csf GREENSNOW blocklist and PayPal IPN

If you are using the GREENSNOW blocklist in /etc/csf/csf.blocklists then please note that one of the paypal notify IP addresses is currently being listed. This will affect PayPal IPN notification to stores.

The IPN they (greensnow) are blocking is: 173.0.81.1

We have reported this to them, but in the meantime you might want to either disable the GREENSNOW blocklist (then restart csf and then lfd) or whitelist the blocked IP address in /etc/csf/csf.allow using:

tcp|in|d=80|s=173.0.81.1 # Paypal Notify
tcp|in|d=443|s=173.0.81.1 # Paypal Notify

Then restart csf and then lfd.

To avoid such instances in the future you may wish to whitelist the IP addresses involved with PayPal IPN by adding the following to csf.allow:

tcp|in|d=80|s=64.4.248.8 # Paypal IPN do not delete
tcp|in|d=80|s=64.4.249.8 # Paypal IPN do not delete
tcp|in|d=80|s=66.211.169.17 # Paypal IPN do not delete
tcp|in|d=80|s=173.0.84.40 # Paypal IPN do not delete
tcp|in|d=80|s=173.0.84.8 # Paypal IPN do not delete
tcp|in|d=80|s=173.0.88.40 # Paypal IPN do not delete
tcp|in|d=80|s=173.0.88.8 # Paypal IPN do not delete
tcp|in|d=80|s=173.0.92.8 # Paypal IPN do not delete
tcp|in|d=80|s=173.0.93.8 # Paypal IPN do not delete
tcp|in|d=80|s=66.211.170.66 # Paypal Notify
tcp|in|d=80|s=173.0.81.1 # Paypal Notify
tcp|in|d=80|s=173.0.81.0/24 # Paypal Notify
tcp|in|d=80|s=173.0.81.33 # Paypal Notify

tcp|in|d=443|s=64.4.248.8 # Paypal IPN do not delete
tcp|in|d=443|s=64.4.249.8 # Paypal IPN do not delete
tcp|in|d=443|s=66.211.169.17 # Paypal IPN do not delete
tcp|in|d=443|s=173.0.84.40 # Paypal IPN do not delete
tcp|in|d=443|s=173.0.84.8 # Paypal IPN do not delete
tcp|in|d=443|s=173.0.88.40 # Paypal IPN do not delete
tcp|in|d=443|s=173.0.88.8 # Paypal IPN do not delete
tcp|in|d=443|s=173.0.92.8 # Paypal IPN do not delete
tcp|in|d=443|s=173.0.93.8 # Paypal IPN do not delete
tcp|in|d=443|s=66.211.170.66 # Paypal Notify do not delete
tcp|in|d=443|s=173.0.81.1 # Paypal Notify do not delete
tcp|in|d=443|s=173.0.81.0/24 # Paypal Notify do not delete
tcp|in|d=443|s=173.0.81.33 # Paypal Notify do not delete

And the following to csf.ignore:

64.4.248.8 # Paypal IPN
64.4.249.8 # Paypal IPN
66.211.169.17 # Paypal IPN
173.0.84.40 # Paypal IPN
173.0.84.8 # Paypal IPN
173.0.88.40 # Paypal IPN
173.0.88.8 # Paypal IPN
173.0.92.8 # Paypal IPN
173.0.93.8 # Paypal IPN

66.211.170.66 # Paypal Notify
173.0.81.1 # Paypal Notify
173.0.81.0/24 # Paypal Notify
173.0.81.33 # Paypal Notify

Remember to restart csf and then lfd after making any changes.

For up to date IP lists, see this link.

…and yes, we fell afoul of this.

New cxs v6.38

Changes:

  • Configured UI to fully integrate with cPanel templates without using iframes
  • Configured UI to display full cPanel breadcrumbs
  • Configured UI to support cPanel v66 WHM UI changes

New csf v10.12

Changes:

  • Configured UI to fully integrate with cPanel templates without using iframes
  • Configured UI to display full cPanel breadcrumbs
  • Configured UI to support cPanel v66 WHM UI changes

New cxs v6.37

Changes:

  • Changed –force into a boolean, i.e. –[no]force
  • Ensure –upgrade ignores force=1 in /etc/cxs/cxs.defaults unless –force used on CLI
  • Prevent upgrade loop if force=1 in /etc/cxs/cxs.defaults

New csf v10.09

Changes:

  • Added new option DROP_OUT which is set to “REJECT” by default. This option sets the default target for blocked outgoing ports. See csf.conf for more information
  • Added improved detection of xtables lock and recommend enabling WAITLOCK on error
  • Improved csf down detection when xtables lock in effect and WAITLOCK is not enabled
  • Added support for listing ASNs in CC_IGNORE

New csf v10.08

Changes:

  • Added cpanel.allow and cpanel.ignore Include files for the cPanel authentication servers. These are included on new installations and added to existing files on cPanel installations
  • If running cPanel 1:1 NAT, use the contents of /var/cpanel/cpnat to whitelist/ignore the external IP addresses