ConfigServer closing down and now what?
Pinned
I just got the announcement in my news feed - https://configserver.com/announcement/
As a user / customer of ConfigServer, purchasing all of their commercial scripts & installation services since 2005 and being very reliant on their products for the past 20 years, I'm pretty floored right now.
Chirpy is the guy who made it possible for me to have a better, more efficient way, of securing my servers / sites / email functions etc.. for my small shared hosting business two decades ago. I've been so grateful for him (and Sarah) all these years... they've been there for me with each new server setup / migration, and I can honestly say I'm truly taken aback while trying to process this news, and truly nervous about what comes next.
Jonathan and Sarah - if you happen to read this - THANK YOU for everything! I would email you a direct thank you message right now, but I assume you are inundated following the announcement today.
To my fellow CSF/LFD/CMM/CMQ/CMC/OSM/MSFE/CXS reliant colleagues out there - any thoughts on what we'll need to do / where to go from here?
Trying to fathom not having the entire suite of amazing tools from ConfigServer, having to remove / replace them, etc... has my mind reeling.
-
I know there's still lots of uncertainty and speculation about this, but we can't have any legal discussions here about who will own things once the company closes or any other legal issues - thanks!
0 -
I'm all ears about possible solutions to replace CSS&F and CSX. With neither being portable to new IP addresses and the IP Reputation System stopping operation at the end of the month, security will be rather quickly degraded. I am hopeful that they'll open-source CSS&F in time.
Very much like the product. I think that 30 days is just shockingly short notice for a product we've used for nearly 20 years.
0 -
They mentioned possibly open-sourcing CSF to their github but I can't seem to find a link to monitor. Since their website will dissapear how can we keep track of whether or not it goes FOSS? Anyone know?
0 -
I'm really worried about this. What are the best products to replace CSF, CSX, Mailscanner?
1 -
Indeed, I can't find a substitute for MSFE :(
0 -
Hi all!
Will we have to pay for licenses for, say, Imunify? :(0 -
Depends on what you choose as alternative software though most suppliers use subscription models these days. I will use the Imunify as the example below but this is not to be considered a endorsement of the product itself. Please do in addition your own research at all times.
If you decide to go with Imunify the base version is free but is very limited. It does not include things like file removal or firewall management so I would not recommend the base version as replacement if you had CSF, CXS etc..
https://support.cpanel.net/hc/en-us/articles/360049068973-What-s-the-difference-between-ImunifyAV-ImunifyAV-and-Imunify360
Also If you used mailscanner and mailscanner front end particulary those are not things covered under the regular Imunify products. You will require imunifyemail. In addition outgoing is integrated and fully supported in imunifyemail but incoming filtering is in beta and potentially not ready for production environments. https://blog.imunify360.com/introducing-incoming-email-filtering-now-in-beta-for-imunifyemail
Keep in mind Mailscanner is not from WaytotheWeb and is not deprecated as such you can safely keep using it. However Mailscanner regular management is done by console, terminal there is no front-end. The front end (MSFE) is a product from WayToTheWeb. You can find regular mailscanner here: https://www.mailscanner.info/
Unless we receive any CVE related to the front-end you can keep using MSFE for the time being without much risk.Unfortunately lifetime licenses are also not something you can get with Imunify so expect monthly expenses. Imunify is a product from CloudLinux Software and not from cPanel L.L.C / WebPros
However you can purchase subscription from cPanel at https://www.cpanel.net/pricing/
Maybe cPanel can do something with the pricing if you ask sales and explain the situation but that is something on their discretion of course they did not have any say in this matter and are as much as us surprised by the news.0 -
Yep! from $12 > $45 !!!
0 -
Unless CSF contains binaries, it should not be so hard for it to be forked. Likewise, if ConfigServer decides to open source CSF, it doesn't mean it's gonna do so right away. In any case, the software should work with no issues for quite some time. After all, it's an iptables frontend, right?
0 -
Well, yes and no.
CSF will keep working on current systems. But it does not support nftables and it was already known that it does not work on Almalinux 10 or at least that errors occur on Alma 10.
That might point out that it might also not work on newest Debian (and deratives).0 -
As long as we can fork it, that won't be an issue. Hell it may be the 2nd project to add under the Engintron umbrella.
-1 -
With the planned open-source release, you could just put your "umbrella" away and contribute to the community that would benefit the most users of the current CSF. If that release doesn't happen in the next 4 days, then you can start waving your brand flag around for your new fork.
2 -
Well.... we'll see that in a couple of days I guess. :)
Edit: FYI. My response was to Fotis Evangelou (Engintron). Seems I posted the same time as TCH so order got mixed up, but I was not responding to him.
0 -
Oh yes... for those interested, years ago APF/BFD was a competitor for CSF/LFD.
