ConfigServer closing down and now what?
Pinned
I just got the announcement in my news feed - https://configserver.com/announcement/
As a user / customer of ConfigServer, purchasing all of their commercial scripts & installation services since 2005 and being very reliant on their products for the past 20 years, I'm pretty floored right now.
Chirpy is the guy who made it possible for me to have a better, more efficient way, of securing my servers / sites / email functions etc.. for my small shared hosting business two decades ago. I've been so grateful for him (and Sarah) all these years... they've been there for me with each new server setup / migration, and I can honestly say I'm truly taken aback while trying to process this news, and truly nervous about what comes next.
Jonathan and Sarah - if you happen to read this - THANK YOU for everything! I would email you a direct thank you message right now, but I assume you are inundated following the announcement today.
To my fellow CSF/LFD/CMM/CMQ/CMC/OSM/MSFE/CXS reliant colleagues out there - any thoughts on what we'll need to do / where to go from here?
Trying to fathom not having the entire suite of amazing tools from ConfigServer, having to remove / replace them, etc... has my mind reeling.
-
I’m updated on v.134!
“csf: v16.09”
👍🏻
0 -
After the upgrade completed, the csf.cloudflare file was reset to its default configuration template that CSF uses by default and my custom entries were removed (below).
It was reset to this default - https://github.com/cpanel/cpanel-csf/blob/main/etc/csf.cloudflare
Within the CSF interface under Cloudflare Config, the path shows as: /etc/csf/csf.cloudflare
I re-added one of my previous entries, and it appears to be working again.
AlmaLinux v9.7.0 STANDARD kvm
cPanel Version 132.0.250 -
Me update. Me happy!
0 -
pixelweb - perfect - I've got the team doing some testing and I'll report back once I hear more.
0 -
16.10-1
2026-03-02
- Add
csf.cloudflareback to%config(noreplace)to prevent the file from being overwritten during package upgrades.
0 - Add
-
Update 16.10 :)
0 -
Mine is still on csf: v15.00 (cPanel)
Was on WHM 132.0.25, checked last update log entries and process seemed to 'end' at:
"running autorepair on cpanel_csf-install"although whm is now 132.0.26, csf is still v15.00
[2026-03-02 23:43:18 -0600] 71% complete
[2026-03-02 23:43:18 -0600] - Processing command `/usr/local/cpanel/scripts/cleanquotas`
[2026-03-02 23:43:18 -0600] - Finished command `/usr/local/cpanel/scripts/cleanquotas` in 0.054 seconds
[2026-03-02 23:43:18 -0600] - Processing command `/usr/local/cpanel/scripts/autorepair autorepair`
[2026-03-02 23:43:18 -0600] [/usr/local/cpanel/scripts/autorepair] Requesting script ... Done
[2026-03-02 23:43:18 -0600] [/usr/local/cpanel/scripts/autorepair] Auto Repair is running...Running Auto Repair routines
[2026-03-02 23:43:18 -0600] [/usr/local/cpanel/scripts/autorepair] Running autorepair on cpanel_csf_install0 -
Further to my last comment I figured out why autorepair failed to update...
Was simply that my hosting provider had placed their own link "download.name.net" in downloadservers..
So I removed that and reran autorepair and it's now v 16.10
0 -
my hosting provider had placed their own link "download.name.net" in downloadservers
That's a pretty wild thing for a web host to do. I would never think to modify a client's files in such a fashion.
0 -
Same version for me still no update
cpanel 134.0.9
csf: v14.240 -
Hello screege
cPanel will apply this configuration update only if all of the following conditions are true:
- CSF is configured to use the original ConfigServer/W2W update source.
- Your server is running CSF version between 14.00 and 15.00. (inclusive)
- The CSF AUTO_UPDATES setting is enabled.
cPanel will not apply this update if any of the following conditions are true:
- Your server is already using an alternate CSF fork or source.
- Your server is running CSF version 13.x or older, or higher than 15.00.
- The CSF AUTO_UPDATES setting is disabled.
