ConfigServer shutting down as of 31st of August 2025

johannes · 2025-09-15T01:05:33-0600

zEitEr said:
BE AWARE! download.configserver.com has address 94.130.90.175. The IP is already taken and another website is hosted on the IP. SSL/TLS certificate is of course invalid, but they might place a download file there.

Just found a few more IPs, to delete from csf.allow:

94.130.90.175 # download.configserver.com
54.36.165.115 # download2.configserver.com
66.165.246.166 # license.configserver.com
2604:4500:9:156::6 # ipv6.license.configserver.com

zEitEr · 2025-09-15T02:32:09-0600

johannes said:
Just found a few more IPs, to delete from csf.allow:

Good catch. If the ips are whitelisted unconditionally, then they should of course be removed from csf.allow.

My alert is about the domains which still resolve and might contain infected software available for download. I would expect them to stop resolving of their download domains.

DrWizzle · 2025-09-15T05:53:02-0600

johannes said:
Just found a few more IPs, to delete from csf.allow:

94.130.90.175 # download.configserver.com
54.36.165.115 # download2.configserver.com
66.165.246.166 # license.configserver.com
2604:4500:9:156::6 # ipv6.license.configserver.com

I've never seen those IP addresses in csf.allow before, i've only got my personal IPv4 & 6 listed and the softaculous server IPs. I will however pop those IPs in my csf.deny file though, cheers

zEitEr · 2025-09-15T05:54:13-0600

DrWizzle said:
I've never seen those IP addresses in csf.allow before

it might mean you've never filtered traffic by country ISO codes)

ConfigServer shutting down as of 31st of August 2025

johannes

Verified User

zEitEr

Super Moderator

DrWizzle

Verified User

zEitEr

Super Moderator