There is a github present for that one.
https://github.com/rfxn/advanced-policy-firewall
I'm not sure if anything can ben done/improved with it.
-1 -
Let's keep everything civil here.
3 -
For me what worries the most is the mailscanner fe, it has been a truly useful tool for us over the years and haven't found anything like that to replace it
2 -
screege , same here. As one man running a small shared hosting operation, MSFE is indispensable to me and this situation is definitely taking my anxiety to a higher level.
1 -
We're in the same boat smb hosting mailscanner OSM and CSF are our primary tools to have visibility of what's happening, they should put a rent plan maybe
1 -
Does anyone have the official WaytotheWeb GitHub? cPRex – is it allowed to be posted here? If so, could someone please share the link?
0 -
The scripts were released on Github this morning: https://github.com/waytotheweb/scripts
5 -
Like Pro Active mentioned, free scripts were released under open source licensing ~2hrs ago https://github.com/waytotheweb/scripts.
I compared the CSF Firewall GPLv3 open source code (v15.00) to the last configserver.com released code (v14.24) and wrote a summary at https://github.com/centminmod/configserver-scripts/blob/main/README-gpl-csf.md.
6 -
Hi,
Version 15.00 released under the GPLv3 license
https://github.com/waytotheweb/scripts/blob/main/csf/changelog.txt
The great Eva2000 has put all the differences between version 14.24 and 15.00
https://github.com/centminmod/configserver-scripts/blob/main/README-gpl-csf.md
4 -
Can you update this page with any news regarding CSF? :)
Thanks
1 -
I'm sure we will at some point, but there isn't much to share just yet.
0 -
eva2000 Awesome George! Thanks for the write up!
1 -
Looks like cPanel forked the GPLv3 release repo so maybe they have their own plans too https://github.com/cpanel/waytotheweb-scripts :)
3 -
Massive thanks to open sourcing this!
0 -
With 2 days to go i am wondering if there is anything else to do. I have the latest versions of all my installed configserver apps which i have had for awhile, i always update right away.
My questions come from the fact that CS was saying that if you dont update, then the older version you have wont work anymore after the 31st.
Does that mean they have already updated the version i have to remove the "phone home" to CS?
Does that mean that i have to uninstall what i have and reinstall what is listed on github?
How do they plan to change the lastest version from functional to non functional for those that already have the lastest version installed? Are they going to issue one last update to all apps on the 31st at midnight to the new code?
I dont get their process?
0 -
Short answer: The ConfigServer shutdown affects all OS/distributions (not just Alma/RHEL). You don’t need to rip CSF out today, but you should plan a migration.
Pragmatic, OS-agnostic plan
-
Stabilize now
-
Keep CSF running, disable auto-updates, and back up configs:
tar czf /root/csf-backup.tgz /etc/csf /etc/lfd.conf -
Schedule changes during a maintenance window with console access.
-
Baseline firewall by family
-
RHEL/Alma/CloudLinux 8/9/10 → firewalld (nftables):
dnf install -y firewalld && systemctl enable --now firewalld firewall-cmd --permanent --add-service=ssh firewall-cmd --permanent --add-service=http --add-service=https firewall-cmd --permanent --add-port=2083/tcp --add-port=2087/tcp --add-port=2096/tcp # Mail (open only what you actually use) firewall-cmd --permanent --add-port=25/tcp --add-port=465/tcp --add-port=587/tcp # FTP passive (adjust to your PASV range) firewall-cmd --permanent --add-port=49152-65534/tcp firewall-cmd --reloadThen cleanly disable CSF/LFD:
csf -x systemctl disable --now lfd csf -
Ubuntu/Debian → ufw (nftables under the hood):
apt-get update && apt-get install -y ufw ufw allow OpenSSH ufw allow 80,443/tcp ufw allow 2083,2087,2096/tcp ufw allow 25,465,587/tcp ufw allow 49152:65534/tcp ufw enable
-
Brute-force & auth
-
Enable cPHulk (WHM » Security Center).
-
Use SSH keys and, if possible, disable password auth.
-
Replace the “suite” pieces with maintained tools
-
WAF/Malware/Hardening: Imunify360 (or ImunifyAV+ + ClamAV/Maldet if budgets are tight).
-
Email filtering & reputation (in/out): ImunifyEmail for outbound abuse/reputation; SpamExperts / N-able Mail Assure for cloud inbound/outbound filtering (keeps junk off the server and reduces ticket noise).
-
Edge WAF/CDN (optional): Cloudflare (or similar) for L7 protection and caching.
-
Rollback
-
Keep the previous kernel available in GRUB and ensure you have IPMI/KVM or VPS console access for emergencies.
If/when CSF’s free scripts appear under an open license, great—but for continuity, plan on firewalld/ufw + a supported security stack going forward.
-1 -
Post is closed for comments.
Comments
258 comments