ConfigServer shutting down as of 31st of August 2025

zEitEr said:
BE AWARE! download.configserver.com has address 94.130.90.175. The IP is already taken and another website is hosted on the IP. SSL/TLS certificate is of course invalid, but they might place a download file there.
Click to expand...
Just found a few more IPs, to delete from csf.allow:

94.130.90.175 # download.configserver.com
54.36.165.115 # download2.configserver.com
66.165.246.166 # license.configserver.com
2604:4500:9:156::6 # ipv6.license.configserver.com
 
johannes said:
Just found a few more IPs, to delete from csf.allow:
Click to expand...

Good catch. If the ips are whitelisted unconditionally, then they should of course be removed from csf.allow.

My alert is about the domains which still resolve and might contain infected software available for download. I would expect them to stop resolving of their download domains.
 
johannes said:
Just found a few more IPs, to delete from csf.allow:

94.130.90.175 # download.configserver.com
54.36.165.115 # download2.configserver.com
66.165.246.166 # license.configserver.com
2604:4500:9:156::6 # ipv6.license.configserver.com
Click to expand...
I've never seen those IP addresses in csf.allow before, i've only got my personal IPv4 & 6 listed and the softaculous server IPs. I will however pop those IPs in my csf.deny file though, cheers 😁
 
Big oof! Just found this out now (as I wanted to post a message here with some questions). I did not really noticed this before and I was still on the old version. Made sure to 127.0.0.1 the download urls and just updated DA to the latest version so it should get a non-scary version of CSF.

In the DA release notes I only see that csf is updated to v15 but nowhere what is changed in that regard. Does anyone know?
 

Attachments

  • csf v15 quick ref.jpg
    csf v15 quick ref.jpg
    36.7 KB · Views: 8
Mattie said:
Big oof! Just found this out now (as I wanted to post a message here with some questions). I did not really noticed this before and I was still on the old version. Made sure to 127.0.0.1 the download urls and just updated DA to the latest version so it should get a non-scary version of CSF.

In the DA release notes I only see that csf is updated to v15 but nowhere what is changed in that regard. Does anyone know?
Click to expand...
Not sure what you're asking here, but if it's about version 15.00 , that's the base version number way to the web gave CSF when they released it into the public domain with GitHub and a GPLv3 licence so anyone can update it, change it or fork it. Not sure yet, but wouldn't be surprised if DA have their own copy of it to develop and will integrate it further into DA. At least this way, it can be fully customised by anyone and the source code is available to keep an eye on security holes.
 
DrWizzle said:
Not sure what you're asking here, but if it's about version 15.00 , that's the base version number way to the web gave CSF when they released it into the public domain with GitHub and a GPLv3 licence so anyone can update it, change it or fork it. Not sure yet, but wouldn't be surprised if DA have their own copy of it to develop and will integrate it further into DA. At least this way, it can be fully customised by anyone and the source code is available to keep an eye on security holes.
Click to expand...

Ah thanks! I thought v15 was already an updated version provided by DA. So I should still turn off de auto update in any case. Thanks!
 
Mattie said:
Ah thanks! I thought v15 was already an updated version provided by DA. So I should still turn off de auto update in any case. Thanks!
Click to expand...
Yes, turn off the auto update. Safest way I would suggest is install it via custombuild as DA have looked at it and have made v15 safe for users, and turned off the auto update feature. Also, and more importantly as another member said yesterday, the download servers IP addresses that belonged to CSF now resolve to other servers so 100% not safe at moment and way to the web obviously haven't removed the records from their DNS.
 
You must log in or register to reply here.
Back
Top