Server Software and Configuration Services
New csf v10.18
Changes:
- Stability improvements to the UI daemon
- Fixed MESSENGER log entry spelling
ConfigServer Services Blog
New cmc v3.00
Changes:
- Modified and simplified output to use both top-level and LocationMatch wildcard SecRuleRemoveById statements to cover both types of rule. Existing conf files are only updated once they have been changed via the UI
- Added warning to files that cmc creates to not modify them manually and then use cmc, as they will be overwritten
- Removed old migration code
- Updated cPanel Documentation URL in Help to point to EA4 information
New csf v10.17
Changes:
- Prevent Cluster and UI daemons from terminating the main process if they themselves terminate
- Modify Cluster and UI daemons to restart if they are stopped or fail
- Modify Cluster and UI daemons to be more verbose about reasons for stopping
- Fixed typos in readme.txt and csf.conf
- Added MESSENGER child logging to /var/log/lfd_messenger.log, also for MESSENGERV2 via a new index.recaptcha.php
- Modified logrotate configuration to include /var/log/lfd_messenger.log
New csf v10.16
Changes:
- Fixed issue in 10.15 which was causing the Cluster daemon to exit unexpectedly
New csf v10.15
Changes:
- New EXPERIMENTAL feature on cPanel servers: MESSENGERV2. This uses the Apache http daemon to provide the web service for MESSENGER HTML and HTTPS
- Added new option LF_APACHE_401 that works in a similar way to LF_APACHE_404 and LF_APACHE_403
- Added new option RECAPTCHA_ALERT. This will send an email when a recaptcha unblock request is attempted by lfd. This option is enabled by default
- Stability improvements to UI, MESSENGER and CLUSTER daemon processes
- Added memory usage information to lfd log when using MESSENGER_HTTPS
- Add limiter to enforce MESSENGER_CHILDREN when connections are waiting for a child process
- Modify MESSENGER HTML examples for new installs to use inline images to improve page load speed and reduce lfd overheads
- Modified network interface detection to allow dash (-) in name
- URL updates in Server Check
- Increased the default value for MESSENGER_RATE to 100/s (from 30/m) and MESSENGER_BURST to 150 (from 5) for all installations to alleviate slow MESSENGER response times
- Set the SELinux security context for systemd and executable files
- Ensure firewalld is masked on systemd servers
New rkhunter v1.4.4 has been released
Changes:
See https://sourceforge.net/p/rkhunter/news/2017/06/rootkit-hunter-release-144/
For those that have had our Service Package work done, you can upgrade using:
cd /usr/src rm -Rfv rkhunter* wget http://prdownloads.sourceforge.net/rkhunter/rkhunter-1.4.4.tar.gz tar -xzf rkhunter* cd rkhunter-* ./installer.sh --layout default --install cd .. /bin/rm -Rfv rkhunter*
New csf v10.14
Changes:
- Made configuration checks on iptables more fault tolerant to avoid unnecessary failures while loading
- Removed openbl.org from csf.blocklists for new and existing installs
- More generic binaries added to csf.pignore
csf GREENSNOW blocklist and PayPal IPN
If you are using the GREENSNOW blocklist in /etc/csf/csf.blocklists then please note that one of the paypal notify IP addresses is currently being listed. This will affect PayPal IPN notification to stores.
The IPN they (greensnow) are blocking is: 173.0.81.1
We have reported this to them, but in the meantime you might want to either disable the GREENSNOW blocklist (then restart csf and then lfd) or whitelist the blocked IP address in /etc/csf/csf.allow using:
tcp|in|d=80|s=173.0.81.1 # Paypal Notify tcp|in|d=443|s=173.0.81.1 # Paypal Notify
Then restart csf and then lfd.
To avoid such instances in the future you may wish to whitelist the IP addresses involved with PayPal IPN by adding the following to csf.allow:
tcp|in|d=80|s=64.4.248.8 # Paypal IPN do not delete tcp|in|d=80|s=64.4.249.8 # Paypal IPN do not delete tcp|in|d=80|s=66.211.169.17 # Paypal IPN do not delete tcp|in|d=80|s=173.0.84.40 # Paypal IPN do not delete tcp|in|d=80|s=173.0.84.8 # Paypal IPN do not delete tcp|in|d=80|s=173.0.88.40 # Paypal IPN do not delete tcp|in|d=80|s=173.0.88.8 # Paypal IPN do not delete tcp|in|d=80|s=173.0.92.8 # Paypal IPN do not delete tcp|in|d=80|s=173.0.93.8 # Paypal IPN do not delete tcp|in|d=80|s=66.211.170.66 # Paypal Notify tcp|in|d=80|s=173.0.81.1 # Paypal Notify tcp|in|d=80|s=173.0.81.0/24 # Paypal Notify tcp|in|d=80|s=173.0.81.33 # Paypal Notify tcp|in|d=443|s=64.4.248.8 # Paypal IPN do not delete tcp|in|d=443|s=64.4.249.8 # Paypal IPN do not delete tcp|in|d=443|s=66.211.169.17 # Paypal IPN do not delete tcp|in|d=443|s=173.0.84.40 # Paypal IPN do not delete tcp|in|d=443|s=173.0.84.8 # Paypal IPN do not delete tcp|in|d=443|s=173.0.88.40 # Paypal IPN do not delete tcp|in|d=443|s=173.0.88.8 # Paypal IPN do not delete tcp|in|d=443|s=173.0.92.8 # Paypal IPN do not delete tcp|in|d=443|s=173.0.93.8 # Paypal IPN do not delete tcp|in|d=443|s=66.211.170.66 # Paypal Notify do not delete tcp|in|d=443|s=173.0.81.1 # Paypal Notify do not delete tcp|in|d=443|s=173.0.81.0/24 # Paypal Notify do not delete tcp|in|d=443|s=173.0.81.33 # Paypal Notify do not delete
And the following to csf.ignore:
64.4.248.8 # Paypal IPN 64.4.249.8 # Paypal IPN 66.211.169.17 # Paypal IPN 173.0.84.40 # Paypal IPN 173.0.84.8 # Paypal IPN 173.0.88.40 # Paypal IPN 173.0.88.8 # Paypal IPN 173.0.92.8 # Paypal IPN 173.0.93.8 # Paypal IPN 66.211.170.66 # Paypal Notify 173.0.81.1 # Paypal Notify 173.0.81.0/24 # Paypal Notify 173.0.81.33 # Paypal Notify
Remember to restart csf and then lfd after making any changes.
For up to date IP lists, see this link.
…and yes, we fell afoul of this.
New csf v10.13
Changes:
- Fixed looping/timeout of integrated UI children when Chrome client is used
New MailScanner Front-End (msfe) v8.09
Changes:
- Fixed issue with full-screen MailControl not setting charset to UTF-8