Server Software and Configuration Services
New MailScanner Front-End (MSFE) v8.15
Changes:
- Fixed missing external link icon for FontAwesome v5
cPanel
Update to ConfigServer Privacy Policy and Product License Terms
We have updated our Privacy Policy to bring it in line with the GDPR.
We have also released new versions of each of our script products to include a section relating to the GDPR in the product license. No other changes have been made to the product versions released today.
New cxs v9.11
Changes:
- Added references to the cxs IP Reputation System license addendum regarding the Data Processing Agreement: https://download.configserver.com/cxs/license.txt
New cxs v9.10
Changes:
- File type detection improvements
- Added version detection of Magento v1.*
- Increased default –sizemax [size] to 1000000 to cater for larger exploits
New cmm v2.04
Changes:
- Modified cPanel output so that exceptions are displayed, e.g. when changing a password that fails due to password strength settings
New csf v12.03
Changes:
- Make CC_IGNORE check case-insensitive
- Improved TCP/UDP port inspection for IPv6 connections (affecting CT_*, PT_* and PT_SSHDKILL)
- Updated cxs FontAwsome to v5
- Added fixes for additional Include line processing
- Fixed race condition when processing CC_* zip files that could sometimes prevent the csv files from being extracted
- Updated HTTP::Tiny to v0.070
New MailScanner Front-End (MSFE) v8.13
Changes:
- Updated UI to FontAwesome v5 (keeping v4 for cPanel versions < 70.29)
New cxs v9.09
Changes:
- Modified privilege drop code to use defapache user setting before trying “nobody”
- Removed redundant code from features not implemented
- Fixed UI weekly scan description
- Updated UI to FontAwesome v5 (keeping v4 for cPanel versions < 70.29)
New csf v12.02
Changes:
- Removed CC_OLDGEOLITE and associated code so that all installations will now use the MaxMind GeoLite2 databases
- Added more CLI options that work if csf is disabled
- Added Include line support to 20 more /etc/csf/csf.* configuration files. See /etc/csf/readme.txt under “Include statement in configuration files” for the list of supported files
- Added mangle and raw tables to csf –grep [IP] and modified output to show a new column with the table then the chain that a rule is in
- Added mangle and raw tables to csf –status output and modified output to show a new header line with the table that a rule is in
- Added new option USE_FTPHELPER. This enables the ftp helper via the iptables CT target on supporting kernels instead of the current method via /proc/sys/net/netfilter/nf_conntrack_helper and unrestricted use of RELATED state
- Modified ICMP_IN/ICMP_OUT to only affect PING (echo-request), all other ICMP traffic is allowed (which can help network performance) unless otherwise blocked. This is for IPv4, it does not affect IPv6
- Improved rule placement to prevent existing connections bypassing ICMP_IN_RATE/ICMP_OUT_RATE limits
- Updated csf.conf documentation relating to the ICMP/PING settings
- Added new option ICMP_TIMESTAMPDROP. For those with PCI Compliance tools that state that ICMP timestamps should be dropped, you can enable this option. Otherwise, there appears to be little evidence that it has anything to do with a security risk but can impact network performance, so should be left disabled by everyone else
- csf and lfd now exit with status 1 on error or if disabled. However, this will not happen with csf if the CLI option used still works while disabled
- USE_CONNTRACK is now enabled by default on new installations
- Fixed DOCKER IPv6 warning message when DOCKER not enabled
- Modified csf.blocklists for GREENSNOW to use https on existing and new installations
New cxs v9.08
Changes:
- Fixed issue on cPanel servers where the shebang on cxsdbupdate.pl was incorrect which prevented it running on some systems