General

New csf v5.63

Changes:
– Implemented a locking and retry system to try to mitigate an iptables bug when issuing concurrent iptables commands

New csf v5.62

Changes:
– Added ModSecurity connection dropping to the LF_MODSEC regex
– Added new option – ETH6_DEVICE. By adding a device to this option, ip6tables can be configured only on the specified device. Otherwise, ETH_DEVICE and then the default setting will be used
– Added new option – LF_SCRIPT_ACTION. On cPanel servers, this can contain the path to a script that is run whenever LF_SCRIPT_ALERT is triggered
– Fixed stats graph average calculation and display if average equals 0
– Split Slow MySQL Queries stats graphs from MySQL Queries
– Improvements to Apache CPU Usage stats graphs

New cxs v2.70

Changes:
– Improvements to cxs Watch daemon ignore/xtra and new update reloading without restart
– Switched to using Sys::Hostname in cxs Watch daemon
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New csf v5.61

Changes:
– On Debian systems, check for my.cnf in /etc/mysql/my.cnf in Server Check
– Add missing/changed images in the DA/Webmin installs. For webmin, the csf webmin module will need to be reinstalled
– Another fix for LF_NETBLOCK to skip IPv6 addresses
– Fixed csf –tempallow where -d [direction] was performing inout when in requested
– Fixed UI option “Edit the Log Scanner file (csf.logfiles)” which was incorrectly overwriting csf.dyndns instead of writing to csf.logfiles
– Changed ETH_DEVICE_SKIP device check from a failure to a warning
– Skip checks for register_globals and suhosin if running PHP v5.4.* in Server Check report

New cxs v2.69

Changes:
– Switched to using Sys::Hostname to determine hostname as CloudLinux restricts access to /proc/sys/kernel/hostname for some reason

New cxs v2.68

Changes:
– Modified POD and UI to show full rather than abbreviated commands
– Added new option –template [file]. When using –mail [email] a standard email format is used. To customise this format an email template file can be used instead. You can now use this to email the Linux owner of the affected script under certain circumstances. See the cxs Documentation for more information
– Added new advanced PHP decoder for –decode ([D])
– Improvements to advanced PHP decoders to –decode ([D])
– Fixed PHP decoder issue that could restrict decoder depth under certain circumstances
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New cxs v2.67

Changes:
– NOTE: If you are using the cxs ModSecurity hook and ModSecurity v2.6, you must now specify the ModSecurity configuration setting SecTmpDir. If you have not set SecTmpDir in your ModSecurity configuration, then you need to add the following on its own line before or after the ModSecurity cxs line: “SecTmpDir /tmp” and then restart httpd. The file you need to add this to, if not already present, on a cPanel server is: /usr/local/apache/conf/modsec2.user.conf
– Unless specified, –qoptions now defaults to [Mv] when –quarantine [dir] is used. Any existing installations using –quarantine [dir] will now have –qoptions [Mv] enabled, unless otherwise specified on the command line or in cxs.defaults
– Added undocumented feature –YSKIPREG to ignore inbuilt regex matching when using –options [m], –xtra [file] contents will still match
– Added undocumented feature –YSKIPMD5 to ignore inbuilt fingerprint matching when using –options [M], –xtra [file]

New csf v5.60

Changes:
– Added new options to include the Spamhaus Extended DROP list. These additional netblocks are included in the main Spamhaus chain. The feature uses LF_SPAMHAUS_EXTENDED and LF_SPAMHAUS_EXTENDED_URL which are enabled by default, but used only if LF_SPAMHAUS is enabled. To force a reload of the SPAMHAUS list to include the Extended list, delete /etc/csf/csf.spamhaus file after upgrading to this version and then restart lfd
– Added new options to allow blocking of TOR Bulk Exit nodes. This works in the same manner as the LF_SPAMHAUS and LF_DSHIELD options. The feature uses LF_TOR and LF_TOR_URL and is disabled by default. Warning: This could block legitimate users who are trying to protect their anonymity, so use with caution
– Fix LF_NETBLOCK to skip IPv6 addresses as it is unsupported as has long been stated in csf.conf
– Added missing

html elements in UI
– Added unblock button to UI IP searches when results is either in csf.deny or a temporary block
– Implemented a locking system to mitigate iptables stability issues when loading concurrent iptables chains in lfd
– Fixed bug in the display of the 30 days ST_SYSTEM stats
– Added new option ST_SYSTEM_MAXDAYS. This allows you to define the maximum number of days of stats to collect (default 30 days)
– Increased stats graph sizes
– Added CIDR checking of csf.allow to the CLI command csf –deny
– Added checking of csf.ignore to the CLI command csf –deny

New cxs v2.66

Changes:
– Improvements to string detection in –decode ([D])
– Added new advanced PHP decoder for –decode ([D])
– Removed a false-positive fingerprint detection
– Exploit regex definitions database additions
– Exploit fingerprint definitions database additions

New cxs v2.65

Changes:
– Added new advanced PHP decoder for –decode ([D])
– Improvements made to md5sum ignore procedure
– Fixed problem when using md5sum ignore within archives