ConfigServer closing down and now what?
Pinned
I just got the announcement in my news feed - https://configserver.com/announcement/
As a user / customer of ConfigServer, purchasing all of their commercial scripts & installation services since 2005 and being very reliant on their products for the past 20 years, I'm pretty floored right now.
Chirpy is the guy who made it possible for me to have a better, more efficient way, of securing my servers / sites / email functions etc.. for my small shared hosting business two decades ago. I've been so grateful for him (and Sarah) all these years... they've been there for me with each new server setup / migration, and I can honestly say I'm truly taken aback while trying to process this news, and truly nervous about what comes next.
Jonathan and Sarah - if you happen to read this - THANK YOU for everything! I would email you a direct thank you message right now, but I assume you are inundated following the announcement today.
To my fellow CSF/LFD/CMM/CMQ/CMC/OSM/MSFE/CXS reliant colleagues out there - any thoughts on what we'll need to do / where to go from here?
Trying to fathom not having the entire suite of amazing tools from ConfigServer, having to remove / replace them, etc... has my mind reeling.
-
Official comment
UPDATE - here is the current plan.
Later today, February 25, we're releasing an autofixer that will start to update servers to use the cPanel provided CSF distribution. This is going to be limited to security and critical updates while we work on a more robust firewall solution that will be available in WHM, hopefully later this year.
This update will be a slow rollout, starting with users on version 110, and expanding to other systems over the next several days. This means that if you don't see your machine update in the next 24 hours there isn't anything wrong, we're just using a slow rollout system with this release to ensure all is wel.
-
PS - cPRex - definitely looking forward to your thoughts on this, and wondering what changes and solution replacements you would personally choose yourself.
0 -
Oof - I'm not smart enough to have any thoughts on this just yet as this is a major surprise to everyone. I'm asking around internally and talking with some people, so maybe I'll have better thoughts later.
2 -
ConfigServer Security & Firewall has been something of a crutch that cPanel has been leaning on for decades—for the good of us all.
Now we have this sucking chest wound to deal with. Besides Cloudflare, with its advanced pre-filtering options, is there even a ConfigServer equivalent out there with a reasonable control panel?
I mean, sure, cPHulk Brute Force Protection has always been the "Hey, at least we are trying..." option, firewall-wise... but it would need some significant updates to align with CSF standards.+++
I know the cPanel purse strings are tight, but maybe step up and help this guy out for the good of the cPanel ecosystem?2 -
Major surprise and it's short notice too. But well, we are very thankfull for all the years we could use their free firewall system.
Their software is copyrighted. However, since they are stopping fully with everything there might be an option.
That would mean somebody who knows programming/coding would have to ask them before they close, to get the legal rights to (for example) develop CSF open source like via Github or something. So this way CSF could live beyond Way to the Web. But they have to give written permission for that to be legal. So lets hope somebody is willing to ask.
I'm no programmer and no coder otherwise I would ask myself.
Even with only CSF it might be a lot of work. Changes need to be made so CSF can work on RHEL 10 (and deratives like Alma 10) and needs to be able to work with nftables for all newer OS systems.
I hope something like this can be achieved and agreed up on with the CSF developpers.
Indeed cPanel is just as suprised as the competition, so we have to wait and see.
Personally as long as we're on Alma 9 and not on 10, we just will keep using CSF, but we already have disabled the auto update option in case the domain will get cancelled before it expires in 2027.
0 -
We have used their software for over 15 years and lost count of the times its saved us from serious problems, we have come to rely on it. Lets hope someone can take over the scripts/business.
0 -
I can't imagine that Jonathan would just give up the goods and grant permissions to others to use it. Nor should I think he should. I do hope he would entertain selling the whole ball of wax to a company, and that some company would step up and make an offer. Of course I wouldn't want a certain company to buy it because CSF would likely then be $50/mo instead of free and the current paid offerings would likely be increased 10-fold and increased 10% per year.
Jonathan should have been selling CSF all along rather than providing it for free, as I'm sure it is the most installed offering of The Way of the Web and I'm sure that would have helped their bottom line over the years. The pricing on the offerings that did cost money was extremely reasonable and prices could have been increased on them as well.
I wish the MIchaelsons the best going forward. Both Jonathan and Sarah did a great job serving us all.
1 -
They're considering making csf open source - https://blog.configserver.com/?p=4149
2 -
Update: it sounds like they are working toward making the free scripts available under GPLv3 by the deadline, but they are not going to do anything with the paid services.
1 -
Yes, and that's a big deal. MSFE is one of the most critically important tools for me, and I can't think of a way to replace it. CXS is also very important. I'm sure I'm by far not the only one.
We certainly can't fault anyone for making their exit from the business after over two decades of providing us with incredible software / services, and I'm happy for them if they're happy for this retirement. But damn... this is a major bummer. And bit scary.
1 -
Sad and surprising news. Hoping they do move CSF to GPLv3 license.
0 -
I am also going to post a thread on some other related forums to alert others about this. Please do the same if you can assuming there is not already a topic there. As we have learned with other similar changes in this industry, not everyone gets notice when they should, admins need time to prepare for changes.
Best of luck to everyone at configserver, you have provided many years of wonderful tools.
PS I never realized this would be part of the fallout from losing Ozzy (RIP) and Hulk Hogan (RIP) Just trying to be funny at a time of stress. :)
-1 -
Someone needs to ask them if they would consider selling the company rather than just close it down outright. cPanel here is your chance to add something native which is awesome addition. Buy it if they will sell it :)
3 -
REDACTED
-2 -
I understand this might be a well-intentioned effort to keep things going, and on the surface, that's appreciated. But you have to see the problems here.
