General

New csf v2.71

Changes:

  • Added CSS settings to support pre-v11 cPanel installations

New csf v2.70

Changes:

  • Modified to adopt cPanel v11 WHM theme
  • Added ports 2077 and 2078 (cPanel WebDAV server) to csf.conf for new installations for v11 cPanel
  • Added FC5 to the list of (or soon to be) unsupported OS’s
  • Fixed LF_SMTPAUTH not correctly being set to LF_FTPD when upgrading

Fedora Core v5 LifeCycle Warning

For those that still insist on using Fedora Core in a production environment (which Fedora themselves do not recommend) be aware that Fedora Core 7 is due to be released in May. This means that support for Fedora Core 5 will be dropped a month later, meaning that you’ll have to upgrade your OS again unless you maintain all the installed applications yourself (a daunting task):http://fedoraproject.org/wiki/LifeCycleIf you want a more reliable (i.e. supported) OS then I would strongly recommend you choose RedHat Enterprise (3, 4 or 5) or the equivalent CentOS release, instead. These are enterprise level production OS’s which are supported for years, not months, as is the case for Fedora.

New csf v2.69

Changes:

  • Added back LF_DIRWATCH_DISABLE functionality securely
  • Fixed bug where a suspicious directory would not be removed with LF_DIRWATCH_DISABLE
  • Added perl module check for File : : Path
  • Added path configuration to tar and chattr in csf.conf
  • Added new option LF_SMTPAUTH which checks for SMTP AUTH exim login failures. When upgrading the new setting will be set to whatever you have LF_FTPD set to

New csf v2.68 – Major Security Fix

Changes:

  • Security Fix – If you have LF_DIRWATCH_DISABLE on then this can lead to arbitray code being executed in the context of the user running lfd, i.e. root. This option has been disabled in the code until further notice. You will have to manually remove any reported files.
  • Tightened csf file ownerships on installation

*ALL INSTALLATIONS SHOULD BE UPGRADED ASAP TO AVOID POTENTIAL EXPLOITATION*You can upgrade csf either through WHM or from the root shell using:

csf -u

New csf v2.66

Changes:

  • Modified LF_CPANEL text in csf.conf for new installations to reflect the change in the SSL login handling by cPanel (i.e. it does now log SSL login IP’s)
  • Modified the log line monitoring in lfd to cope with log line flooding to prevent looping/excessive resource usage. Also recoded without the use of the POSIX routines
  • lfd process name now shows which log file it is scanning

New csf v2.65

Changes:

  • New Feature: System Integrity Checking. This enables lfd to compare md5sums of the servers OS binary application files from the time when lfd starts. If the md5sum of a monitored file changes an alert is sent. This option is intended as an IDS (Intrusion Detection System) and is the last line of detection for a

New csf v2.64

Changes:

  • Modified lfd check for rotated system logs to re-open a log file if logs are emptied instead of rotated

New csf v2.63

Changes:

  • Added regex support for uw-imap (imap and pop3) login failures
  • Added regex support for proftpd login failures
  • Timeout version check incase version server is unavailable

Ouch, that hurt!

Our apologies if you’ve been trying to contact us today. We had a main hard drive failure on our configserver/waytotheweb server which took us down for a while.Many thanks to our server provider Coreix for their very prompt work in getting us back up with a new disk.I then had the fun of running our own restore service on our own server ;)Well, we’re back up and running now 😀