ConfigServer Services Blog

New csf v1.60

New release with a nice new feature:

  • Modified lfd to use a child reaper instead of ignoring the CHLD signal
  • Added login failure detection of cpanel, webmail and whm connections – this will only work for access to non-secure ports as cPanel doesn’t know the IP address of the user when connection are over SSL due to the way stunnel works

New csf v1.57

New release with a new feature that can reduce your overall risk exposure:

  • Removed erroneous ‘s in lfd.log
  • csf start automatically does a restart to avoid problems with any existing iptables rules or chains
  • Added new option “Deny Server IPs” and associated file csf.sips to allow blocking of all traffic on server configured IP’s if they’re not in use
  • Added notification to CLI and WHM UI if TESTING still enabled

New csf v1.56

I will have a break soon 😉

  • lfd modification to avoid a race condition with the ALRM calls
  • Added new feature – /etc/csf/csf.ignore can contain IP addresses that are ignored by lfd. If an event is triggered it may be logged in lfd.log but will not result in an email alert – e.g. you could list your own IP address to avoid alerts from when you login over SSH, etc
  • Added WHM UI option to edit the ignore file

New csf v1.55

Bug fix release and I’ve included the changes for v1.54 too:1.54:

  • Fixed a strict refs issue in lfd

1.53:

  • Fixed IP DNS lookup routine to avoid empty () when no host found
  • Added local DIE for ALRM calls for IP lookups and netstat commands
  • Removed chkservd restart from /etc/init.d/lfd so that it behaves like other monitored services
  • Improved error trapping routines to better report to lfd.log if the process dies

New csf v1.53

A new version of csf. I’m going to take a development break for a while, though any problems with the scripts/firewall will be worked on immediately. The new features:

  • Optimised logging in lfd
  • Improved error handling and reporting in lfd
  • Modified WHM UI report to include all data, not just a single day
  • Improved DROP logging to SYSLOG
  • Added logging of dropped ICMP connections
  • Added new option DROP_IP_LOGGING to log IP addresses that have been blocked in csf.deny or by lfd with temporary connection tracking blocks

New csf v1.5

New version of csf released with the following changes:

  • Added new feature – Connection Tracking. Enables tracking of all connections from IP addresses to the server. If the total number of connections is greater than CT_LIMIT then the offending IP address is blocked in csf, or temporarily blocked in iptables. This can be used to help prevent some types of DOS attack
  • Added new feature – SSH login alerts. An email is sent if a successful
  • SSH login is detected
  • Fixed a descriptive issue with the WHM UI
  • Modified so that lfd checks that it doesn’t block a server IP

Upgrade as usual through WHM.

New csf v1.4

Some new features for the csf firewall:

  • Fixed error routine iptables flush command typo
  • Modified interface checking for non-english Linux distributions
  • Modified interface checking for IP addresses assigned to multiple interfaces by mistake (I’ve just seen this happen!)
  • Set FORWARD chain to ACCEPT on stopping firewall
  • Reorganised csf.pl code
  • Added advanced port+ip filtering within csf.allow and csf.deny with the format: tcp/udp:in/out:s/d=port:s/d=ip (see readme.txt for info)
  • Added link to readme.txt in WHM interface
  • Added iptables status (Running/Stopped) to WHM interface
  • Added Quick Allow and Quick Deny IP address options to WHM interface

Upgrade within WHM or read the upgrade.txt in the tarball.

New csf v1.33

The latest release of csf is now available for upgrade within WHM with the following changes:

  • Added blocking of SSL POP3 and IMAP ports to LT (993/995)
  • Added option to Restart csf+lfd within WHM interface when appropriate
  • Added buttons to WHM interface to remove APF or BFD if still installed
  • Removed csf nat and mangle chain actions

New csf v1.32

Another release which addresses:

Modified log line checking to deal with syslog compression. This iswhere syslog will add a line “last message repeated X times” if thenext line it were to add is identical to the last. This could lead tologin attempts being missed. But no more – lfd now checks for thatline and repeats the processing of the previous log line X times tocount all the login failures

Upgrade via WHM or read upgrade.txt in the tarball.