Server Software and Configuration Services
Changes: Modified -denyrm to abort if left blank instead of clearing all blocks Added lfd check for existing temporary block to avoid duplicates Fixed regex handling for courier-imap POP and IMAP login failures Added –full-time to the ls command for…
Changes: Security Fix: lfd vulnerabilities found which could lead to Local and Remote DOS attacks against the server running csf+lfd The DOS attacks could make lfd block innocent IP addresses and one attack could cause lfd to deplete server resources…
Changes: Modified MailWatch to better cope with a remote MySQL database Removed Dynaloader from Msfe.pm as cPanel no longer provide it in their perl distribution
If you’re running either of the listed builds above, then you could have a broken MTA.For some bizarre reason, cPanel decided to add a new feature that breaks the standard MTA configuration of sending out all email on a servers…
Changes: Fixed a bug with LT_POP3D and LT_IMAPD introduced in v2.88 which broke login tracking Modified relay tracking to not ignore RELAYHOST IP’s Modified LF_SSH_EMAIL_ALERT to not ignore RELAYHOST IP’s LF_SUHOSIN will now skip matches for “script tried to increase…
Changes: Modified csf -dr option to delete advanced filter IP matches as well as simple matches in csf.deny
Changes: Added new CLI option to csf, -g –grep will search the iptables chains for a specified match which is either explicit or part of a CIDR Added WHM UI option for csf –grep Added new CLI option to csf,…
Changes: Added csf.suignore file where you can list usernames that are ignored during the LF_EXPLOIT SUPERUSER test New option PT_LOAD_ACTION added that can contain a script to be run if PT_LOAD triggers an event. See csf.conf for more information Added…
If you’re using perl scripts on your server that use LWP and suddenly find them failing with connections to https resources with the following type error: 500 read failed: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number then you’ve probably got LWP v5.811 installed…
Changes: Allow comments after IP addresses in csf.dyndns Added new login failure option LF_SUHOSIN which detects alert messages and blocks the attacker IP after the configured number of matches Added a new exploit check for non-root superuser accounts Added a…