csf

New csf v4.31

Changes:

  • Added warning for those that enable PT_USERKILL in csf.conf – i.e. It is not a good idea to use that option
  • Modified PT_USERKILL to not kill (deleted) processes (these should be restarted manually after investigation) as per the documentation

New csf v4.30

Changes:

  • If you add the text “do not delete” to the comments of an entry in csf.deny then DENY_IP_LIMIT will ignore those entries and not remove them. Updated csf.deny information text for new installations
  • Made the (deleted) process text even more explicit for those that are not reading csf.conf or the FAQ for their explanation
  • Updated DSHIELD information URL in csf.conf
  • Added new feature – csf.rignore is an ignore file that lists domains and partial domains that lfd should ignore. Read /etc/csf/csf.rignore for more information. Note that .cpanel.net is always added on cPanel csf installations
  • Option GOOGLEBOT removed. This feature is now performed using csf.rignore. If GOOGLEBOT was previously enabled it will be added to csf.rignore

New csf v4.29

Changes:

  • Added Slackware support (tested on v12.2.0)
  • Added Fedora v10 support
  • Added new option GOOGLEBOT – Prevent *.googlebot.com from being blocked by lfd. See csf.conf for more information
  • Modified .cpanel.net check to use the same host lookup procedure as GOOGLEBOT to prevent domain spoofing
  • Added csf version from/to to output from csf –update when upgrading

New csf v4.27

Changes:

  • New Feature – Port Flood Protection. This option configures iptables to offer protection from DOS attacks against specific ports. This option limits the number of connections per time interval that new connections can be made to specific ports. See csf.conf and readme.txt for more information. This option is only available on servers with the ipt_recent kernel module
  • cPanel DNSONLY compatibility added – Thanks to JJ for the assistance
  • Improved Cipher suite checking and advice for Apache and FTP in Server Check
  • Remove md5sum check from JS exploit check as it is covered by LF_INTEGRITY and causes confusion
  • Added new option LOGFLOOD_ALERT which will send an email alert based on logfloodalert.txt if lfd skips logs lines due to log file processing problems
  • Added new option PT_DELETED together with the FAQ explanation as to why lfd reports deleted processes. The option can be disabled to ignore such processes
  • Rearranged LOCALINPUT and LOCALOUTPUT rule positions to allow exceptions to SMTP_BLOCK

New csf v4.26

Changes:

  • New Feature – Country Code to CIDR allow/deny. This feature can allow or deny whole country CIDR ranges. The CIDR blocks are downloaded from http://www.ipdeny.com/ipblocks/. For more information, see CC_ALLOW, CC_DENY and CC_INTERVAL in csf.conf
  • Expanded the dovecot regex to include more login failure permutations
  • Added exe:/var/cpanel/3rdparty/bin/php to csf.pignore on cPanel servers
  • SMTP_ALLOWLOCAL set to 1 on new cPanel installations by default

New csf v4.25

Changes:

  • Fixed bug in csf –grep when CIDRs used in advanced port filters
  • Fixed problems with aborted Server Check Report
  • Fixed position of the lo device rule in the OUTPUT chain which broke SMTP_BLOCK
  • Added new option SMTP_PORTS which is used by SMTP_BLOCK to block all listed ports (not just port 25). This is populated on installation or when TESTING = 1 if an additional port is listed in “WHM > Service Manager > exim on another port”. Otherwise, SMTP_PORTS needs to be updated manually. The default setting contains port 25
  • SMTP_BLOCKs will now log if DROP_IP_LOGGING is enabled

New csf v4.24

Changes:

  • Added workaround for issue with WHM image display in the addon header for cPanel v11.24
  • *Added cPanel v11.24 FTP Anonymous Upload checks in Server Report
  • *Added cPanel v11.24 FTP Cipher Suite checks in Server Report
  • *Added cPanel v11.24 Apache Cipher Suite checks in Server Report
  • *Added cPanel v11.24 Exim Cipher Suite checks in Server Report
  • Added Fedora v8 to the obsolete OS list now that v10 is out
  • Updated dovecot regex in regex.pm for v1.1.6 used by cPanel

* Will only display if cPanel version is >= 11.24

New csf v4.23

Changes:

  • Added skip to connection and process tracking for empty tcp6 connection data
  • Fixed PT_LOAD email output of ps and vmstat

New csf v4.22

Changes:

  • Additional fixes for an issue on VPS servers where temporary block removal from csf.tempban failed