csf

New csf v2.84

Changes:

  • Fixed problem with permanent LF blocks in lfd for individual application port blocks when set to permanent
  • Added new SYSLOG option to csf.conf to allow additional lfd logging to SYSLOG (requires perl module Sys::Syslog)
  • Added a minimum to LF_DSHIELD and LF_SPAMHAUS ip block lists refresh interval of 3600 to prevent getting yourself blocked!

N

New csf v2.82

Changes:

  • Fixed a documentation for LF_TRIGGER_PERM
  • Fixed issue where RT_[relay]_ALERT set to “0” was being ignored
  • Fixed condition from v2.80 which prevented SCRIPT_ALERT from working
  • If killproc.conf does not exist the Server Check now links to the Background Process Killer page instead of issuing a file missing error

New csf v2.81

Changes:

  • Added exe:/usr/local/cpanel/cpdavd to csf.pignore
  • Added option to disable refresh in WHM csf UI when viewing lfd.log
  • Removed debug code that prevented IP blocking — oops

New csf v2.80

Changes:

  • Added new lfd feature – Relay Tracking. This allows you to track email that is relayed through the server (cPanel only). It tracks general email sent into the server, email sent out after POP before SMTP and SMTP_AUTH authentication, local email sent from the server (e.g. web scripts). There are also options to send alerts and block IP addresses if the number of emails relayed per hour exceeds configured limits. The blocks can be either permanent or temporary. Currently blocking does not function for LOCALRELAY email.
  • Introduced a new blocking mechanism in lfd that allows a choice of permanent or temporary IP blocking. See csf.conf (LF_TRIGGER_PERM) for details on how to configure the various blocking options to use temporary instead of permanent blocks, e.g. for Login Failure blocking
  • Modified new installations to default to using seperate triggers for login failures, instead of the global LF_TRIGGER value

New csf v2.79

Changes:

  • Bug fixes
  • Added ACCEPT rule to 127.0.0.1:25 for the “cpanel” user if SMTP_BLOCK is enabled for the new cPanel Webmail configuration in v11
  • Added new configuration option DROP that allows you to choose the drop target for rejected packets (see csf.conf for more information)
  • Remove /etc/cron.d/csf_update on uninstall

New csf v2.77

Changes:

  • Closed vulnerability with temporary file checking
  • Tightened log file regex’s to prevent spoofed remote IP block attacks

New csf v2.76

Changes:

  • Improved file checking in Server Check script to prevent WHM failures

New csf v2.75

Changes:

  • Modified Server Check to only look at pure-ftpd settings if installed
  • Simplified throttling mechanism

New csf v2.74

Changes:

  • Modified PHP Server Checks to use the php binary output instead of trying to find the active php.ini file
  • Added PHP Server Check for register_globals
  • Improvements to the Server Check code
  • Fixed bug in TCP port 23 check in Server Check
  • Added new option –check (-c) to check whether the installed version of csf is the latest, no update is performed
  • Added multiple csf configuration checks to the Server Check report
  • Added throttling to LF_INTEGRITY and increased the timeout proportionally

New csf v2.73

Changes:

  • Modified SMTP_BLOCK warning on VPS servers to only display if the option is enabled
  • Modifed the Server Services Check text to omit using -del with chkconfig and better explain that a process is enabled even if it is not currently running and needs to be disabled to prevent startup on boot
  • Removed reliance on wget for updates and version checks
  • Coding improvements in csf.pl and addon_csf.cgi
  • Added /var/log/lfd.log tail automatic refresh to WHM UI