cPanel v11.46 and csf/lfd

With the release of cPanel v11.46, changes in the cPanel provided Perl environment may cause errors in lfd with URL retrieval. To resolve the problem all that should be required is a restart of lfd. This can be done either from within the WHM csf UI or from the root shell with:

/etc/init.d/lfd restart

Check /var/log/lfd.log afterwards. This should only occur on time after the initial upgrade into cPanel v11.46.

To pre-empt the issue, you could add the above command to /scripts/postupcp

cPanel v11.46 and MailScanner

With the release of cPanel v11.46, changes in the cPanel provided Perl environment may cause problems with email delivery immediately following the upgrade. To resolve the problem all that should be required is a restart of MailScanner. This can be done either from within the WHM MailScanner UI or from the root shell with:

/etc/init.d/MailScanner restart

Check /var/log/maillog to ensure emails are processing afterwards. This should only occur on time after the initial upgrade into cPanel v11.46.

To pre-empt the issue, you could add the above command to /scripts/postupcp

New csf v7.55

Changes:

  • If LF_SELECT is enabled the port(s) listed in PORTS_* can now be specifed as port;protocol,port;protocol, e.g. “53;udp,53;tcp” to allow for protocol specific port blocks. This port format can also now be used in regex.custom.pm  and csf –td/–ta to allow udp port blocks
  • PORTS_bind now defaults to “53;udp,53;tcp” on new installations
  • PORTS_directadmin added for DA installs to allow for per port blocks if LF_SELECT is enabled
  • Ports 993 and 995 now added to TCP_OUT and TCP6_OUT on new installs
  • LF_IPSET taken out of BETA as it is proving stable
  • Modified Server Check to skip checking xinetd on Plesk servers
  • Modified UI_SSL_VERSION for new installations to use the new IO::Socket::SSL default SSL_version setting of SSLv23:!SSLv3:!SSLv2 so that SSLv3 is disabled
  • If systemd is running the installer disables firewalld using systemctl

New csf v7.54

Changes:

  • Added IPv4/IPv6 column to show whether the port in the csf –ports option is listed in *_IN (e.g. TCP_IN)
  • Added IPv4/IPv6 column to show the number of ESTABLISHED connections to the port in the csf –ports
  • Modified Server Check text from “SMTP Tweak” to “SMTP Restrictions” for cPanel/WHM UI
  • Added the following to LF_IPSET for IPv4 IPs and CIDRs: /etc/csf/csf.allow, /etc/csf/csf.deny, GLOBAL_DENY, GLOBAL_ALLOW, DYNDNS, GLOBAL_DYNDNS, MESSENGER. IPv6 IPs, Advanced Allow Filters and temporary blocks use traditional iptables
  • Modified ipset information in csf.conf including that only ipset v6+ is supported
  • Modified ConfigServer::Slurp to carp instead of croak
  • Improvements to Server Check nameserver checking to include IPv6 servers and better determine how many are local nameservers
  • Modified csf –graphs to append a trailing slash if missing to directory name

New csf v7.50

Changes:

  • Added new BETA options LF_IPSET, IPSET. Use ipset for CC_* and csf.blocklist bulk list matching. See csf.conf for more info
  • Added new UI option to view ports on the server that have a running process behind them listening for external connections
  • Added new CLI option (csf -p, csf –ports) to view ports on the server that have a running process behind them listening for external connections
  • Added new CLI option (csf –graphs) to Generate System Statistics html pages and images for a given graph type into a given directory. See ST_SYSTEM for requirements
  • If using DYNDNS and the FQDN has multiple A records then all IP addresses will now be allowed
  • IPv6 support added to DYNDNS. Requires the Perl module Socket6 from cpan.org to be installed
  • On DA servers, if LF_DIRECTADMIN is enabled, DIRECTADMIN_LOG_* will be scanned for login failures to Roundcube, SquirrelMail and phpMyAdmin if installed and logging enabled via CustomBuild v2+. Failures will contribute to the LF_DIRECTADMIN trigger level for that IP
  • On DA servers, FTPD_LOG now defaults to /var/log/messages on new installs
  • Added exe:/usr/libexec/dovecot/anvil to csf.pignore for new installs on DA
  • Added to UI count of entries in /etc/csf/csf.allow
  • Added blocklist.de to csf.blocklists for new installs, latest file copied to /etc/csf/csf.blocklists.new on existing installs
  • Started moving common functions to separate modules within csf
  • HTTP::Tiny upgraded to v0.050
  • Fixed csf stop/start routines on reboot for servers using systemd
  • Modified integrated UI to display die errors to browser
  • Modified X_ARF report to use a self-published schema: http://download.configserver.com/abuse_login-attack_0.2.json
  • Modified X_ARF to lowercase the Source-Type field
  • Modified X_ARF template to use the v0.2 “X-XARF: PLAIN” header field
  • Updated restricted UI items
  • Geo::IP upgraded to v1.45
  • Crypt::CBC upgraded to v2.33