General

New csf v7.73

Changes:

  • Fix for temporary denies allowing duplicate IP/Port blocks/allows
  • Speedup csf –grep [ip] when searching IPSET sets. Note: This does mean that partial IP queries will no longer match IPSET entries
  • Added new options LF_IPSET_HASHSIZE and LF_IPSET_MAXELEM to allow for larger ipset sets
  • Added option HOST as the location of the “host” binary for DNS TXT record lookups
  • Modified X_ARF report to include the abuse contact for a reported IP address where found in the Abusix Contact DB
  • Added new option X_ARF_ABUSE. This option allows for automatic sending of X_ARF reports to the IP addresses abuse contact. See csf.conf for warnings about using this option
  • Added binary location checking in csf and issue warnings if incorrect, not installed or not executable

New csf v7.72

Changes:

  • Added new option PT_SSHDHUNG. Terminate hung SSHD sessions. When under an SSHD login attack, SSHD processes are often left hung after their connecting IP addresses have  been blocked. This option will terminate such processes. See csf.conf for more info
  • Added new binaries to csf.pignore on existing cPanel installations to cater for v11.50 and CentOS v7
  • LF_CONSOLE_EMAIL_ALERT and LF_WEBMIN_EMAIL_ALERT now default to 1 for new installations
  • Updated Server Check ipv6 detection
  • Updated sanity checks

New cxs v5.30

Changes:

  • Modify cPanel install.txt to add the ConfigServer ModSecurity Vendor option
  • Added new advanced PHP decoders
  • Exploit fingerprint definitions database additions

New csf v7.71

Changes:

  • Added warning on cPanel servers for GreyListing
  • Fixed issue with RedHat/CentOS/CloudLinux v7 where local IPs were not being successfully detected from IFCONFIG

cPanel ModSecurity Vendor for cxs

We have created a ModSecurity Vendor that you can now use to import the cxs ModSecurity rules. To use this new feature you need to:

1. Remove the cxs ModSecurity rule block from /usr/local/apache/conf/modsec2.user.conf

2. Use the inbuilt cPanel ModSecurity Vendor Rules mechanism by either:

a) WHM > ModSecurity Vendors > Add Vendor > Vendor Configuration URL:

https://download.configserver.com/waf/meta_configserver.yaml

Save and then restart httpd

or

b) Issue the following commands:

/scripts/modsec_vendor add https://download.configserver.com/waf/meta_configserver.yaml
/scripts/modsec_vendor enable configserver

Then restart httpd

You can have the ConfigServer Vendor enabled along with any other Vendor that you may already be using.

cxs and ModSecurity v2.9

If you are using ModSecurity v2.9 with Apache you will need to add an extra ModSecurity directive to the cxs upload scanning rule for it to function as ModSecurity have changed the way that the @inspectFile function works:

SecUploadKeepFiles RelevantOnly

On a cPanel server this means that you need to edit:

/usr/local/apache/conf/modsec2.user.conf

and add the line above after the cxs ModSecurity rule and then restart httpd.

New cxs v5.29

Changes:

  • Modified documentation to address changes in ModSecurity v2.9 that requires the following is set as part of the ModSecurity config: 
    SecUploadKeepFiles RelevantOnly
  • Exploit fingerprint definitions database additions

PayPal Donations

Our recent decision to no longer accept PayPal Donation payments is two-fold:

1. We were starting to get a large number of “fake” donations, presumably from compromised PayPal accounts which were subsequently contested (No, we don’t get it either!). This cost us not only in time, but also in money for each payment refunded.

2. We have been aware of a change in PayPal’s policy on using the “Donate” button and accepting donations. This change means that accumulated donations over $10,000 requires that an accepting account is a verifiable non-profit organisation:

https://www.paypal.com/webapps/mpp/get-started/donate-button

While we’re not near that figure yet, we have been in business for a long time so we have had to make the disappointing decision to stop accepting donations for our free products.

We do know that many people want to keep supporting us in our development of our products, so we will look into alternatives. For now we have cancelled all subscription payments and will no longer accept future PayPal donations.

We do sincerely appreciate everyone who has donated to us in the past to help continued development in our free products.

New csf v7.70

Changes:

  • Removed PayPal Donation buttons due to recent abuse

New cxs v5.28

Changes:

  • Added new option –[no]ssl. When enabled (the default) all cxs URL functions, such as updating, bayes corpus retrieval and license checking will be done over an SSL connection to ConfigServer servers
  • Added /var/run/clamd.scan/clamd.sock as another default clamd socket location for –clamdsock [socket]
  • Added unsupported option –YSKIPCGI. See POD for more information
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions