ConfigServer closing down and now what?
Pinned
I just got the announcement in my news feed - https://configserver.com/announcement/
As a user / customer of ConfigServer, purchasing all of their commercial scripts & installation services since 2005 and being very reliant on their products for the past 20 years, I'm pretty floored right now.
Chirpy is the guy who made it possible for me to have a better, more efficient way, of securing my servers / sites / email functions etc.. for my small shared hosting business two decades ago. I've been so grateful for him (and Sarah) all these years... they've been there for me with each new server setup / migration, and I can honestly say I'm truly taken aback while trying to process this news, and truly nervous about what comes next.
Jonathan and Sarah - if you happen to read this - THANK YOU for everything! I would email you a direct thank you message right now, but I assume you are inundated following the announcement today.
To my fellow CSF/LFD/CMM/CMQ/CMC/OSM/MSFE/CXS reliant colleagues out there - any thoughts on what we'll need to do / where to go from here?
Trying to fathom not having the entire suite of amazing tools from ConfigServer, having to remove / replace them, etc... has my mind reeling.
-
All references to
download.configserver.comanddownload2.configserver.com removedAutoupdate OFF
This guide had been used i eva2000
https://github.com/centminmod/configserver-scripts/blob/main/README-gpl-csf.md
1) basically if I understood correctly, you need to restore
download.configserver.comanddownload2.configserver.com?2)Autoupdate ON
0 -
If you set everything back to the default it should work fine. I have mentioned to the team that it would be beneficial to get some documentation up as well as have a plan to get this installed on new cPanel systems or revert back to cPanel from other providers.
2 -
Thanks :)
0 -
Okay, so this is extremely concerning. I see that cPanel will NOT update anything greater than 14.24 (the last official CSF version). I'm among the many who changed over to the GPL3 v15.00 release on Github. It's a simple question:
What do I need to do to get back on the 14.24 release? I don't think I have those binaries around anymore.2 -
it says:
This configuration update applies only if all of the following are true:
-
Your server is using cPanel & WHM with the original CSF plugin.
-
Your server is running CSF version 14.0 or newer.
-
The CSF AUTO_UPDATES setting is enabled.
So any version 14.0 or newer is ok.
0 -
-
cPRex posted the email. It was VERY specific:
We will not make any changes if any of the following are true:
Your server is already using an alternate CSF provider:
cat /etc/csf/version.txt
Versions greater than 14.24 will not be switched over, so if the provider has updated the version file, you do NOT need to take the following action:
echo '14.25' > /etc/csf/version.txt
Your server is running CSF version 13.x or older.
The CSF AUTO_UPDATES setting is disabled.That "versions greater than 14.24 will not be switched over" is exactly the problem; v15.00 is indeed greater than v14.24.
I want to be on the cPanel-managed plugin. We changed our server over to v15.00 months ago, long before cPanel announced any intention of taking over the product.
2 -
Wonderful news for everyone still using it.
It is a bit too late for us, unfortunately, as we are now running Immunify360 for our infrastructure, *unfortunately.*Has a decision been made on the support with forks of the other old Way to the Web services?
CSF in itself is nice, but what made it an extremely effective suit was its integration with OSM/MSFE/CXS. I fully understand if this is too much work, cost, or legal difficulty; however, I would love to know if it's something we can still hope for or something we can write off as possible.0 -
With the price we pay for cpanel now it would be a welcome inclusion.
1 -
ITHKBO - at this time I'm only aware of us working on CSF itself.
0 -
cPanel will provide its own fork of CSF starting Feb 18, 2026
The knowledge base has been updated to reflect that users of the official W2W CSF GPL3 v15 fork will now ALSO be a part of the official cPanel CSF plugin support. Simply enable AUTO_UPDATES in the Initial Settings section of the firewall configuration and you should be good to go.
I submitted both a feature request and a support ticket regarding this matter and, happily, cPanel has decided to address the matter to ensure that all users of the official W2W CSF plugin, whether on the old 14.xx branch or GPL3 15 branch, will be supported. A massive THANK YOU to cPanel for not leaving us behind who had transitioned to the GPL3 fork.
