csf

New csf v2.81

Changes:

  • Added exe:/usr/local/cpanel/cpdavd to csf.pignore
  • Added option to disable refresh in WHM csf UI when viewing lfd.log
  • Removed debug code that prevented IP blocking — oops

New csf v2.80

Changes:

  • Added new lfd feature – Relay Tracking. This allows you to track email that is relayed through the server (cPanel only). It tracks general email sent into the server, email sent out after POP before SMTP and SMTP_AUTH authentication, local email sent from the server (e.g. web scripts). There are also options to send alerts and block IP addresses if the number of emails relayed per hour exceeds configured limits. The blocks can be either permanent or temporary. Currently blocking does not function for LOCALRELAY email.
  • Introduced a new blocking mechanism in lfd that allows a choice of permanent or temporary IP blocking. See csf.conf (LF_TRIGGER_PERM) for details on how to configure the various blocking options to use temporary instead of permanent blocks, e.g. for Login Failure blocking
  • Modified new installations to default to using seperate triggers for login failures, instead of the global LF_TRIGGER value

New csf v2.79

Changes:

  • Bug fixes
  • Added ACCEPT rule to 127.0.0.1:25 for the “cpanel” user if SMTP_BLOCK is enabled for the new cPanel Webmail configuration in v11
  • Added new configuration option DROP that allows you to choose the drop target for rejected packets (see csf.conf for more information)
  • Remove /etc/cron.d/csf_update on uninstall

New csf v2.77

Changes:

  • Closed vulnerability with temporary file checking
  • Tightened log file regex’s to prevent spoofed remote IP block attacks

New csf v2.76

Changes:

  • Improved file checking in Server Check script to prevent WHM failures

New csf v2.75

Changes:

  • Modified Server Check to only look at pure-ftpd settings if installed
  • Simplified throttling mechanism

New csf v2.74

Changes:

  • Modified PHP Server Checks to use the php binary output instead of trying to find the active php.ini file
  • Added PHP Server Check for register_globals
  • Improvements to the Server Check code
  • Fixed bug in TCP port 23 check in Server Check
  • Added new option –check (-c) to check whether the installed version of csf is the latest, no update is performed
  • Added multiple csf configuration checks to the Server Check report
  • Added throttling to LF_INTEGRITY and increased the timeout proportionally

New csf v2.73

Changes:

  • Modified SMTP_BLOCK warning on VPS servers to only display if the option is enabled
  • Modifed the Server Services Check text to omit using -del with chkconfig and better explain that a process is enabled even if it is not currently running and needs to be disabled to prevent startup on boot
  • Removed reliance on wget for updates and version checks
  • Coding improvements in csf.pl and addon_csf.cgi
  • Added /var/log/lfd.log tail automatic refresh to WHM UI

New csf v2.72

Changes:

  • Fixed problem with DENY_IP_LIMIT not counting all IP entries in csf.deny correctly
  • Ignore and issue a warning if SMTP_BLOCK is enabled on a Vituozzo VPS since the Virtuozzo VPS kernel does not support ipt_owner
  • Remove Shell/Fork Bomb Protection check (if a VPS) in Server Check as the option breaks a Virtuozzo VPS if enabled
  • Added more processes to check in Server Services Check
  • Removed restriction on outbound source port rule construction

New csf v2.71

Changes:

  • Added CSS settings to support pre-v11 cPanel installations