ConfigServer shutting down as of 31st of August 2025

[gkanks]

It looks like ConfigServer is shutting everything down so was wondering since lfd/csf are pre-installed in a new DA instance (and highly useful) if the DA team has considered what to do about this?

The announcement is here and it looks like it is just a straight "we're done" situation:

Announcement – ConfigServer Services

configserver.com

Announcement

Way to the Web Ltd and Configserver.com will be closing down permanently on 31 August 2025. The server software market has changed drastically in the more than 25 years since our company began, and we now find the business is no longer profitable so must come to an end.

This closure affects all of our commercial software including ConfigServer Exploit Scanner (cxs), MailScanner Front-End (MSFE), and Outgoing Spam Monitor (osm). It also affects our free software including ConfigServer Security and Firewall (csf), ConfigServer Mail Queues (cmq), ConfigServer Mail Manage (cmm), ConfigServer Modsecurity Control (cmc), and ConfigServer Explorer (cse).

After 31st August, there will be no further support, downloads, or license IP changes available.

In order to continue using any of our commercial software after the 31st of August, you must update the software to the latest version. If not updated, any of our commercial software products will cease to function and cannot be reactivated once the download and license servers are shut down.

 

[zEitEr]

Hello,

What a turn. So the question is what to use after the date? Asked in the following thread, but there is no real alternative offered:

- https://forum.directadmin.com/threads/alternative-to-csf.70781/

Actually Brute-Force monitor is rather good and can replace CSF in some way, and it might get a kick for a further development after CSF/LFD shutdown. But directadmin does not have anything that could replace LFD.

 

[gkanks]

For the more technical among us UFW & Fail2ban might do the trick but the administration would sit outside of DA unless someone was interested in putting together a WebUI integrated into DA.

 

[gkanks]

For now it appears that those of us with it already installed can continue to use it but the announcement seems to indicate new installs will not be an option (since it is a free app as an archive I guess I did not know it did any activation steps after being installed).

Will your free scripts continue to work after the 31st of August?​

Yes, ConfigServer Mail Manage (csm), CS Mail Queues (cmq), CS Modsecurity Control (cmc), CS Explorer (cse) and ConfigServer Security & Firewall (csf) will continue to work. They will no longer be updated, however, and will not be available for download or install.

 

[zEitEr]

Yes, we can still use it on existing servers and even install it on new servers (but not AlmaLinux 10), just make sure you have csf.tgz in your own repository.

Unfortunately their license states:

3.    SCOPE OF LICENCE

    3.1    You shall not:

        3.1.1    modify, adapt, merge, translate, decompile,
        disassemble, or reverse engineer the Product, except as
        permitted by law; or

        3.1.2    sell, assign, rent, sub-license, loan, mortgage,
        charge or otherwise deal in any way in the Product or
        Documentation or any interest in them except as expressly
        provided in this Licence.

and if I get it right we are not allowed to further develop the project. Kindly correct me if I'm wrong.

 

[Richard G]

but not AlmaLinux 10

Probably that is the reason they stopped. Could well be they didn't want to program or develop anymore so things would work on RHEL10.
As long as we have CSF and CMQ available ourselves for download like you stated, we don't need an alternative.
It wasn't updated anyway for some time already and it still works very good.

and if I get it right we are not allowed to further develop the project.

Well... officially not. But maybe if somebody who can develop, contact them before closing date, it might be possible that it will be allowed to develop the free versions further. There is always a chance since they totally stop with everything.

 

[gkanks]

Their FAQ seems to indicate that the files won't be available to download from them after 8/31. The license is not 100% clear on if it can be stored and distributed from another source so I wonder if new DA instances will be able to install it.

From the FAQ:

Can I reinstall the software after 31 August?​

No, you will no longer be able to download the software to install it.

 

[zEitEr]

No, you will no longer be able to download the software to install it.

They do not forbit to have a copy on your own disk for your own needs. Yes, Directadmin will probably remove csf option from custombuild and will stop installing it, unless CSF/LFD developers will allow to re-distribute it after the closure.

 

[Richard G]

so I wonder if new DA instances will be able to install it.

Yes, like @zEitEr and I said, we can download the software locally and then install it from there, as can Directadmin do.
Question is however if DA will do that. It might be they will look for another solution because CSF won't work in RHEL10 and probably other newer OS from others, so then it can't be installed anyway.

Paid software from them can not be installed anymore as the license server will not be enabled anymore. The firewall itself is free so as long as you have the archive yourself, it should be no issue to install that after august 31th. But as said.... not on Alma 10 to begin with.

 

[Richard G]

A collision with Alex, wrote on same moment.

