You will need a cPanel account with a domain you can browse to, to use for testing.
Set up cxs logging (see FAQ) and also ensure that you have configured cxs to send an alert to a working email address that you will be monitoring.
1. Download the contents of /etc/cxs/test/ to your PC.
2. Login to FTP as a cPanel user and upload the following files:
test.cgi test.html test.php
Change the file permissions on test.cgi to 755.
3. Browse to the test.html webpage in your web browser, i.e. www.yourdomain.com/test/test.html. You can use the Perl and PHP upload forms to test different types of uploads, starting with udp.pl which is included with the cxs test files. Be sure to monitor either the cxs log or the alert emails to check whether the uploads are being detected as you expect.
4. Do the same tests with FTP uploading using the cPanel account. With FTP uploads, if you have quarantine or delete configured, when you upload a test exploit it will appear as though the file is uploaded successfully but if you refresh the directory listing the file should not be there.
Greece (greece)
Worldwide (English)