New csf v1.5

New version of csf released with the following changes:

  • Added new feature – Connection Tracking. Enables tracking of all connections from IP addresses to the server. If the total number of connections is greater than CT_LIMIT then the offending IP address is blocked in csf, or temporarily blocked in iptables. This can be used to help prevent some types of DOS attack
  • Added new feature – SSH login alerts. An email is sent if a successful
  • SSH login is detected
  • Fixed a descriptive issue with the WHM UI
  • Modified so that lfd checks that it doesn’t block a server IP

Upgrade as usual through WHM.

New csf v1.4

Some new features for the csf firewall:

  • Fixed error routine iptables flush command typo
  • Modified interface checking for non-english Linux distributions
  • Modified interface checking for IP addresses assigned to multiple interfaces by mistake (I’ve just seen this happen!)
  • Set FORWARD chain to ACCEPT on stopping firewall
  • Reorganised code
  • Added advanced port+ip filtering within csf.allow and csf.deny with the format: tcp/udp:in/out:s/d=port:s/d=ip (see readme.txt for info)
  • Added link to readme.txt in WHM interface
  • Added iptables status (Running/Stopped) to WHM interface
  • Added Quick Allow and Quick Deny IP address options to WHM interface

Upgrade within WHM or read the upgrade.txt in the tarball.

New csf v1.33

The latest release of csf is now available for upgrade within WHM with the following changes:

  • Added blocking of SSL POP3 and IMAP ports to LT (993/995)
  • Added option to Restart csf+lfd within WHM interface when appropriate
  • Added buttons to WHM interface to remove APF or BFD if still installed
  • Removed csf nat and mangle chain actions

New csf v1.32

Another release which addresses:

Modified log line checking to deal with syslog compression. This iswhere syslog will add a line “last message repeated X times” if thenext line it were to add is identical to the last. This could lead tologin attempts being missed. But no more – lfd now checks for thatline and repeats the processing of the previous log line X times tocount all the login failures

Upgrade via WHM or read upgrade.txt in the tarball.

New csf v1.31

I have released another new versiob of csf with the following changes:

  • Removed some redundant code from csf
  • Display error in csf if IP already in allow/deny file
  • Stopped from overwriting email templates
  • Added email notification for login tracking including a new email template tracking.txt
  • Added mod_security apache module IP blocking in lfd

Upgrade either through WHM or follow upgrade.txt in the tarball.

New csf v1.3

Can’t keep a good programmer down ;)Some nice new features and some speedups in this latest release:

  • Fixed a problem with the tick time in the alert report
  • Changed the way allow and deny IP addresses are inserted into iptables so that using the command line -a or -d doesn’t require a firewall restart
  • csf -l now shows iptables line numbers
  • Added login tracking (LT) options to keep track of POP3 and IMAP logins and limit them to X connections per hour per account per IP address. Uses iptables to block offenders to the appropriate protocol port only and flushes them every hour. All of these blocks are temporary and can be cleared by restarting csf

If you upgraded to v1.2 you should be able to upgrade now from within WHM, otherwise follow the upgrade.txt file in the tarball.

New csf v1.2

I’ve released a new version of csf with the following changes:

Fixed uninstall script to remove lfd from chkservdFixed lfd so that checks were not made on options where a log file is sharedFixed lfd stop/start to dis/enable chkservd optionAdded upgrade feature to WHM when a new version of csf is available

Follow the upgrade.txt file within the csf tarball – the last time you’ll need to do this manually if you use the new WHM upgrade feature 😉