cPanel

New csf v4.27

Changes:

  • New Feature – Port Flood Protection. This option configures iptables to offer protection from DOS attacks against specific ports. This option limits the number of connections per time interval that new connections can be made to specific ports. See csf.conf and readme.txt for more information. This option is only available on servers with the ipt_recent kernel module
  • cPanel DNSONLY compatibility added – Thanks to JJ for the assistance
  • Improved Cipher suite checking and advice for Apache and FTP in Server Check
  • Remove md5sum check from JS exploit check as it is covered by LF_INTEGRITY and causes confusion
  • Added new option LOGFLOOD_ALERT which will send an email alert based on logfloodalert.txt if lfd skips logs lines due to log file processing problems
  • Added new option PT_DELETED together with the FAQ explanation as to why lfd reports deleted processes. The option can be disabled to ignore such processes
  • Rearranged LOCALINPUT and LOCALOUTPUT rule positions to allow exceptions to SMTP_BLOCK

New csf v4.26

Changes:

  • New Feature – Country Code to CIDR allow/deny. This feature can allow or deny whole country CIDR ranges. The CIDR blocks are downloaded from http://www.ipdeny.com/ipblocks/. For more information, see CC_ALLOW, CC_DENY and CC_INTERVAL in csf.conf
  • Expanded the dovecot regex to include more login failure permutations
  • Added exe:/var/cpanel/3rdparty/bin/php to csf.pignore on cPanel servers
  • SMTP_ALLOWLOCAL set to 1 on new cPanel installations by default

New csf v4.24

Changes:

  • Added workaround for issue with WHM image display in the addon header for cPanel v11.24
  • *Added cPanel v11.24 FTP Anonymous Upload checks in Server Report
  • *Added cPanel v11.24 FTP Cipher Suite checks in Server Report
  • *Added cPanel v11.24 Apache Cipher Suite checks in Server Report
  • *Added cPanel v11.24 Exim Cipher Suite checks in Server Report
  • Added Fedora v8 to the obsolete OS list now that v10 is out
  • Updated dovecot regex in regex.pm for v1.1.6 used by cPanel

* Will only display if cPanel version is >= 11.24

New ClamAV v0.94.2

See the clamav.net site for changelog details. Upgrade available for MSFE customers through WHM.

New cmm v1.11

Changes:

  • Modified cmm to remove cPanel process limits when run
  • Modified code to skip orphaned domains in /etc/localdomains

New MailScanner Front-End (MSFE) v4.26

Changes:

  • Modified the mailwatch sql data structure import file to cope with a bug with interpreting comments in the latest versions of MySQL v5
  • Modified addon_mailscanner.cgi to remove cPanel process limits when run

New csf v4.16

Changes:

  • Removed port 953 from the TCP and UDP allow lists for new csf installations as it’s not necessary to whitelist as bind listens on the localhost device for such control connections by default
  • Added exe:/usr/sbin/nsd, exe:/usr/libexec/dovecot/pop3-login, exe:/usr/libexec/dovecot/imap-login to new and old cPanel installations csf.pignore to cater for cPanel support for both nsd and dovecot (currently in EDGE)
  • Only use Cpanel::Rlimit if it’s available in WHM UI