Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

ConfigServer (CSF, Mail Scanner, Exploit Scanner etc) CLOSING DOWN

13»

Comments

  • EthernetServersEthernetServers Member, Patron Provider
    edited January 19

    Received today:

    Dear Valued Partner,

    We're writing about ConfigServer Security & Firewall (CSF) and an important update to keep your servers protected.

    Way to the Web LTD (W2W / ConfigServer), the vendor behind the CSF plugin, permanently shut down on August 31, 2025, ending all support and distribution for CSF.

    Before closing, W2W released the CSF code "as-is" under the GNU General Public License v3 (GPLv3), with no plans for further maintenance or support.

    CSF remains widely deployed on cPanel & WHM servers and plays a critical role in server security. To maintain ecosystem security, cPanel will be publishing and maintaining a public fork of CSF focused solely on critical security and stability fixes.

    This fork is based on the final upstream release and will be made available in cPanel & WHM's public GitHub repository under GPLv3, consistent with the original project's license.

    What this means for you

    Currently, CSF installations that point to ConfigServer/W2W’s original update server at download.configserver.com cannot receive updates because that infrastructure is offline. This can leave servers without future security fixes and may also trigger update/cron errors during scheduled checks.

    To restore a working update path, on February 18, 2026, we'll automatically update the CSF configuration on eligible cPanel & WHM servers to point to our update mirrors instead of the decommissioned ConfigServer/W2W source.

    This configuration update applies only if all of the following are true:

    Your server is using cPanel & WHM with the original CSF plugin.

CSF is configured to use the original ConfigServer/W2W update source.

Your server is running CSF version 14.0 or newer.

The CSF AUTO_UPDATES setting is enabled.

    We will not make any changes if any of the following are true:

    Your server is already using an alternate CSF provider.

Your server is running CSF version 13.x or older.

The CSF AUTO_UPDATES setting is disabled.

    If you’re currently using CSF, it will continue to run with the same rules and configuration you already have in place. This effort is simply to ensure critical security and stability fixes from our fork can still be delivered.

    Manage updates yourself (optional)

    You're in control of how CSF updates are handled on your servers - whether you want updates to apply automatically, on your own schedule, or from a different source.

    If you do not want cPanel to update your CSF configuration on February 18, 2026, follow these steps before this date to disable automatic updates and exclude the server from the change:

    Navigate to ConfigServer Security & Firewall.

Select csf - ConfigServer Firewall.

Open Firewall Configuration.

Under Initial Settings, set AUTO_UPDATES to off.

Save your changes.

    If you disable the AUTO_UPDATES setting before February 18, the configuration change will not be applied to your server. If you later decide you’d like updates from the cPanel-maintained fork, run /scripts/autorepair cpanel_csf_install to update the source, then re-enable the AUTO_UPDATES setting.​

    Updates will be distributed through the same mechanism the original version used: servers with the AUTO_UPDATES setting enabled will receive patches automatically, and servers with the AUTO_UPDATES setting disabled can apply updates manually.

    For more details and further updates, please review our full support article: support.cpanel.net/hc/en-us/articles/37654028162071-Will-cPanel-provide-its-own-fork-of-CSF

    If you have questions, our support team is here to help.

    Best regards,

    The cPanel Team

  • WebGeeWebGee Member, Patron Provider

    @EthernetServers said:
    Received today:

    Dear Valued Partner,

    We're writing about ConfigServer Security & Firewall (CSF) and an important update to keep your servers protected.

    Way to the Web LTD (W2W / ConfigServer), the vendor behind the CSF plugin, permanently shut down on August 31, 2025, ending all support and distribution for CSF.

    Before closing, W2W released the CSF code "as-is" under the GNU General Public License v3 (GPLv3), with no plans for further maintenance or support.

    CSF remains widely deployed on cPanel & WHM servers and plays a critical role in server security. To maintain ecosystem security, cPanel will be publishing and maintaining a public fork of CSF focused solely on critical security and stability fixes.

    This fork is based on the final upstream release and will be made available in cPanel & WHM's public GitHub repository under GPLv3, consistent with the original project's license.

    What this means for you

    Currently, CSF installations that point to ConfigServer/W2W’s original update server at download.configserver.com cannot receive updates because that infrastructure is offline. This can leave servers without future security fixes and may also trigger update/cron errors during scheduled checks.

    To restore a working update path, on February 18, 2026, we'll automatically update the CSF configuration on eligible cPanel & WHM servers to point to our update mirrors instead of the decommissioned ConfigServer/W2W source.

    This configuration update applies only if all of the following are true:

    Your server is using cPanel & WHM with the original CSF plugin.

CSF is configured to use the original ConfigServer/W2W update source.

Your server is running CSF version 14.0 or newer.

The CSF AUTO_UPDATES setting is enabled.

    We will not make any changes if any of the following are true:

    Your server is already using an alternate CSF provider.

Your server is running CSF version 13.x or older.

The CSF AUTO_UPDATES setting is disabled.

    If you’re currently using CSF, it will continue to run with the same rules and configuration you already have in place. This effort is simply to ensure critical security and stability fixes from our fork can still be delivered.

    Manage updates yourself (optional)

    You're in control of how CSF updates are handled on your servers - whether you want updates to apply automatically, on your own schedule, or from a different source.

    If you do not want cPanel to update your CSF configuration on February 18, 2026, follow these steps before this date to disable automatic updates and exclude the server from the change:

    Navigate to ConfigServer Security & Firewall.

Select csf - ConfigServer Firewall.

Open Firewall Configuration.

Under Initial Settings, set AUTO_UPDATES to off.

Save your changes.

    If you disable the AUTO_UPDATES setting before February 18, the configuration change will not be applied to your server. If you later decide you’d like updates from the cPanel-maintained fork, run /scripts/autorepair cpanel_csf_install to update the source, then re-enable the AUTO_UPDATES setting.​

    Updates will be distributed through the same mechanism the original version used: servers with the AUTO_UPDATES setting enabled will receive patches automatically, and servers with the AUTO_UPDATES setting disabled can apply updates manually.

    For more details and further updates, please review our full support article: support.cpanel.net/hc/en-us/articles/37654028162071-Will-cPanel-provide-its-own-fork-of-CSF

    If you have questions, our support team is here to help.

    Best regards,

    The cPanel Team

    Yeah, we got that email from cPanel too.
    But I don’t think they will develop it and they will focus on patching only.

    Thanked by 1visualwebtechnologies
  • EthernetServersEthernetServers Member, Patron Provider

    cPanel's fork is live as of today:

    https://github.com/cpanel/cpanel-csf
    https://docs.cpanel.net/knowledge-base/third-party/how-to-install-csf/

  • vregexvregex Member

    25 years is certainly not a short time.
    In addition to hosting, continuity could be ensured with services such as software development and consulting.
    For example, we have a technology company. We try to provide services in every field. Because trade is tough and challenging, given the geography I'm in.

  • EthernetServersEthernetServers Member, Patron Provider
    edited February 27

    @EthernetServers said:
    cPanel's fork is live as of today:

    https://github.com/cpanel/cpanel-csf
    https://docs.cpanel.net/knowledge-base/third-party/how-to-install-csf/

    Changelog: https://docs.cpanel.net/changelogs/configserver-security-firewall-csf-change-log/

  • ZhenmueZhenmue Member

    Any alternative to MSFE ?
    Not magicspam please...

Sign In or Register to comment.