 

[gkanks]

They do not forbit to have a copy on your own disk for your own needs. Yes, Directadmin will probably remove csf option from custombuild and will stop installing it, unless CSF/LFD developers will allow to re-distribute it after the closure.

Yeah, that just is stinky for new users of the platform who won't know what they are missing.

 

[zEitEr]

Important notice. I see their domain is paid until 2027-01-18. And as soon as they CONFIGSERVER close the site, we all are at a risky position. If somebody highjacks the domain now or after 2027-01-18 the servers running CSF/LFD can be chrooted and/or backdoored. So I believe we will need to replace CSF/LFD in the nearest future,

   Domain Name: CONFIGSERVER.COM
   Registry Domain ID: 139905137_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.joker.com
   Registrar URL: http://www.joker.com
   Updated Date: 2023-12-18T09:01:47Z
   Creation Date: 2005-01-18T10:28:25Z
   Registry Expiry Date: 2027-01-18T10:28:25Z

In order to reduce possible impacts, the file /etc/csf/downloadservers will need to be updated after the date. By default the file /etc/csf/downloadservers contains two lines:

download.configserver.com
download2.configserver.com

which should be replaced by your own domain. Do not empty the file. Specify a real domain there that you trust. The domain should start from download., i.e. download.example.com!

Expected files/directory structure of your own repository:

public_html/csf
public_html/csf/version.txt
public_html/csf/csf.tgz

If you don't use a donwload sub-domain, it won't work, as the software filters domain names in the file:

###############################################################################
## start getdownloadserver
sub getdownloadserver {
        my @servers;
        my $downloadservers = "/etc/csf/downloadservers";
        my $chosen;
        if (-e $downloadservers) {
##              open (my $DOWNLOAD, "<", $downloadservers);
##              flock ($DOWNLOAD, LOCK_SH);
##              my @data = <$DOWNLOAD>;
##              close ($DOWNLOAD);
##              chomp @data;
##              foreach my $line (@data) {
##                      if ($line =~ /^download/) {push @servers, $line}
##              }
                foreach my $line (slurp($downloadservers)) {
                        $line =~ s/$cleanreg//g;
                        if ($line =~ /^download/) {push @servers, $line}
                }
                $chosen = $servers[rand @servers];
        }
        if ($chosen eq "") {$chosen = "download.configserver.com"}
        return $chosen;
}
## end getdownloadserver
###############################################################################

 

[Ohm J]

It should be fine if you not enable automatics update from csf firewall.
you can disable from UI or direct remove from the cronjob "/etc/cron.d/csf_update".

 

[gkanks]

Do we need to open a ticket somewhere to get it into the DA dev team's pipeline for consideration?

 

[Rolf B]

Damn, I had already sensed it: there have been no updates and no support in the forum for months.

 

[Richard G]

you can disable from UI or direct remove from the cronjob "/etc/cron.d/csf_update".

It's not "or" if you remove it from /etc/cron.d then a restart of CSF can re-create it again.

The option has either to be disabled via GUI, or otherwise set option AUTO_UPDATES = "0" in /etc/csf/csf.conf manually via SSH and restart csf/lfd and then the cron will be automatically removed and will not come back on a restart.

 

[itcms]

Hi,

The key point here is: "The server software market has changed drastically."
We all know this is true.

Personally, I haven’t come across any other solution—paid or free—that offers the same level of functionality do you have ?

 

[itcms]

Keep in mind that most current solutions are still based on iptables.
However, on modern systems, iptables should be replaced by nftables.
For a solution to be truly robust and future-proof, it must be built on nftables .

 

[Richard G]

that offers the same level of functionality do you have

Well in fact yes, but I don't know if they are still to be found somewhere or if they too stopped. I think they stopped too.
That was APF/BFD which had around the same functionallity but CSF was a bit better.
And then there is/was Fail2ban, but that had a lot less functionality.

There was also another one, but I don't remember the name anymore, I thought that one was paid.

 

[Ohm J]

For anyone to want to hosted their own "private" repo to use in your business.
Do not "public" repo to other with your site domain.

GitHub - Aetherinox/csf-firewall: ConfigServer Firewall (CSF) - new dark theme, setup guides, Docker and OpenVPN support. Constantly updated IP Blocklists (for any firewall, host file). Includes Traefik integration with Authentik and ip whitelisting

ConfigServer Firewall (CSF) - new dark theme, setup guides, Docker and OpenVPN support. Constantly updated IP Blocklists (for any firewall, host file). Includes Traefik integration with Authentik a...

github.com

./src/web/

Will contents required files.

if you not trusted this repo, just direct download from the official site.

p.s. it separate the files version and binary to sub directory, but it still using base URL as "/"