ConfigServer closing down and now what?
Pinned
I just got the announcement in my news feed - https://configserver.com/announcement/
As a user / customer of ConfigServer, purchasing all of their commercial scripts & installation services since 2005 and being very reliant on their products for the past 20 years, I'm pretty floored right now.
Chirpy is the guy who made it possible for me to have a better, more efficient way, of securing my servers / sites / email functions etc.. for my small shared hosting business two decades ago. I've been so grateful for him (and Sarah) all these years... they've been there for me with each new server setup / migration, and I can honestly say I'm truly taken aback while trying to process this news, and truly nervous about what comes next.
Jonathan and Sarah - if you happen to read this - THANK YOU for everything! I would email you a direct thank you message right now, but I assume you are inundated following the announcement today.
To my fellow CSF/LFD/CMM/CMQ/CMC/OSM/MSFE/CXS reliant colleagues out there - any thoughts on what we'll need to do / where to go from here?
Trying to fathom not having the entire suite of amazing tools from ConfigServer, having to remove / replace them, etc... has my mind reeling.
-
TCH
However, you can see the same warnings and reccomendations in both the original and cPanel versions of CSF if they are not enabled
Great! Send a screenshot showing exactly where those settings are, because the UI and grepping through the directory isn't finding them.
0 -
TCH - it seems like we're just going to remove that file since we have the public change logs both on the cPanel site and on the github at https://github.com/cpanel/cpanel-csf/blob/main/SPECS/cpanel-csf.spec
1 -
Another look shows:
# ls -l csf.conf*
-rw------- 1 root root 112251 Mar 2 23:38 csf.conf
-rw------- 1 root root 118213 Jan 15 2025 csf.conf.orig
-rw-r--r-- 1 root root 113018 Mar 2 14:22 csf.conf.rpmnewcsf.conf is the active file - none of the identified missing firewall settings are found
csf.conf.orig is the backup of the distro file that we created after install and prior to our conf changes. All of the missing settings were found.
csf.conf.rpmnew showed up when the update started; it includes all of the missing settings.
Somehow, during the update, the csf.conf file didn't get properly converted. This is on all of our servers running cpanel-csf.
0 -
Ah! too many csf.conf on our servers, some have the missing settings, some don't.
/etc/csf/csf.conf
/opt/csf/csf.conf
/opt/csf/cpanel/csf.conf
/etc/csf.backup/csf.conf
/usr/src/csf/csf.conf
/usr/src/csf/cpanel/csf.conf0 -
chris matthews - I would bet that most of those created manually at some point.
0 -
Possibly, however there are firewall settings missing. And along with the dovecot 2.4 update messing up the pop3/smtp blocks no longer occurring, suggest the cpanel/csf version was released a little too early eh? :(
Maybe treat this as a cpanel csf beta !
0 -
Nah, I wouldn't say that. Dovecot made so many changes this year that everyone is going to be catching edge cases for years to come, not just cPanel.
0 -
I’m a lame duck here and am not seeing the csf update, currently at v14.24. I’m running AlmaLinux v9.7.0 and WHM 134.0.10.
CSF AUTO_UPDATES setting is enabled. CSF is configured to use the original ConfigServer/W2W update source: URLGET = "2" URLPROXY = ""
Checking the source csf -u results in “Oops: Unable to download: Can't connect to download.configserver.com:443 (Name or service not known)”I’ve manually ran the ‘Upgrade to Latest Version’ three times now, twice yesterday and once today – No Joy.
0 -
Dezdan - it would seem for some reason your system wasn't eligible for the autofixer that changed the update path.
You could either:
-remove CSF and reinstall it with the cPanel version
or
-create a ticket so this can be investigated on your system0 -
cPRex—Reading Dezdan's post, it appears that they're running the upgrade from within the CSF app itself, which wouldn't work. So, to me, the real question is: Should all the 134.x systems have been upgraded by now? If not, they may just be on the slow end of the rollout.
Dezdan—The cPanel version is installed and updated via the usual cPanel upcp script, not via the old W2W mechanism. It's possible your system is just not seeing the update because the rollout is being staggered.
0 -
The rollout was done in a few days so any eligible server would have it by now if they have auto updates enabled.
0 -
-remove CSF and reinstall it with the cPanel version
cPRex If I do this, will my conf and deny file remain the same. Same with the ips in my temporary IP entries? I'm attempting to submit a ticket, but my host who I purchase my license through is refusing, since my VPS is unmanaged and they want me to move to a $managed tier$.
cPRex—Reading Dezdan's post, it appears that they're running the upgrade from within the CSF app itself, which wouldn't work. So, to me, the real question is: Should all the 134.x systems have been upgraded by now? If not, they may just be on the slow end of the rollout.
Dezdan—The cPanel version is installed and updated via the usual cPanel upcp script, not via the old W2W mechanism. It's possible your system is just not seeing the update because the rollout is being staggered.
Trane Francks Thanks for the advice, but I was updating the outside of CSF via /usr/local/cpanel/scripts/upcp The example csf -u I gave was to show that CSF is configured to use the original ConfigServer/W2W source, one of the eligibility requirements.
0 -
Dezdan - no, that is the one problem with this work - all your settings would get reset.
0 -
Unfortunately, my host refused to submit a cPanel ticket on my behalf without me moving my hosting plan to a managed VPS.
Would it be possible for me to just add the forked package URL as a proxy via csf.conf?
0 -
If you purchased a cPanel license from this provider they are required to provide you basic support for that license. If that isn't happening, please send a message to cs@cpanel.net.
Simply updating the configuration file won't work as there are other changes that happened as part of this release. If you can message our Customer Service team, mention my name in there and I'll see what I can do.
0 -
Other than CSF... I used the paid Mailscanner FE to control spam. I'm still using it on 2 servers, but I can't buy it for new servers and, If I had to change a server's IP, I can't renew Mailscanner FE.
Any alternative to this? Any other anti-spam solution (other than spamassassin) that works and is not TOO expensive?
Thanks!
0 -
I think the "now what" portion of this thread has been thoroughly answered with our maintenance of the CSF tool starting a few weeks ago. I'm going to lock this thread and future questions can have their own separate thread for greater visibility.
1
Post is closed for comments.
Comments
258 comments