General

New csf v6.27

Changes:

  • Modified Apache regexes for Apache v2.4+
  • Fixed UI configurable lines display for lfd.log
  • Fixed length display text for CLUSTER_KEY in csf.conf
  • Ignore suspendedpage.cgi triggers for LF_SYMLINK on cPanel servers
  • Updated sanity checks and ranges for csf.conf settings
  • Added RESTRICT_UI to Server Check recommended options
  • Modified Virtuozzo/OpenVZ FTP port check to verify kernel version before issuing PASV port warning
  • Added new setting PS_DIVERSITY. To specify how many different ports qualifies as a Port Scan you can increase this value. The risk in doing so will mean that persistent attempts to attack a specific closed port will not be detected and blocked. The setting defaults to the original setting of 1
  • Added 3 LF_HTACCESS regexes for nginx. Remember to set MODSEC_LOG correctly for the location of the nginx error log

New cxs v3.07

Changes:

  • Allow (limited) scans via UI in restricted mode
  • Added Change Time (–ctime [hours]) option to UI
  • If –quarantine has been disabled, ensure all reports contain a warning message with explanation

 

New cxs v3.06

Changes:

  • Fixed bug with broken –cgi option (cxscgi.sh) from v3.05
  • Fixed UI configurable lines display for cxswatch.log
  • Remove immutable and append-only flags from files when moving files to quarantine or deleting
  • Fixed supplied test/test.php for newer PHP versions

New cxs v3.05

Changes:

  • Added /etc, /sys and /proc to directories requiring –force to be used when scanning
  • Added additional checks that any specified quarantine directory is valid
  • Added new option –ctime [hours]. If you run regular full system scans then you can use –ctime [hours] to only scan files changed in the intervening hours. This can speed up scan times dramatically
  • Apply hfile:, hdir: and hsym: ignores to FTP upload scanning
  • Exploit fingerprint definitions database additions

 

New csf v6.26

Changes:

  • Fixed UI issue with some settings sent via the Cluster Config option
  • Modified CONNLIMIT_LOGGING rule insertion point
  • Added new feature: Outgoing UDP Flood Protection. This option limits outbound UDP packet floods. These typically originate from exploit scripts uploaded through vulnerable web scripts. The feature is controlled by: UDPFLOOD, UDPFLOOD_LIMIT, UDPFLOOD_BURST, UDPFLOOD_LOGGING, UDPFLOOD_ALLOWUSER
  • Update the TOR URL in existing /etc/csf/csf.blocklists file if still set to the old URL

New csf v6.25

Changes:

  • Fixed UI “Temporary IP entries > Flush all temporary IP entries”
  • Fixed UI_USER and UI_PASS being emptied on saving the firewall configuration through the UI
  • Fixed CLUSTER_KEY not displaying when RESTRICT_UI is disabled

 

New csf v6.24

Changes:

  • Security – Removed items from Cluster Config UI option if RESTRICT_UI enabled

 

New csf v6.23

Changes:

  • Security – added new option RESTRICT_UI. This options restricts the ability to modify settings within csf.conf from the csf UI. Should the parent control panel be compromised, these restricted options could be used to further compromise the server. This option is enabled by default on all installations
  • Added entries to csf.pignore on new installations on cPanel servers for Dovecot v2.2 (cPanel v11.40+)
  • Fixed UI Template validation error message

 

New cxs v3.04

Changes:

  • Security – Fixed file view from quarantine – reported by Rack911
  • Security – Further improved UI form data sanitisation
  • Bolstered the UI warning with regard to disabling Restricted Mode

 

New cxs v3.03

Changes:

  • Fixed broken UI items
  • Improvements to the ignore logic
  • Improved UI form data sanitisation
  • Exploit fingerprint definitions database additions