cPGuard updates 2025

Kosta

freehosting22

Hi, opsshield,
I'm testing now cPGuard on Enhance - I used it on Cyberpanel without issues.

So, what I noticed on Enhance that when I upload a malware file it is detected in real-time under 3 seconds, but only on public_html folder or where is pointing the domain name. For example: /var/www/5df05ef4-1623-4623-a31e-7ae319d406fd/public_html.

If I put that file outside of the public_html, For example in: /var/www/5df05ef4-1623-4623-a31e-7ae319d406fd/
cPGuard do not detect it, even if I run a full scan.

Only if I run a scan on that specific location then cPGuard detects the infected file.

Maybe the team can review this and/or share some advices or commands in order to monitor in real-time and up to one folder outside of the public_html.

If I am not fully understood, I can make a video tutorial about this. 🙂

Regarding features:

Security headers enabled by default when Using OpenLiteSpeed - I'm not sure if this is possible but I dream of it. 🙂
Website monitoring - a piece of content monitoring.
An alternative to Cloudlinux MYSQL Governor option buil-in feature for non CL users.
A kind of integration with Crowdsec (I'm not sure if it's the case.) - I'm using it for first time on Enhance, a super nice Crowd 🙂

Many thanks for your time! 🙂

opsshield

freehosting22 Apologies for missing your reply...it went out of our radar for some reason. We already use Fail2ban + IPDB which is exactly similar to Crowdsec. So we do not need an explicit integration with Crowdsec. We will discuss the other mentioned features within the team and see what we can do for it. Thanks much for the time to write the review.

mike

opsshield There is some known issue with Nginx+ModSec with Enhance V12. Though cPGuard is fully compatible with adapting the changes in V12, some fixes from Enhance are required to work ModSec properly with Nginx. The case is open with the support and they are still looking into it.

12.0.23 released

opsshield

mike Thank you. We will cehck it and update this thread accordingly.

DracoBlue

opsshield When will email protection be available?

dalet11

nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/modsecurity.d/modsec.customisations.conf. Line: 222. Column: 52. Invalid input: IncludeOptional /etc/cpguard/cpguard_modsec100.conf in /etc/nginx/nginx.conf:14
nginx: configuration file /etc/nginx/nginx.conf test failed

That's what we get after the upgrade. Ticket opened.

opsshield

dalet11 There is something wrong with the Nginx ModSec still and the ModSec module is not properly enabled. We are working with the Enhance support team to understand the changes and how to enable ModSec properly.

opsshield

dalet11 I have updated the ticket. For anyone else facing this issue, make sure to update to V12.0.24

Disable WAF

cpgcli waf --disable
ModSecurity setting, Reset to default configuration.
Run the following command

appcd-cli change-webserver nginx
Enable WAF and it should work fine

cpgcli waf --enable

opsshield

DracoBlue We are working on the Rspamd log filtering to block the continuous abusers and integrate SRBL with Rspamd. We have no plans to add email content scanning because rspamd is quite good in it and finding the spams emails already detected by rspamd does not makes any sense for us. I hope we can come up with our new version by next week in which we are trying to add the DB scanner as well.

dalet11

Works. thanks

opsshield

cPGuard version5.45 is now available with the following changes specific to Enhance.
SRBL is now available for Enhance :- Be proactive in blocking known spammers and stop receiving emails from them. The SRBL filtering is a dynamic/intelligent reputation calculating system to block active spammers

Block Repeated Spammers :- We have added monitoring to block IPs sending repeated spam emails and thus helps to reduce rspamd overhead

FTP brute-force monitoring :- Added FTP brute-force monitoring and now we cover Web Server, Email, DoveCot, and SSH brute-force monitoring.

There are other improvements added as well along with bug fixes.

Kosta

opsshield thanks for the updates!

Kosta

opsshield I have question how can I add www.proofpoint.com to cpguard blacklisted IP DB scanning.?
Thanks

franco

opsshield What do I have to do to update the servers?

opsshield

Kosta Looks like proofpoint is a paid RBL and you may not able to add it without a license. Once you have the DNSBL FQDN for any RBL service ( like safe.dnsbl.prs.proofpoint.com ), you can add it and should work fine.

bluelinq-computers

Kosta I do not recommend using Proofpoint software.

Kosta

bluelinq-computers they got 2 of my ips blocked and they provide security to iCloud means I cannot send emails to iCloud accounts…
While all other servers say my ips are fine only proofpoint blocking it…

bluelinq-computers

Kosta Avanan is a much, much better option than Proofpoint.

https://emailsecurity.checkpoint.com/

Kosta

bluelinq-computers seems good one will give it a try, thank you

bluelinq-computers

Kosta I suggest procuring Avanan through http://solutionsgranted.com/

opsshield

franco Update is automatic or you can run manually using command "cpgcli update --start"

Kosta

franco SRBL tick/enable the new functionality as well