ConfigServer closing down and now what?
Pinned
I just got the announcement in my news feed - https://configserver.com/announcement/
As a user / customer of ConfigServer, purchasing all of their commercial scripts & installation services since 2005 and being very reliant on their products for the past 20 years, I'm pretty floored right now.
Chirpy is the guy who made it possible for me to have a better, more efficient way, of securing my servers / sites / email functions etc.. for my small shared hosting business two decades ago. I've been so grateful for him (and Sarah) all these years... they've been there for me with each new server setup / migration, and I can honestly say I'm truly taken aback while trying to process this news, and truly nervous about what comes next.
Jonathan and Sarah - if you happen to read this - THANK YOU for everything! I would email you a direct thank you message right now, but I assume you are inundated following the announcement today.
To my fellow CSF/LFD/CMM/CMQ/CMC/OSM/MSFE/CXS reliant colleagues out there - any thoughts on what we'll need to do / where to go from here?
Trying to fathom not having the entire suite of amazing tools from ConfigServer, having to remove / replace them, etc... has my mind reeling.
-
cpRex mentioned the following earlier:
“ Later today, February 25, we're releasing an autofixer that will start to update servers to use the cPanel provided CSF distribution. This is going to be limited to security and critical updates while we work on a more robust firewall solution that will be available in WHM, hopefully later this year.
This update will be a slow rollout, starting with users on version 110, and expanding to other systems over the next several days. This means that if you don't see your machine update in the next 24 hours there isn't anything wrong, we're just using a slow rollout system with this release to ensure all is well.”
Just be patient 😁
0 -
I can confirm that the rollout has begun on cPanel 110. We're on 110.0.89 and I just ran upcp manually to see this in the terminal output:
[/usr/local/cpanel/scripts/autorepair] Running autorepair on cpanel_csf_install
Subsequently, the system logs show this:
Feb 25 23:23:58 xxxxxxxx lfd[2189364]: daemon started on xxxxxxxxxxxxx - csf v16.08 (cPanel)
So yeah, fam. Be patient. You don't need to do anything other than wait.
0 -
We were running a fork of CSF from Github, version 15.14.
Tried updating manually from the cPanel docs ( https://docs.cpanel.net/knowledge-base/third-party/how-to-install-csf/ ).
Made a backup of csf.conf first then ran the update. All went OK.
Thanks to all @cPanel :)
0 -
Did I miss the rollout? No changes on my servers, all eligible to update CSF.
0 -
cPRex mentioned the following earlier:
“ Later today, February 25, we're releasing an autofixer that will start to update servers to use the cPanel provided CSF distribution. This is going to be limited to security and critical updates while we work on a more robust firewall solution that will be available in WHM, hopefully later this year.
This update will be a slow rollout, starting with users on version 110, and expanding to other systems over the next several days. This means that if you don't see your machine update in the next 24 hours there isn't anything wrong, we're just using a slow rollout system with this release to ensure all is well.”
1 -
I'm on CPanel version 134.x so not getting the auto update just yet.
I just performed the manual update method, all went fine and now I have css v16.08
0 -
Random question.
I'd previously followed the steps at https://support.cpanel.net/hc/en-us/articles/34621517759255-Error-from-Cron-regarding-failed-CSF-update-after-August-31-2025. Then changed to a fork of CSF.
But now that the cPanle docs have been published at https://docs.cpanel.net/knowledge-base/third-party/how-to-install-csf/?_gl=1*1vqnhsu*_ga*NTgwMzIxMTU1LjE3MTE0NDU0NjY.*_ga_JD73TMP2E6*czE3NzIxMTg5NjUkbzI1NSRnMSR0MTc3MjEyMDY3OSRqNTgkbDAkaDQ3NTUwMDk5OA..*_gcl_au*MTE3MTQ4NjY5My4xNzY1ODk2NTg5
I followed the "Upgrade to cPanel CSF" to the cPanel supported version, which worked fine.
However, can I confirm that this has reenabled auto-update/cron jobs to allow CSF to update, now is it now part of the usual cPanel update routines, or do I need to make any manual changes?0 -
SPDTeam - if you have the package on your server you don't need to do anything else.
0 -
Sorry if already answered:
I manually installed the new cPanel CSF package and it appears to have worked (csf now reports v16.08 (cPanel), and /usr/sbin/csf is owned by the cpanel-csf RPM from the cpanel-plugins repo).
However, I can’t see anything on the system that would actually apply future updates automatically.
