csf

New csf v14.10

Changes:

  • Fixed error message regarding location/permissions to the iptables binary in correctly referencing ip6tables
  • Added PASV port range hole for VZ servers on cPanel for new installs
  • Fixed MESSENGERV3 Apache tree search where ServerRoot is not configured so that csf defaults to /etc/apache2/ so that relative Includes are still defined correctly
  • Modified LF_BIND regex to deal with new log field

New csf v14.09

Changes:

  • Improvements to CC IP lookup binary search
  • Modified index.recaptcha.php and index.php to use square instead of deprecated curly brackets on array index for PHP v7.4+
  • Modified Server Check regex matching on include in dovecot config files in RHEL v8+
  • Added workaround for iOS issue with bootstrap modals
  • Added EOL messages to Server Check report
  • Modified dovecot.conf parsing on cPanel for include_try in Server Check
  • Modified Apache 404 regex to check for either “info” or “error”
  • Added two new CLI options: –temprma [ip], –temprmd [ip]. This allows distinction between allow and deny that does not exist for –temprm [ip]
  • Updated UI to offer either –temprma [ip] or –temprmd [ip] instead of –temprm [ip]
  • Added PHP v7.2 EOL notice to Server Report

New csf v14.08

Changes:

  • Added missing images/ subdir to webmin and interworx installers
  • Added new option LF_TEMP_EMAIL_ALERT. This allows the disabling of temp IP block emails. It is enabled by default (send temp email alerts as before)

New csf v14.07

Changes:

  • Added missing images/ subdir to DA installer

New csf v14.06

Changes:

  • If DOCKER is enabled and the iptables nat table exists, csf now creates a DOCKER chain in the nat table for IPv4
  • cPanel additions to csf.pignore on new and existing installs
  • Disable reputation service on error
  • Added new options MESSENGERV3PERMS and MESSENGERV3GROUP for the creation of the MESSENGER_USER public_html directory. See csf.conf for information, defaults set for each install control panel type where possible
  • Added exe:/sbin/rngd to csf.pignore for new installations

ConfigServer Scripts on cPanel v92 and CentOS v8

For those venturing into the new world of cPanel v92 in the EDGE tier on CentOS v8.2, our initial tests show that all of our scripts and products install and work as expected.

We had already done extensive work on CentOS v8 with csf, cxs and MailScanner to ensure they work in this new OS iteration (mostly on DirectAdmin) and the cPanel environment continues to provide for the resources needed to make installation, configuration and functionality straightforward.

New csf v14.05

Changes:

  • Modified dovecot pop3d/imapd log line parsing to repeat single lines reporting multiple login failure attempts
  • Additional entries in csf.pignore for new installs on CyberPanel v2
  • cPanel additions to csf.pignore on new and existing installs
  • Convert embedded IPv4 addresses in /proc/net/tcp6 back to IPv4

New csf v14.04

Changes:

  • Added two new options: CC_MESSENGER_ALLOW, CC_MESSENGER_DENY. These options can control which Country Code IP blocks are redirected to the MESSENGER service, if it is enabled
  • Fixed some typos in csf.conf
  • Added DirectAdmin diagnostics to the admin UI for session security checks, together with a method to skip the checks if desired

New csf v14.03

Changes:

  • Updated DSHIELD blocklist to use https
  • Updated Server Check PHP EOL information
  • Improved DA session checking
  • Improved DA Server Check report
  • Modified cpanel.comodo.allow and cpanel.comodo.ignore with an additional IP address
  • MESSENGERv3 now out of BETA testing
  • Added UDP ports 80 and 443 to UDP_IN/UDP6_IN for new installations to support QUIC/HTTP3
  • Modified DA regex for Roundcube v1.4+
  • Modified DIRECTADMIN_LOG_R to point to /var/www/html/roundcube/logs/errors.log for Roundcube v1.4+ by default on new installs and change for old installs if not already set
  • Added a new DA regex for phpMyAdmin
  • Modified iframe resizer on DA, thank you to Martynas @ DirectAdmin
  • Updated Integrated User Interface documentation to point to the latest Apache docs
  • Added newly generated self-signed keys for lfd UI
  • Updated Server Report descriptions for cPanel
  • Updated Server Report for systemd processes
  • Added back cPanel update check to the Server Report now that it has been reinstated by cPanel
  • Removed outdated Server Report checks

New csf v14.02

Changes:

  • Added new BETA TESTING option: MESSENGERV3. This provides the MESSENGER service utilising the local webserver. It currently supports Apache v2.4+ and Litespeed/Openlitespeed. As the first iteration this likely contains bugs and may not be suitable for production environments. See csf.conf and readme.txt for more information
  • Changed Country Code Lookup source to ipdeny.com
  • Added CC_ALLOW_SMTPAUTH to all configurations for the benefit of servers other than cPanel running Exim
  • Modify CC_ALLOW_FILTER to allow RELATED, ESTABLISHED connections through so that outgoing connection replies from remote sites not in CC_ALLOW_FILTER are accepted
  • Added a note in csf.conf regarding MESSENGER_CHILDREN, that consideration needs to be made for local images displayed on the page. The default has also been increased to 20 for new installations Modifications to MESSENGER server to speed up connection response time and improve stability
  • Modifications to LFD UI and CLUSTER server to improve stability
  • Added SUDO login alerts: LF_SUDO_EMAIL_ALERT. This will send an email alert using the sudoalert.txt template whenever there is a failed or successful SUDO connection. SUDO_LOG must be set to the correct log file. LF_SUDO_EMAIL_ALERT is disabled by default
  • Added new entry in csf.pignore on cPanel servers for v86+:
    exe:/usr/libexec/dovecot/imap-hibernate
  • Added Server Check for EOL PHP v7.1
  • Removed cPanel update checks from the Server Report now that the options are no longer available in cPanel v86+
  • NOTICE: We are deprecating support for Virtuozzo/OpenVZ servers. Future releases will not take into consideration those platforms which have become onerous to support. The software application may continue to work but support and functionality is no longer guaranteed