ConfigServer Services Blog

New csf v4.21

Changes:

  • Fixed an issue on VPS servers where temporary block removal from csf.tempban failed

New csf v4.20

Changes:

  • Modified csf.tempban processing code in lfd to perform more stringent file locking to preserve temporary bans if lfd is writing during shutdown
  • Modified Port Scan tracking of IP’s to not attempt multiple blocks on the same IP address in the same log line processing batch
  • Fixed broken timestamp in lfd.log for dates < 10th of the month
  • Various code modifications to improve performance and stability

New csf v4.19

Anyone running v4.18 of csf should upgrade ASAP to v4.19 as the deadlock situation could lead to lfd hangingChanges:

  • Reverted the tied file changes as they were causing a deadlock situation locking csf.tempban
  • Improved the process tracking detection of deleted executables of running processes

New MailScanner Front-End (MSFE) v4.26

Changes:

  • Modified the mailwatch sql data structure import file to cope with a bug with interpreting comments in the latest versions of MySQL v5
  • Modified addon_mailscanner.cgi to remove cPanel process limits when run

New csf v4.18

Changes:

  • Modified temporary IP address storage to use a tied file to preserve temporary bans if lfd is writing during shutdown

New csf v4.17

Changes:

  • Replaced the use of backticks in csf, lfd and the WHM UI with calls to IPC::Open3
  • Various lfd and csf code improvements and tidy up
  • Ensure lfd parent dies cleanly on error
  • Debug information improved and timer modified to use Time::HiRes for more accuracy

New csf v4.16

Changes:

  • Removed port 953 from the TCP and UDP allow lists for new csf installations as it’s not necessary to whitelist as bind listens on the localhost device for such control connections by default
  • Added exe:/usr/sbin/nsd, exe:/usr/libexec/dovecot/pop3-login, exe:/usr/libexec/dovecot/imap-login to new and old cPanel installations csf.pignore to cater for cPanel support for both nsd and dovecot (currently in EDGE)
  • Only use Cpanel::Rlimit if it’s available in WHM UI

New csf v4.15

Changes:

  • Fixed a problem in v4.* where use of GALLOW and ALLOWDYN was allowing connections from blocked IP addresses in csf.deny or temporary blocks. The GALLOW, GDENY and ALLOWDYN chains have been split into GALLOWIN, GALLOWOUT, GDENYIN, GDENYOUT, ALLOWDYNIN and ALLOWDYNOUT to correct this. Many thanks to Brian for his help in tracking this issue down.