ConfigServer Services Blog

New release with a nice new feature:

• Modified lfd to use a child reaper instead of ignoring the CHLD signal
• Added login failure detection of cpanel, webmail and whm connections – this will only work for access to non-secure ports as cPanel doesn’t know the IP address of the user when connection are over SSL due to the way stunnel works

Released to fix a problems for VPS servers

New release with a new feature that can reduce your overall risk exposure:

• Removed erroneous ‘s in lfd.log
• csf start automatically does a restart to avoid problems with any existing iptables rules or chains
• Added new option “Deny Server IPs” and associated file csf.sips to allow blocking of all traffic on server configured IP’s if they’re not in use
• Added notification to CLI and WHM UI if TESTING still enabled

I will have a break soon 😉

• lfd modification to avoid a race condition with the ALRM calls
• Added new feature – /etc/csf/csf.ignore can contain IP addresses that are ignored by lfd. If an event is triggered it may be logged in lfd.log but will not result in an email alert – e.g. you could list your own IP address to avoid alerts from when you login over SSH, etc
• Added WHM UI option to edit the ignore file

Bug fix release and I’ve included the changes for v1.54 too:1.54:

• Fixed a strict refs issue in lfd

1.53:

• Fixed IP DNS lookup routine to avoid empty () when no host found
• Added local DIE for ALRM calls for IP lookups and netstat commands
• Removed chkservd restart from /etc/init.d/lfd so that it behaves like other monitored services
• Improved error trapping routines to better report to lfd.log if the process dies

A new version of csf. I’m going to take a development break for a while, though any problems with the scripts/firewall will be worked on immediately. The new features:

• Optimised logging in lfd
• Improved error handling and reporting in lfd
• Modified WHM UI report to include all data, not just a single day
• Improved DROP logging to SYSLOG
• Added logging of dropped ICMP connections
• Added new option DROP_IP_LOGGING to log IP addresses that have been blocked in csf.deny or by lfd with temporary connection tracking blocks

New version of csf released with the following changes:

• Added new feature – Connection Tracking. Enables tracking of all connections from IP addresses to the server. If the total number of connections is greater than CT_LIMIT then the offending IP address is blocked in csf, or temporarily blocked in iptables. This can be used to help prevent some types of DOS attack
• Added new feature – SSH login alerts. An email is sent if a successful
• SSH login is detected
• Fixed a descriptive issue with the WHM UI
• Modified so that lfd checks that it doesn’t block a server IP

Upgrade as usual through WHM.

Some new features for the csf firewall:

Upgrade within WHM or read the upgrade.txt in the tarball.

The latest release of csf is now available for upgrade within WHM with the following changes:

Another release which addresses:

Upgrade via WHM or read upgrade.txt in the tarball.