I checked for the usual scheduled mechanisms:
-
No CSF self-update cron present (no /etc/cron.d/csf_update and nothing calling
csf -uanywhere under /etc/cron.* or /var/spool/cron). -
I expected the nightly cPanel maintenance (upcp) might handle this now, but I can’t find any evidence of it being scheduled or invoking dnf/yum:
-
/etc/cron.donly containscpanel-analyticsandcpanel_autossl(no upcp cron file visible) -
grep -RIn 'upcp|dnf|yum' /etc/cron.dreturns nothing -
grep -RIn 'dnf|yum' /usr/local/cpanel/scripts/upcp /usr/local/cpanel/scripts/*returns nothing (at least in the first 50 hits)
So although CSF is now package-managed (cpanel-csf), it looks like it will only update when the admin runs
dnf update(or sets up dnf-automatic / a cron to update cpanel-csf).Can cPanel confirm what the intended automatic update mechanism is for cpanel-csf on AlmaLinux 8 systems? Is there supposed to be a cPanel-managed scheduled task that updates packages from
cpanel-plugins, or is the expectation that admins enable dnf-automatic / run OS updates themselves?0 -
-
cPanel uses Yum for many packages, including the EasyApache system, and packages are updated nightly as part of the server maintenance process.
0 -
https://docs.cpanel.net/changelogs/configserver-security-firewall-csf-change-log/
As you said, the release will be gradual, do you know when it will be available for the 134? :)0 -
I don't yet - we're specifically doing this slow over a week to ensure there are no odd issues that appear, and so far we haven't heard of any coming up.
0 -
Thanks :)
0 -
Few people here asking how they know if it happens.
You receive the message below. One of our reseller servers on 110 updated. Our main server is 134 so will come once the rollout reaches that.
Dear WHM administrator,
Following our earlier announcement, the ConfigServer Security & Firewall (CSF) configuration on “server1.beckdale.co.uk” has been modified to receive updates from the CSF fork maintained by cPanel. We have taken over security maintenance of this plugin to ensure that your servers continue receiving critical security and stability fixes. No further action is required by you at this time, and your firewall rules and settings remain unchanged.
If you wish to change CSF on your system to a different provider of the software, now that this upgrade has occurred, you will need to uninstall cPanel's instance of CSF before switching. For more information about the process of uninstalling cPanel's CSF, see our documentation on this topic.
Best regards,
The cPanel Team
0 -
And if you check the csf page the version updates from 14.24 to 16.08
0 -
I'm still at 15.00. . .
0 -
jeffschips - and what version of cPanel are you on?
0 -
Correct
0 -
Sorry for the delay I'm on Version134.0.9, and I see you're not up to their yet so I should wait?
0 -
jeffschips - yes, just wait a bit and it will get to version 134.
0 -
Has anyone else noticed that since cPanel 132 that CSF does not block failed POP3/IMAP connections, only SMTP.
The impacted servers are running AlmaLinux 8.
I still have one server on cPanel 110 and it is still blocking failed POP3/IMAP connections.
I also run Imunify360 on all servers.
This was just an observation on my side and was wondering if anyone else has noticed the same.
I have a ticket open with cPanel in this regard.
0 -
Allen Daniels - this might be better served in its own thread as this area is mostly used for updates on the new release.
In version 132 we hadn't yet made any changes, but it's something we can look into.
Can you share that ticket number so I can follow along?
0 -
cPRex Thanks, I have done so. Here is the ticket number 95947162. Support has requested access to one of the servers to have a look.
0 -
Thanks - I'm following along with that now!
0 -
UPDATE - we've released the autofixer for all versions just a few minutes ago!!!
0 -
@... - we just pushed this update a few minutes before I made that post. Your system hasn't run the nightly update yet most likely.
0 -
I ran cPanel update manually, cPanel version is 132.0.25 and csf version is now 16.09
1 -
I manually updated cPanel, and CSF went from version 15.00 to 16.09. We use the Cloudflare firewall integration within CSF, and I noticed that the csf.cloudflare settings were not carried over during the update.
I do have a backup of the CSF configuration and can re-add those entries. Is there anything else that typically needs to be reconfigured or verified after this update?
0 -
pixelweb - you shouldn't need to manually reconfigure anything after the update. If things are getting moved over that's an issue we need to look into.
Can you get me the full path to your csf.cloudflare file and the content of that file so I can do some additional testing? It would also be good to know your operating system as well.
0
Post is closed for comments.
Comments
258 comments