2 -
Hi cPRex,
Regarding this, https://support.cpanel.net/hc/en-us/articles/37654028162071-cPanel-will-provide-its-own-fork-of-CSF-starting-Feb-18-2026 ,how exactly will the CSF update be implemented? A new cPanel 132 update will be released that will take over CSF by modifying the original link points?
download.configserver.com download2.configserver.com
Will it become 15.01?
Thanks
1 -
And piling on to ciao70's message above, what if we've deleted download servers? Will cPanel "fix" all the installed files as long as the version of the app is correct?
2 -
So far I’ve reinstated /etc/downloadservers and ensured auto updates are set as 1
0 -
This configuration update applies only if all of the following are true:
-
Your server is using cPanel & WHM with the original CSF plugin.
-
CSF is configured to use the original ConfigServer/W2W update source.
-
Your server is running CSF version between 14.00 and 15.00
-
The CSF AUTO_UPDATES setting is enabled.
0 -
-
The only thing I know officially at this point is that we're going to make it into an RPM. I still don't have exact details but the plan is for this to seamlessly take over existing installations while also allowing for new installs.
1 -
I hope that some more information will be released about this before the 18th.
1 -
@cPRex An RPM will solve any problems with the other various versions of CSF out there and installed. Perfect!
1 -
An APT package would be more useful on Ubuntu.
0 -
Flyer - that is true! I suppose I should have said "a package" instead of just saying RPM.
0 -
I was happy to discover that I'd only commented out the original download servers. That made it easy to restore the relevant settings. Just a few days left to see how this all plays out.
0 -
Hi cPRex
I'm going a little off topic, just to tell you that the forum email notifications are all ending up in spam.
Return-Path: <support@cpanel.zendesk.com> Delivered-To: ........@libero.it Received: from dcd-07.iol.local ([10.103.10.20]) by dcbackend-67.iol.local with LMTP id CIWPBvF9jml/sgcA3v7efA (envelope-from <support@cpanel.zendesk.com>) for <.............@libero.it>; Fri, 13 Feb 2026 02:27:13 +0100 Received: from dcp-16.iol.local ([10.103.10.20]) by dcd-07.iol.local with LMTP id oJaBBvF9jmkd9gAAc1N+UQ (envelope-from <support@cpanel.zendesk.com>) for <............@libero.it>; Fri, 13 Feb 2026 02:27:13 +0100 Received: from libero.it ([10.103.10.20]) by dcp-16.iol.local with LMTP id QBAdBvF9jmluLgEA26Pe9g (envelope-from <support@cpanel.zendesk.com>) for <...........@libero.it>; Fri, 13 Feb 2026 02:27:13 +0100 Received: from mta-out6.pod23.use1.zdsys.com ([192.161.149.36]) by smtp-20.iol.local with ESMTPS id qhxfvvCt9ztSqqhxgvC2mU; Fri, 13 Feb 2026 02:27:12 +0100 X-IOL-DMARC: pass con il dominio cpanel.zendesk.com X-IOL-DKIM: pass con il dominio d=zendesk.com X-IOL-SPF: pass con l'IP 192.161.149.36;cpanel.zendesk.com X-IOL-SEC: _SPFOK_DKIMOK_DMARCOK x-libjamoibt: 2601 Received-SPF: pass X-OX-Status: Spam X-Brightmail: 1.00 X-CNFS-Analysis: v=2.4 cv=PsOTbxM3 c=1 sm=1 tr=0 ts=698e7df0 b=1 cx=a_exe:a_idp_f p=b2NFhQABAAAA:8 a=rBCnUnxYNo1YFUwZg86Bhg==:117 a=rBCnUnxYNo1YFUwZg86Bhg==:17 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=8aetAnd6ITYA:10 a=sWKEhP36mHoA:10 a=g8TUdU_LZmEA:10 a=5lvv0OiTAAAA:8 a=mTBEmxhBv8ZVcQQhZAMA:9 a=QEXdDO2ut3YA:10 a=3g80flMcAAAA:8 a=nHVxSsbvAAAA:8 a=DJPDO21AAAAA:8 a=4jeXcJNPAAAA:8 a=hTaD_wgwAAAA:8 a=XGobgYRQAAAA:8 a=5XXxZb8BAAAA:8 a=Isxrup63AAAA:8 a=3j4BkbkPAAAA:8 a=BkpHzsgbAAAA:8 a=JqEG_dyiAAAA:8 a=SSmOFEACAAAA:8 a=05irGmwQp9PgQOrwO_MA:9 a=InTgqrGqLg2kKqFO:21 a=gKO2Hq4RSVkA:10 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=O23WzTs1fjcA:10 a=3urWGuTZa-U-TZ_dHwj2:22 a=rMxclhdgOeaSY-YbjAQ0:22 a=nKqQ59NK6bwl5gkIkoWv:22 a=0dfu0MTFE0SSHRGve28t:22 a=5MaId6W-Mwh0v0gARMjJ:22 a=x671NnTiCcqDJ46YcM8b:22 a=98ZCkkAdxKDail8pZ89N:22 a=3ayRVFhjqP3mLUqZaAXj:22 Authentication-Results: smtp-20.iol.local; dkim=pass header.d=zendesk.com header.b=Cf1Zflx+; bimi=fail (record unparsable: required version tag missing from record) header.d=cpanel.zendesk.com header.selector=default policy.authority=none Received: from zendesk.com (unknown [127.0.0.6]) by mta-out15.pod23.use1.zdsys.com (Zendesk) with ESMTP id 031013a8-0448-409a-a21b-c3d76484d405 for <............