Creating a standalone site so soon, especially one offering script downloads, suggests a level of authority or endorsement that isn't there. The files you're hosting aren't verifiable, and without any involvement from the original developers, users have no way to know if they're safe or accurate.
Even more concerning, you've copied wording from the original site, including lines like "the latest SHA256 checksums of all our products can be downloaded here." That kind of language gives a false impression of security and legitimacy, creating real risk as users could easily assume the files are verified and endorsed, which they are not.
Right now, when many users are stressed and uncertain, an unofficial site like this only adds to the confusion. What the community needs is clarity, not more noise. If ConfigServer releases the project as open source, the right way to contribute will be through the official GitHub repository. Until then, this feels premature and misleading.
5 -
thanks for your reply. I've emailed them asking for permission(waiting for their approval), once their github is up, the links will be changed to their official github repository and this place will be used to discuss efforst to make CSF better and also try to contibute more to them.
0 -
Eddie Cheng I see you only joined this forum yesterday! If you don't mind me asking, how long have you been in the hosting business?
2 -
Just a quick update here, from what i have gathered several companies have reached out and offered to puchase configserver business but they declined, no reason given.
0 -
Could very well be that CSF was always free and they don't want that others make money from their work or that they want to keep it free. Which is probably also why they are making the effort to make it available via GPL3 license via github.
0 -
rhm.geerts yes true but the decision to close business effects more than just csf/lfd, or other free scripts. It also effects paid scripts and everything in their portfolio, and those customers are going to have to find something else now if someone else cant buy the company and continue those paid services.
cPRex Please let us know what we need to do as an alternate for those of us on almalinux, i have heard there are several alternatives, some with UI's but mostly not and are command line only. And they seem to be for other OS other than almalinux. I also understand that using something else on almalinux means we will have to disable the default firewall.
For those of us on almalinux, will cPanel have some kind of guide we can follow to move to something else other than csf/lfd?
0 -
You don't need to move to something else, unless you are switching to Almalinux 10.
On Almalinux 9 it will keep working, also after the closing date.0 -
chris matthews I'm in hosting business since 2006. Most of my servers are directadmin / enhance control panel. Only few cpanel license. We rely heavily on CSF on all our Directadmin servers but I'm sad and guilty that they are providing for us Free, protecting our servers without getting much and resulted in closure of their business.
I took the initiative to create the community so that we can gather talented scripts creator to help contribute once it is GPL or hosting companies like mine to work on some solutions together.
1 -
IN GENERAL, we don't allow links to third-party or personal sites on the Forum, and we can't start breaking that rule now. If your link is to public docs that's one thing, but if your link is to a personal page with downloads available we typically don't allow those to be shared on the cPanel Forums.
0 -
I just heard this today, we have been with them since their original scripts for free email services in our servers, for over 20+ years we have relied on their scripts and have never been looking for anything else, I am eager to hear which other products may we replace their scripts in all our servers (mailscanner, osm, exploit scanner, mail manage, mail queue, CSF, explorer), we have all their paid products and they work incredible well, any suggestions will be appreciated, I am very sad this happened and I only have to say to Jonathan and Sarah a big thank you for always been there and for always keeping good reasonable prices in the products, new installs and reinstalls.
0 -
I just wanted to jump in here again to say that I don't have any updates to share. We're looking into various options, but I don't have anything official just yet.
0 -
For me, my main concern is MSFE. I can't find another antispam plugin with the same functionallity. Any alternatives?
1 -
I would recommend cPanel (the company) seriously consider adopting the project (or even purchasing it). It's the only reasonable way for CSF to continue on, as probably the best IPtables frontend.
If it's switched as open source, even better, so more eyeballs can fix/improve things.
1 -
Wow - I'm 3 weeks late to the party and boy I'm disappointed to hear this news. I love CSF and would gladly pay for it - what an incredible tool.
I can't understand why a company like Way To Web would shut it all down outright like that without first trying to sell it - they must have a reasonable customer base to be able to sell the company for a few hundy K. Or maybe it's a cleaver sales tactic! Hmmm interesting strategy.
All the best to the creators of it - so long. I look forward to seeing what alternatives might become available, or if indeed the CSF can be open source, that would be cool too.
If cPanel or WebPros or whoever could buy it and keep it running, that would be incredible but not holding my breath on that, as I don't really think it's in their interest.
0 -
I just came back from vacation and heard the news, this is problematic to say the least. 30 days notice is much to short especially for the commercial software products especially during summer holiday season. While I am grateful for the software as it was integral to our security setup I am not grateful for puting us customers in such a position on short notice.
And while it sounds great on paper that it is getting possibly released under GPLv3 no business can just wait for that to happen it is a high risk that it won't be picked up or in time if it does and a security suite that does not receive updates is a risk in its own and with no way to feed it other signature sources in less than a day from shutdown this thing will become a major target for cybercriminals to target as attack vector.
Our company atleast thus will have to jump to Immunify 360 for now which with regards to false positives numbers I am really not a fan of. But for such a short notice testing any other product than one that we already have experience with is not realistic, let alone getting administrators trained on its use.And I thought we had a tightrope walking when RedHat suddently announced CentOS downstream to upstream revision with a year deadline. Now that seems like we had a eternity to resolve that situation and even that was perceived as on short notice by almost anyone.
Webpros thank you for the additional alert and like said by others I would also recommend getting maintainer status for CSF the other software is a bonus but CSF has the largest user total and security impact by far.
-1
Post is closed for comments.
Comments
258 comments