AUTO_UPDATES enabled for new installations in csf.conf
Removed the JS LF_EXPLOIT_CHECK as it is no longer prevalent. If still set in csf.conf it will be ignored
Check MESSENGER service to ensure privileges are dropped before starting the daemon
Drop privileges when peforming removal during LF_DIRWATCH_DISABLE
For new installations, IPV6 enabled if IP6TABLES exists and an IPv6 address is found in the output from IFCONFIG. IPV6_SPI is set according to the kernel version (i.e. whether SPI is supported or not)
Fixed a SECURITY BUG in Quarantine file restore which could result in root privilege escalation. The destination restore file must not now exist before restoring will work. Our thanks to Jeff Petersen for reporting this issue
All cxs users should upgrade to this release immediately
Fixed a SECURITY BUG that can be exploited remotely via log file spoofing resulting in root privilege escalation. Our thanks to Jeff Petersen for reporting this issue
All csf users should upgrade to this release immediately
New –options [R]. It will trigger a match for the inbuilt regex used by –options [D] when decoding PHP encoded (base64, etc) scripts
Improvements to –decode ([D]) option so that both the last and the penultimate decode level are both scanned
Added improved code for dropping privileges to the “nobody” user while running the interactive php interpreter as root
Ensure Quarantine only works on files
Updated UI text for options
Removed duplicated regex definitions from the database now that –options [R] has been added. Be sure to add R to your –options lists if you specify them if you still want to trap these.
New feature: Connection Limit Protection (CONNLIMIT, CONNLIMIT_LOGGING). This option configures iptables to offer more protection from DOS attacks against specific ports. It can also be used as a way to simply limit resource usage by IP address to specific server services. This option limits the number of concurrent new connections per IP address that can be made to specific ports. See csf.conf and readme.txt for more information and about the format of the CONNLIMIT option and its limitations
Minor csf UI Firewall Configuration virtual pagination improvements
Updated cPanel Server Check update settings for v11.30+
Removed cPanel Server Check for new versions due to changes in the v11.30+ versioning system making this redundant
Updated MySQL Server Check for v5.1.*
Added a warning to csf.conf for SYNFLOOD to only enable the option if you know you are under a SYN flood attack as it will restrict all new connection to the server if triggered