@libero.it>; Fri, 13 Feb 2026 01:27:11 +0000 (UTC) Return-Path: <support@cpanel.zendesk.com> Date: Fri, 13 Feb 2026 01:27:11 +0000 From: cPanel Support <noreply@cpanel.zendesk.com> To: ............@libero.it Message-ID: <3dcab295f55f1fd83edf4513e0f59bb1b5befd04@zendesk.com> In-Reply-To: <8bccb8287035131ae05bf288a1cbd279fa432069@zendesk.com> Subject: [Security] ConfigServer closing down and now what?
0 -
cPRex
Are there specific steps required for those running the CSF GPL‑3 version 15.00? From what I recall, that version has the download servers commented out. Should those comments be removed in order to receive the update, or does auto‑update only need to be enabled?0 -
This *may* be getting pushed to the 19th, but I haven't officially heard yet. Either way, it's happening this week. I'll share more info once I have it!
0 -
Hi cPRex
https://support.cpanel.net/hc/en-us/community/posts/33828230135831/comments/38377346453783
Can you have this verified? Forum notifications are still being classified as spam.
0 -
I'm not seeing any pending content to verify on my end - what problems are you seeing?
0 -
As reported here, all forum thread subscription email notifications arrive in my spam folder.
I posted an example of the header of an email that arrived in my spam folder.
0 -
Based on your email header showing DMARC, DKIM, and SPF passing, I don't believe the issue is with the sender but rather with spam scoring on the receiving end.
Further, AI suggests the one error noted "X-OX-Status: Spam" is receiving end spam scoring:
TheX-Spam-Status(or similarX-OX-Status) header in an email indicates the spam assessment results determined by the receiving server's filter. It typically includes a "Yes/No" flag, a numerical spam score, and the specific rules triggered. A higher score or a "Yes" flag means the message was classified as spam, often resulting in it being moved to the Junk folder.Key Aspects ofX-SpamHeaders:- Purpose: These headers are non-standard headers added by mail transfer agents (MTAs) to track how a message was handled by anti-spam software.
-
Components:
- X-Spam-Flag: YES/NO: Indicates if the filter flagged the email as spam.
- X-Spam-Status: Shows a breakdown of spam test results and total score.
- X-Spam-Level: Often uses stars (e.g.,
****) to represent the intensity of the spam score.
-
Scoring (Example):
- Over 300: Certain spam.
- 50–300: Probable spam.
- < 50: Legitimate, depending on the system configuration.
How to Use This Information:
If an email is wrongly identified, you can examine these headers to see which security rules (e.g., SPF, DKIM, or keyword filters) triggered the false positive. If you are a user, this helps confirm if your email provider's security system is working or if a legitimate email was wrongly marked as junk0 -
Ah, I missed that original message about the Forum notifications.
Let's keep this chain focused on the CSF issues since this pings dozens of users now with each update, although I haven't received complaints from other users.
Feel free to start a new thread if this is something you think needs to be looked at on our end.
0
Post is closed for comments.
Comments
258 comments