New csf v12.10


  • Added routine to select from multiple download servers for script updates
  • Added Sectigo (formerly Comodo) IPv6 DCV addresses to cpanel.comodo.allow and cpanel.comodo.ignore
  • Added support to LF_CXS for litespeed logs on cPanel
  • Added exception to csf.fignore for NodeJS yarn temporary files in cPanel v80

New cxs v10.01


  • Added new option –threads [num]. This advanced option allows cxs to utilise multiple CPU cores when performing a scan under specific conditions. See the documentation for more information
  • Improved detection when clamd is not running which forced cxs to abort with a socket error

New cxs v10.00


  • Added new option to allow in-place quarantine by renaming file. –qrename renames a file based on the new –qroptions [] list. The file remains within the users directory but with a new file extension. See the documentation for more information
  • Added new option to allow in-place quarantine by chmoding file. –qchmod [perms] changes the file permissions provided based on the new –qcoptions [] list. The file remains within the users directory but with the new file permissions. See the documentation for more information
  • Improved detection of corrupt license file. If the license file is corrupt it will be removed and a new one retrieved next time cxs is invoked under the root account
  • Added routine to select from multiple download servers for script updates
  • Fixed bug with empty string for –qoptions and –doptions

New cxs v9.25


  • Create /var/log/cxsreports/ on installation/upgrade
  • Change documentation to use /var/log/cxsreports/ for –report [file]
  • Change cxs-cron for new installations to create logs in /var/log/cxsreports/
  • Added direct link to Scan Reports in the UI for previous scan reports if logged in the database
  • Fixed FA5 HTML icon

New csf v12.09


  • Added new option CT_SUBNET_LIMIT. If the total number of connections from a class C subnet is greater than this value then the offending subnet is blocked according to the other CT_* settings. This option is disabled by default
  • Removed ALTTOR from csf.blocklists on new installations as it has been discontinued
  • Use ConfigServer::Slurp to read csf.resellers to avoid invalid line endings
  • Modified CLUSTER_SENDTO and CLUSTER_RECVFROM so that they can be set to a file instead of listing IP’s within the respective setting. See csf.conf for more details
  • Removed open_basedir check on cPanel servers in Server Check
  • Fixed csf.conf typo
  • Updates to Courier IMAP regexes for Plesk

Running cPanel v76? Want a link to Plugins on the Home Page?

cPanel decided to provide a cut-down home page for WHM for v76+. It makes finding plugins (such as csf) a pain. Here is a simple way to add a Plugins link to the new homepage:

Some caveats:

  • DO THIS AT YOUR OWN RISK! Neither we nor cPanel will likely help if it goes horribly wrong!
  • The change will be overwritten when the next version of cPanel is released or if you run:
    /scripts/upcp --force
  • It might break your WHM home page
  • It might not work in the future

OK, so here’s what to do:

  1. SSH into your server as root (or use the Terminal app from WHM!)
  2. Create a file called /usr/src/main.tmpl.patch
  3. Add the following to that file as-is:
    > [% IF (Whostmgr.check_flag('addons')) -%]
    > [% varcache.set('locale_str',locale.makevar("Plugins")) %]
    > <li class="application">
    > <a href="[% cp_security_token %]/scripts/command?PFILE=Plugins">
    > <img class="mr-10" src="[% Whostmgr.get_icon_url('icons/plugins.png') %]" alt="[% varcache.locale_str -%]" aria-hidden="true">
    > <div class="application-details">
    > <div class="application-title">[% varcache.locale_str %]</div>
    > <span class="application-description">[% varcache.locale_str %]</span>
    > </div>
    > </a>
    > </li>
    > [% END %]
  4. Run the following command:
    patch -bp0 /usr/local/cpanel/whostmgr/docroot/templates/menu/main.tmpl /usr/src/main.tmpl.patch
  5. That should be it

To restore the page back, either:

  • Restore the backup created by the patch command:
    cp /usr/local/cpanel/whostmgr/docroot/templates/menu/main.tmpl.orig /usr/local/cpanel/whostmgr/docroot/templates/menu/main.tmpl


  • Run upcp:
    /scripts/upcp --force

Once again, you do this at your own risk. Have fun!