0 -
I have all that I get the oops message almost every day I left everything with the last update from configserver and did not touch anything auto updates are in also
Regards
0 -
Sorry just got the email that it updated
0 -
Just to follow up on the Cloudflare CSF issue:
cPanel updated CSF to v16.10, but the update did overwrite the csf.cloudflare configuration file and restored it back to the default template.
Is that expected, or is this resolved starting with version 16.10 going forward?
0 -
pixelweb - moving forward it should no longer happen.
1 -
Rex,
(Thanks for this thread)
We updated. Ran 'Check server security' and these popped up:
Firewall CheckLF_SCRIPT_ALERT option checkThis option will notify you when a large amount of email is sent from a particular script on the server, helping track down spam scriptsLF_CPANEL option checkThis option helps prevent brute force attacks on your server services or overall server stabilityLF_CPANEL_ALERT option checkThis option helps prevent brute force attacks on your server services or overall server stabilityPT_ALL_USERS option checkThis option ensures that almost all Linux accounts are checked with Process Tracking, not just the cPanel onesNone of these settings exist in the firewall conf file (csf.conf).
What's the deal?
thanks.
0 -
Also, following this suggestion really screws things up as it removes Thunderbird and Outlook autodiscover and autoconfig support.
Check proxy subdomainsThis option can mask a users real IP address and hinder security. You should disable WHM > Tweak Settings > Service subdomains0 -
Also, following this suggestion really screws things up as it removes Thunderbird and Outlook autodiscover and autoconfig support.
And has nothing whatsoever to do with this thread's topic.
0 -
If we could keep this thread related to the core CSF updates and start new threads for individual issues that would be great. Remember that we're pinging 100+ users now with replies to this mega thread.
0 -
cPRex I understand that cPanel maintains change logs online, but please also maintain /etc/csf/changelog.txt or publish a note in this file linking to your change logs.
0 -
TCH - good call! I'll bring that up with the team!
1 -
Since the upgrade, the firewall blocks access to accounts on the server with their own IP addresses, when connected with SSH to the server's primary IP address. I noticed this when trying to use wget to retrieve a web page. It works if I temporarily disable CSF, but I don't know which aspect of its settings is causing this. Any suggestions?
0 -
I was upgraded and can easily ssh into my server. But I ssh in as a user then once onboard, change to root - i.e., I can't ssh in as root. Don't know if that would help.
0 -
Flyer - I'm not sure I follow what you're saying for that situation. A non-root user is logged into SSH and then wget doesn't work and that is somehow linked to CSF? Do you see anything in the CSF logs that would help explain this behavior?
0 -
I assumed it was related to CSF as it controls the firewall and the problem arose after the update.
I have a script which runs every 5 minutes which uses wget to determine how long it takes to load the home page of our forum, and it was always timing out. (The reason for having this is that the forum is frequently under DDOS or AI training attacks which drain gigabytes from its 100 MB contents, so it is automatically disabled when an attack is detected.) Anyway, as I said in my previous post, it worked while CSF was disabled. What I have just realised is that it continues to work after CSF was re-enabled. Inexplicable, but my problem has gone away so sorry to have bothered you.
0 -
Glad to hear things are working well now!
0 -
Rex -
None of these settings exist in the firewall conf file (csf.conf).
What's the deal?
If we could keep this thread related to the core CSF updates and start new threads for individual issues that would be great. Remember that we're pinging 100+ users now with replies to this mega thread.
I thought that pointing out issues with cpanel-csf - such as requiring non-existent settings - would be something of interest. Should I start another thread?
thanks!
0 -
These are indeed parts of the CSF "Check Server Security" option, and they are real settings that should not be missing. However, you can see the same warnings and reccomendations in both the original and cPanel versions of CSF if they are not enabled. Since the current changes were minimal, the odds that your config file is missing these options are very low.
I would recommend starting a new thread or ticket so someone from cPanel can review your server and the specific CSF configuration.
0
Post is closed for comments.
Comments
258 comments