ConfigServer shutting down as of 31st of August 2025

Cheers for the heads up guys. I get that the web is an ever changing landscape, and change is to be expected for progress to happen, but it's such a shame when trusted brands such as ConfigServer are hanging their keys up for the last time in a month.

I'll definitely be scouring their site later today and downloading repos, files etc and storing them here as I really enjoy the simplicity of the UI and the functionality is just amazing.

Just a thought, but as CSF is integral to DA's protection protocols at the moment, when they decide to close down, won't the source code be up for grabs? Couldn't the developers at DA strike some sort of deal with ConfigServer to buy the source from them? The plus side would be the addons could provide an extra revenue stream so it wouldn't be worthless and people obviously DO find value in the products as shown in this thread.
 
Whoa ending it all in one month, sad to see it go:(

DA team has a busy upcoming month I think. First an DA patch to disable auto-update on all servers and block outgoing connections to csf?
 
We would also subscribe to the product if possible. OSM was extremely helpful and worth every cent.
It's unfortunate the service is ending so abruptly.
 
I think they've had enough already :(

1753961689692.png
 
Will you consider releasing csf (Configserver Security & Firewall) under an open-source/GPL license?
Yes, we are seriously considering releasing csf (ConfigServer Security & Firewall) under the GPLv3 license. If we do this, it will be before we close for business and the software will be made available via our GitHub repository.

So thats something(?)
 
I read that bit on their site earlier when I went on a mass download of bits. I think if they release it as GPLv3 then their legacy will remain in tact and also, I find communities sometimes produce better software than companies. Something as well respected as this in the hosting community will certainly get looked after (in my humble opinion)
Will you consider releasing csf (Configserver Security & Firewall) under an open-source/GPL license?
Yes, we are seriously considering releasing csf (ConfigServer Security & Firewall) under the GPLv3 license. If we do this, it will be before we close for business and the software will be made available via our GitHub repository.

So thats something(?)
 
I've normally only used Debian and haven't really found much problems with CSF. I am excited about the possibility of all their plugins possibly going to GitHub as well for the mail scanner and malware. It's all been designed with each other in mind so could work really well if properly maintained. And if i'm honest, i'd even be prepared to pay a nominal fee for something that just "works" without too much config, as time is money! I guess we'll all have to wait and see what happens though as there's still a month to go and anything can happen in that time. Only thing I worry about though, as @zEitEr pointed out, is who will be controlling the domain and will it get abused? Also will DA review the code and make sure thee's no backdoors
 
Important notice. I see their domain is paid until 2027-01-18. And as soon as they CONFIGSERVER close the site, we all are at a risky position. If somebody highjacks the domain now or after 2027-01-18 the servers running CSF/LFD can be chrooted and/or backdoored. So I believe we will need to replace CSF/LFD in the nearest future,

Code:
   Domain Name: CONFIGSERVER.COM
   Registry Domain ID: 139905137_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.joker.com
   Registrar URL: http://www.joker.com
   Updated Date: 2023-12-18T09:01:47Z
   Creation Date: 2005-01-18T10:28:25Z
   Registry Expiry Date: 2027-01-18T10:28:25Z

In order to reduce possible impacts, the file /etc/csf/downloadservers will need to be updated after the date. By default the file /etc/csf/downloadservers contains two lines:

Code:
download.configserver.com
download2.configserver.com

which should be replaced by your own domain. Do not empty the file. Specify a real domain there that you trust. The domain should start from download., i.e. download.example.com!

Expected files/directory structure of your own repository:

Code:
public_html/csf
public_html/csf/version.txt
public_html/csf/csf.tgz

If you don't use a donwload sub-domain, it won't work, as the software filters domain names in the file:

Perl:
###############################################################################
## start getdownloadserver
sub getdownloadserver {
        my @servers;
        my $downloadservers = "/etc/csf/downloadservers";
        my $chosen;
        if (-e $downloadservers) {
##              open (my $DOWNLOAD, "<", $downloadservers);
##              flock ($DOWNLOAD, LOCK_SH);
##              my @data = <$DOWNLOAD>;
##              close ($DOWNLOAD);
##              chomp @data;
##              foreach my $line (@data) {
##                      if ($line =~ /^download/) {push @servers, $line}
##              }
                foreach my $line (slurp($downloadservers)) {
                        $line =~ s/$cleanreg//g;
                        if ($line =~ /^download/) {push @servers, $line}
                }
                $chosen = $servers[rand @servers];
        }
        if ($chosen eq "") {$chosen = "download.configserver.com"}
        return $chosen;
}
## end getdownloadserver
###############################################################################

/etc/hosts

127.0.0. 1 download.configserver.com
127.0.0. 1 download2.configserver.com
127.0.0. 1 configserver.com

this solution fit the license requirements as you do not modify, adapt, merge, translate, decompile, disassemble, or reverse engineer the Product...
 
Well in fact yes, but I don't know if they are still to be found somewhere or if they too stopped. I think they stopped too.
That was APF/BFD which had around the same functionallity but CSF was a bit better.
And then there is/was Fail2ban, but that had a lot less functionality.

There was also another one, but I don't remember the name anymore, I thought that one was paid.

APF/BFD is GPL 2.0 available on github if someone want to contribute

 
Back
Top