csf

New csf v5.70

Changes:
– Fixed an issue with PERMBLOCK introduced in v5.68

New csf v5.68

Changes:
– New feature added – LF_DIST_INTERVAL. This option provides a separate timing interval for both LF_DISTFTP and LF_DISTSMTP. By default it is set to 300 seconds
– Implemented better handling of repeat blocks when an IP is already temporarily or permanenetly blocked
– Added missing inclusion of Time::HiRes in csf.pl
– Silence LF_DISTFTP and LF_DISTSMTP ignored IP logging to lfd.log unless DEBUG enabled
– Silence DYNDNS IP address updates to lfd.log unless DEBUG enabled
– RELAYHOSTS setting now defaults to “0” to improve security on cPanel servers
– Increased default value of DENY_IP_LIMIT to 200

New csf v5.67

Changes:
– Fixed a problem with permanent IP blocking when using LF_SELECT

New csf v5.66

Changes:
– Implemented a new locking system to try to mitigate an iptables bug when issuing concurrent iptables commands
– Implement flushing on the lfd pid file so that it is always accurate
– Improvements to csf –grep [ip] to escape regular expression matching
– New feature added – LF_REPEATBLOCK. This option instructs csf to deny an already blocked IP address the number of times set. See csf.conf for more information
– New feature added – LF_BLOCKINONLY. This option instructs csf to only block inbound traffic from those IP's and so reduces the number of iptables rules, but at the expense of less effectiveness. See csf.conf for more information
– New feature added – ST_DISKW. This option adds disk write performance statistics to the stats graphs. See csf.conf for more information
– Fixed file location for Debian and derivative OS's for /etc/mysql/my.cnf in Server Check

New csf v5.65

Changes:
– Removed some of the command locking as it was causing lfd hangs

New cxs v2.71

Changes:
– cxs will now treat .htaccess files as script files and fingerprints have been added for common exploits
– Added more information about existing csf anf cxs integration options (i.e. UI, ModSecurity, pure-ftpd)
– Added information that restores from quarantine must be done through the UI
– Exploit fingerprint definitions database additions

New csf v5.63

Changes:
– Implemented a locking and retry system to try to mitigate an iptables bug when issuing concurrent iptables commands

New csf v5.62

Changes:
– Added ModSecurity connection dropping to the LF_MODSEC regex
– Added new option – ETH6_DEVICE. By adding a device to this option, ip6tables can be configured only on the specified device. Otherwise, ETH_DEVICE and then the default setting will be used
– Added new option – LF_SCRIPT_ACTION. On cPanel servers, this can contain the path to a script that is run whenever LF_SCRIPT_ALERT is triggered
– Fixed stats graph average calculation and display if average equals 0
– Split Slow MySQL Queries stats graphs from MySQL Queries
– Improvements to Apache CPU Usage stats graphs

New csf v5.61

Changes:
– On Debian systems, check for my.cnf in /etc/mysql/my.cnf in Server Check
– Add missing/changed images in the DA/Webmin installs. For webmin, the csf webmin module will need to be reinstalled
– Another fix for LF_NETBLOCK to skip IPv6 addresses
– Fixed csf –tempallow where -d [direction] was performing inout when in requested
– Fixed UI option “Edit the Log Scanner file (csf.logfiles)” which was incorrectly overwriting csf.dyndns instead of writing to csf.logfiles
– Changed ETH_DEVICE_SKIP device check from a failure to a warning
– Skip checks for register_globals and suhosin if running PHP v5.4.* in Server Check report