csf

New csf v5.60

Changes:
– Added new options to include the Spamhaus Extended DROP list. These additional netblocks are included in the main Spamhaus chain. The feature uses LF_SPAMHAUS_EXTENDED and LF_SPAMHAUS_EXTENDED_URL which are enabled by default, but used only if LF_SPAMHAUS is enabled. To force a reload of the SPAMHAUS list to include the Extended list, delete /etc/csf/csf.spamhaus file after upgrading to this version and then restart lfd
– Added new options to allow blocking of TOR Bulk Exit nodes. This works in the same manner as the LF_SPAMHAUS and LF_DSHIELD options. The feature uses LF_TOR and LF_TOR_URL and is disabled by default. Warning: This could block legitimate users who are trying to protect their anonymity, so use with caution
– Fix LF_NETBLOCK to skip IPv6 addresses as it is unsupported as has long been stated in csf.conf
– Added missing

html elements in UI
– Added unblock button to UI IP searches when results is either in csf.deny or a temporary block
– Implemented a locking system to mitigate iptables stability issues when loading concurrent iptables chains in lfd
– Fixed bug in the display of the 30 days ST_SYSTEM stats
– Added new option ST_SYSTEM_MAXDAYS. This allows you to define the maximum number of days of stats to collect (default 30 days)
– Increased stats graph sizes
– Added CIDR checking of csf.allow to the CLI command csf –deny
– Added checking of csf.ignore to the CLI command csf –deny

New csf v5.59

Changes:
– Fixed a loop which caused high load when using GLOBAL_IGNORE
– Improvements to GLOBAL_IGNORE load speed and effectiveness
– Improvements to CC_IGNORE load speed

New csf v5.58

Changes:
– Corrected ST_APACHE error message return text
– Add meaningful message if stats graph generation fails in UI
– Added new icon in UI for “Quick Allow” that inserts the current visitors IP address
– Added new icon in UI for “Quick Ignore” that inserts the current visitors IP address
– Replaced some of the included icons

New csf v5.57

Changes:
– Added new option PT_APACHESTATUS to configure the URL to the Apache Status URL during PT_LOAD alert report
– Added Apache Statistics to ST_SYSTEM. A new option ST_APACHE must be set to collect these statistics and PT_APACHESTATUS must be correctly set. ST_APACHE is disabled by default
– Modification to SYSLOG option to remove the later introduced “nofatal” option to improve backwards compatibility, also enable the “pid” option to log the process ID
– Added new options SYSLOG_CHECK and SYSLOG_LOG to check whether syslog is running. See csf.conf for more information. This option is disabled by default, but we recommend that it is enabled on all servers
– Added SYSLOG_CHECK to Server Check Report recommended settings

New csf v5.56

Changes:
– Improvements to ST_MYSQL password detection in /root/.my.cnf where the password is quoted
– Improvements to the SMTP AUTH regex to cope with differing settings in exim log_selector
– Removed debugging code in SMTP AUTH regex detection

New csf v5.55

Changes:
– Update Fedora version check now that v17 has been released
– Added MySQL Connection and Thread statistics to ST_MYSQL/ST_SYSTEM
– Modified Server Check Report for cPanel servers see whether mod_ruid2 has been enabled making the Apache suEXEC check moot
– Improvements to the SMTP AUTH regex to cope with differing settings in exim log_selector

New csf v5.53

Changes:
– Added Email Usage to the ST_SYSTEM System Statistics feature when RT_* options are enabled
– Fixed incorrect Min/Max calculations in System Statistics
– Improvements to Disk Usage stats in System Statistics for some virtual environments
– Added CPU Temperature to the ST_SYSTEM System Statistics feature when lm-sensors/coretemp installed and enabled (highest core temp recorded)
– Added MySQL graphs to the ST_SYSTEM System Statistics feature when ST_MYSQL is installed and enabled – requires DBI and DBD::mysql perl modules. Authentication is via new ST_MYSQL* options. The option is enabled on cPanel servers by default, disabled on others
– Modified stats collection routine to append data to the stats file on each minute interval and to clean up only on lfd startup. This is to help minimise the risk of the stats file being incomplete due to process termination
– Added new options LF_DISTSMTP, LF_DISTSMTP_UNIQ and LF_DISTSMTP_PERM. This option will keep track of successful SMTP logins. If the number of successful logins to an individual account is at least LF_DISTSMTP in LF_INTERVAL from at least LF_DISTSMTP_UNIQ IP addresses, then all of the IP addresses will be blocked. This option can help mitigate the common SMTP account compromise attacks that use a distributed network of zombies to send spam (exim MTA only). Not enabled by default
– Modified Server Check Report for cPanel servers see whether mod_ruid2 has been enabled making the PHP Handler check moot
– Modified the ModSecurity regex to cater for the paid Atomic rules Apache error log non-standard format
– Modified non-cPanel new installs to disable ST_SYSTEM by default

New csf v5.52

Changes:
– Alternative kill and status methods employed for lfd init process on Debian/Ubuntu
– Added new feature: System Statistics. This option will gather basic system statstics. Through the UI it displays various graphs for disk, cpu, memory, network, etc usage. The feature requires the perl module GD::Graph. It is enabled by default with the ST_SYSTEM option

New csf v5.50

Changes:
– Removed check for Melange on cPanel servers from Server Check Report
– Improvements to the cPanel exim SMTP AUTH login failure regex after changes in cPanel v11.32
– Added exe:/usr/local/cpanel/3rdparty/sbin/mydns to csf.pignore for new installs on cPanel servers
– Additional cmd/pcmd suggestions added to csf.pignore for new installs on cPanel servers (not enabled)