyxsoft and pxscand services are running Executing the next command, you will see what pyxsoft services are running. The answer must include pxscand and…
OpenVZ/Virtuozzo users: You cannot modify the inotify watches. Please ask your service provider to modify it at the node level. If The server provider does not modify the settings, please disable Instant Watch in your Pyxsoft Interface. The Instant Scan depends on the inotify watches system, provided by the Linux Kernel. Every Linux installation has…
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension. Registered as CVE-2012-2902 Pyxsoft solution Multiple exploits combine the JCE vulnerability with Multipart…
Users upload data. No matter what web application they are using, most of them needs data to be uploaded. Normally users upload images, text files, documents, pdf and more. To upload a file, web browsers send to the server a request known as “Multipart Form”. Multipart form have a specific format defined in RFC 2388…
Pyxsoft2 can be installed in many operating systems and control panels. Please select your OS version and/or control panel to read the specific instructions. Operating System Control Panel Compatibility Installation CentOS 6,7 cPanel Compatible Details CloudLinux 6,7 cPanel Compatible Details CentOS 7 Virtualmin Compatible Details
WordPress Vulnerability CVE-2018-6389 February, 5th, 2017. A new WordPress vulnerability was discovered by Israeli researcher Barak Tawily. According to the official WordPress website, 29% of the existing websites use this platform and, therefore, are affected by this vulnerability. The problem lies upon the load-scripts.php file, which purpose is to retrieve several Javascript packages through one…
What is a web shell? A web shell is a script that is often uploaded to a server with the aim of giving a hacker the remote control of a machine. Web servers that become infected can either be internal to the network or internet-facing, where the shell is utilized to pivot further to the…
The brute force is one of the most common ways used by hackers to gain access to a server. This method is used against many targets: SSH FTP Mail accounts CMS like WordPress and Joomla! In the lasts times there have been a huge increment in BF attacks against WordPress and Joomla sites. Those attacks…
Revslider (revolution slider) is a component included by defect in many themes and WordPress templates. Unfortunately, in present days, many vulnerabilities have been found, and some of them are very dangerous. 2014 November 26th A vulnerability which allows to upload and execute a shell in any site, without previus authentication, was discovered. Flagged as CRITICAL.…
