New csf v9.29


  • Fixed issue that was breaking LF_DISTSMTP
  • Fixed issue in UI lfd Stats. Note: The lfd stats data file has been renamed from /var/lib/csf/stats/lfdmain to /var/lib/csf/stats/lfdstats Additionally, the stats for 2016-12-31 will reset to 0 due to this bug
  • Corrected text in readme.txt
  • Added new csf CLI cluster option: -ctd, –ctempdeny ip ttl [-p port] [-d direction] [comment]
    This sends a temporary deny request to the cluster
  • Added new csf CLI cluster option: -cta, –ctempallow ip ttl [-p port] [-d direction] [comment]
    This sends a temporary allow request to the cluster
  • Added new csf CLI cluster option: -cg, –cgrep ip
    This requests the –grep output for [ip] from each cluster member
  • Modified cluster requests to respond with an acknowledgment to the sender
  • Modified –cdeny [ip] and –callow [ip] to include optional comment
  • Added separate tab for Cluster options in UI if enabled and added new cluster temp allow/deny commands to UI
  • Modified Port Scan Tracking. UDP packets destined for the network broadcast address(es) will now be ignored in Port Scan Tracking unless BRD is added to PS_PORTS. The broadcast address(es) include the those listed in IP or IFCONFIG plus the default ( unless one of the servers IPs
  • Added new feature: PT_USERRSS. This User Process Tracking option sends an alert if any user process exceeds the RSS memory limit set – RAM used, not virtual. PT_USERRSS is set to 256 (MB) and PT_USERMEM is now set to 512 (MB) by default on new installations. On existing installs PT_USERRSS is set to the same value as PT_USERMEM

Holiday Schedule

We shall be closing our online store, helpdesk and forums from 23rd December 2016 to 2nd January 2017 (inclusive).

We will not be providing any sales, support or ticket work between these dates. Any outstanding tickets or Service Package work will recommence on the 3rd of January.

New cxs Bayes Database

If you use the cxs –bayes feature, then you can download the latest bayesian database for cxs by running:

cxs --bget

This happens automatically when a new version of cxs is released and cxs upgrades, otherwise you will have to run the command above manually.

The new database has been generated from the last 2 years worth of exploits, so should help the accuracy of exploit categorisation.

New csf v9.28


  • New logo added and configured for cPanel plugins
  • HTML fixes
  • STYLE_CUSTOM is now set to 0 by default on all new installations. If you want to choose custom styling this option can be enabled

New cxs v6.23


  • Reduced banner padding
  • Default the initial clamd socket check to /var/clamd
  • Modified UI to show if cxs watch is currently restarting
  • New logo added and configured for cPanel plugins
  • Exploit fingerprint definitions database additions

New csf v9.26


  • Fix for webmin UI when watching logs
  • Various UI html syntax fixes
  • Reduced UI banner padding
  • Port 23 added to DROP_NOLOG for new installations
  • WAITLOCK taken out of beta
  • Modified UI View Listening Ports
  • Reworked main UI table to produce syntactically correct HTML
  • Fixed duplicate HTML top and bottom page elements