General

New csf v5.16

Changes:

  • Fixed missing perm.png from DA install
  • Fixed Temporary IP Entries table headers in UI
  • If DENY_IP_LIMIT is reached, remove excess IPs from iptables as well as csf.deny (previously only removed from csf.deny)
  • csf on cPanel servers automatically re-enables the cPanel Bandwith chains after iptables is configured. If bandmin is not functioning, or you don’t use the bandmin stats you can disable this new option LF_CPANEL_BANDMIN (enabled by default on cPanel servers)

New cxs v1.48

Changes:

  • Modified FTP scanning to honour hfile: ignore file entries
  • Fixed problem with –qoptions [] sending all scan result matches to quarantine after a single legitimate match was found, regardless of the –qoptions [] specified

New cxs v1.47

Changes:

  • Fixed problem with UI upgrade sleeping before upgrading (as introduced for cron jobs). Upgrading to this version will still sleep through the UI, but subsequent versions should be fine. Instead of using the UI, using the CLI will avoid this problem for this upgrade, i.e.: cxs -U

New cxs v1.46

Changes:

  • Restore from quarantine in UI now preserves file ownership of the restored file
  • Prefill UI Quarantine directory if set in cxs.defaults
  • Added new option to Quarantine UI to bulk Restore files in the same way as bulk Delete works
  • Exploit fingerprint definitions database additions

New cxs v1.45

Changes:

  • Added new option –qoptions [mMOLfSGchexdnwTEv]. By default –quarantine [dir]> will move all file matches. If –qoptions [] is also used then only the selected file types will be moved
  • Added –qoptions [mMOLfSGchexdnwTEv] to UI
  • Improvements to –decode ([D]) option
  • Added –upgrade timer to sleep for up to 1800 seconds when running as a cron job to avoid overloading the license server
  • Added the the –jumpfrom [user] and –jumpto [user] options to the UI
  • Exploit fingerprint definitions database additions

New csf v5.15

Changes:

  • Check for multiple Ports settings for sshd in /etc/ssh/sshd/_config when the LF_SELECT option is enabled
  • Updated SMTPAUTH regex to detect more login authentication methods
  • Updated AUTHRELAY regex to detect more login authentication methods
  • Added option to UI to permanently block temporarily blocked IP’s

New cxs v1.44

Changes:

  • Added Quarantine option to UI
  • Modified the –jumpfrom [user], –jumpto [user] options so a special value can be used for the from and to [user] using a single letter then a plus sign to scan those users whose name begins with the letter specified (not case sensitive). Again, this is inclusive. For example, to scan all accounts beginning with k through to g use: –jumpfrom k+ –jumpto g+
  • Improvements to –decode ([D]) option
  • Exploit regex definitions database additions
  • Exploit fingerprint definitions database additions

New csf v5.14

Changes:

  • Updated RELAY regex to detect the dovecot/courier login authentication methods on cPanel servers
  • Updated Server Check Report to reflect cPanel/WHM changes in v11.28, including additional checks and updating reference text
  • Added checks to LF_DIRWATCH_FILE to ensure watched resources exist on startup and while running a check. Those that do not exist are ignored and logged in lfd.log

New cxs v1.43

Changes:

  • Improvements to –decode ([D]) option. If the final decode depth results in a php Parse error, the previous depth is scanned instead. This improves the likelihood of a successful decode and scan
  • Improvements to –decode ([D]) option. Decode PHP scripts in memory using the interactive php interpreter instead of using temporary files
  • Improvements to –decode ([D]) option. Add timeout to php interpreter to avoid decoding hangs
  • Exploit fingerprint definitions database additions

Additional:

  • Increased the number of Exploit fingerprint definitions to over 4500
  • Updated cxs web pages to reflect latest version

New cxs v1.42

Changes:

  • Suppress error output from Archive::Zip