Featured post

ConfigServer scripts on cPanel v11.56

cPanel are upgrading the embedded version of perl on cPanel v11.56 (v56) from perl v5.14 to v5.22, which is a good thing. However, any daemons running under the cPanel embedded version of perl must be restarted after cPanel upgrades otherwise they will start to fail with obscure messages.

To avoid this, you should ensure that any such daemon processes are restarted soon after the upgrade to cPanel v11.56. In the case of ConfigServer products, this means: lfd, cxs and MailScanner.

Fortunately, if you are running csf/lfd on your server then lfd automatically does this for you (for lfd, cxs and MailScanner) whenever upcp runs and upgrades the cPanel version, so you need do nothing at all.

If you do not run csf/lfd but do use MailScanner or cxs, then you will need to restart both services when your installation of cPanel upgrades to this new release (only in EDGE at the time of writing).

New csf v8.13


  • Added /usr/local/cpanel/3rdparty/php/54/sbin/php-fpm to csf.pignore for  cPanel installs
  • Clarify cluster CLI commands that refer to remote server actions
  • Added number of failures to the RBL check Subject field
  • Modified Port Scan checks for more kernel log line formats in regex.pm

New csf v8.12


  • Additional Feature: Added support for listing ASNs in all Country Code (CC_*) options
  • Fixed GLOBAL_ALLOW and GLOBAL_DENY when LF_IPSET is enabled
  • Fixed GLOBAL_DYNDNS when LF_IPSET and LF_IPV6 are enabled
  • IPSET binary location set to /sbin/ipset for Debian/Ubuntu new installs
  • Additional regex included for vsftp login failures

New csf v8.10


  • Fixed issues with new non-RedHat OS installations by reasserting perl module check to the start of the installation process but removing included modules from checks
  • Ports 2079 and 2080 added to TCP_IN for new cPanel installs to allow CalDAV/CardDAV access

New csf v8.09


  • Check /sys/module/ipt_recent/parameters/ip_pkt_list_tot or /sys/module/xt_recent/parameters/ip_pkt_list_tot if defined to allow higher settings for PORTFLOOD than the default of 20 if configured
  • Added LimitNOFILE to lfd.service on servers using systemd to allow for large numbers of open files
  • Cater for full stops (.) in ethernet device names
  • Moved Perl module checks until after csf installation has completed so that all included modules exist in /usr/local/csf/lib/