Chirpy

New feature: Added a new option (beta for now) PT_SMTP. This option will check for outgoing connections to port 25, ecluding root, exim and mailman. The purpose of the feature is to log SMTP connections if you believe you have…

A major security flaw has been found and is being actively exploited in cPanel. The exploit gives an authenticated user (i.e. someone who has access to a cPanel account) an escalation that gives them root access. cPanel have fixed the…

Changes: Code modification to allow csf+lfd to run without erroring on cPanel DNS-Only installations Added forced error checking on SMTP blocking iptables commands Added check in csf and lfd for duplicate settings in csf.conf

Changes: Added new option SMTP_ALLOWLOCAL to allow local connections to port 25 for web scripts, etc, if SMTP_BLOCK is enabled Added check to csf startup to fail if “WHM > Tweak Security > SMTP Tweak” is enabled otherwise it can…

Changes: Added automatic throttling code to help prevent lfd using excessive resources. Currently only added for LF_DIRWATCH and PT_INTERVAL. If the sub process takes too long to run, the interval between its next run is increased temporarily (for the duration…

Changes: New feature – User Process Tracking. This option enables the tracking of the number of process any given cPanel account is running at one time. If the number of processes exceeds the value of the PT_USERPROC setting an email…

Changes: Fixed a mis-configuation for outgoing global deny rule – Thanks to Marie from Jagwire Hosting Allow advanced allow and block filters using the -a and -d options when running csf in CLI Added new option LF_SELECT. If you have…

Fixes and Features: Modified lfd init procedure to use the init functions Modified behaviour of LF_TRIGGER. If LF_TRIGGER is set to “0” then lfd will instead trigger blocks based on the value of the application trigger, e.g. if LF_MODSEC is…