Warning: do not upgrade - your firewall will be deleted

Kindly, my first warning was deleted because I allowed myself to criticize.

I strongly warn everyone not to upgrade their existing installation at this time.

The Cyberpanel team has decided to uninstall the CSF firewall with the upgrade and prevent a new installation, furthermore the normal firewall is deactivated and can no longer be activated

The result is catastrophic if you have a server in production: You will have no firewall at all after the upgrade!

I repeat it again: It is MAXIMUM UNPROFESSIONAL to roll out an upgrade in which all security measures (such as firewall) are CONSCIOUSLY and KNOWINGLY uninstalled. This is more than gross negligence. It is deliberate.

I only found out about it because my server was hacked.

I am really really angry!

If you are running Ubuntu use UFW. Simple. Not sure why some people are panicking!

Yes, CSF was convenient, but it seems that they stopped developing it. Until brother Usman find an alternative UFW will suffice for now,

Well I’m panicking because my entire CSF installation was simply DELETED by the Cyberpanel upgrade without warning. There was a lot of custom configuration in there. And yes, as you say: CSF should continue to run on Ubuntu 20.04LTS.

That’s why I’m angry that the Cyberpanel upgrade simply deleted my CSF.

And as you can read in the forum: The problem was only noticed after it occurred with users. So the upgrade was not tested sufficiently. Can happen - of course.

But why isn’t the rollout of this upgrade stopped? Instead, another upgrade is pushed behind it that simply uninstalls the CSF completely - even in functioning systems like mine ???

I’m sorry for what happened to you. CyberPanel is run by just one guy, and sometimes he has to make big changes fast, like ditching CSF since it’s not updated anymore. You’re right though - he should’ve given everyone a heads up.

As a sysadmin, it’s always good to be ready for surprises. Try not to depend too much on control panels for your security needs.

Thanks for your advice. UFW now is up and running.

This time I took a snapshot beforehand and tried to install csf on my Ubuntu 20.04. And to get the old config files from a file backup. That also worked wonderfully. CSF is running. All LiteSpeed websites are also delivered without any problems. There is only one problem with Cyberpanel. It is no longer accessible on 8090 with the known error. I then attached it to port 8443 via bind. First I get the certificate warning and then the known error.

For me, this indicates that neither OpenLiteSpeed nor CSF are or have the real problem. Something is not working with Cyberpanel…

How sure is it that CSF is really to blame?

CSF is not the problem,
i run it on rockylinux wiht a nginx + varnish + apache proxy and i am also got a shoutcast running on it

if CSF was the problem then i would have a lot of problems as i use cpanel ports to redirect to the correct ports (also proxy, and a few proxy’s to make ngix/apache/varnish to work )

so no idea why CSF need to take a blame;

and for the update support, csf got its own update , it does not depend on a control panel but it is nice to have a web interface, but you can also install it from scratch with there own web panel interface , so that is no reason to just dump it because it “breaks” stuff

if the core aspect of a safety function breaks … then you are doing stuff wrong
it is like disabling your virus scanner because the bogus file you downloaded refuse to start , if it was a trusted source i “could” accept it, but no way that a public domain is a trusted source to begin with.

Here is a solution that allows your to rollback the upgrade: CSF Installation Disabled After CyberPanel Update: Firewall Settings Hidden and Installation Errors - #31 by richardevcom

@pryce - Joabe Arruda, your input is required

Hello, everyone.

It seems I was tagged here by @Mick, thank you.

There has been a significant movement in the community regarding the possibility of CSF not being linked in the latest Cyberpanel update.

First, I want to make it clear that I have not tested this yet and am not aware of the modifications.

However, I must say there is no need to panic, as there are numerous ways to keep your server secure and protected with firewalls.

It’s important to keep in mind that you don’t necessarily need Cyberpanel to configure a firewall; you can use various options regardless of the WebPanel you use.

In fact, I don’t even recommend using pre-configured control panel solutions. Perhaps that’s why @usmannasir disabled this feature.

The best configuration for a minimally decent firewall should be done at the server or cluster layer.

This week, I will try to find some time to analyze this and see how I can help.

Until then, I strongly suggest looking for cloud hosting or cloud server services that have integrated security configurations at the server layer, such as Hetzner, DigitalOcean, OVH, Google Cloud, etc.

My considerations:

1. If the goal is security, you’re already starting off on the wrong foot by using something like VPS from providers that don’t even offer security at the server layer.

2. Moreover, if you have a web hosting configuration on Cyberpanel and use it in production, NEVER, EVER update your configuration without testing the modifications and new features on a secondary test instance or even locally on a Linux server.

Think about it!

I agree. In lieu of CSF, I have resorted to tweaking my installed firewalld firewall settings and also manually installing fail2ban to provide added protection against automated brute force attacks. If CSF capabilities don’t return, I won’t lose any sleep.

Current environment:
Cyberpanel 2.3.7
Ubuntu 22.04

Note: With the above setup, manually installing CSF caused a 500 internal server error when attempting to access the admin panel for me, but everything else worked. I rolled back the install.

For those interested in installing fail2ban, the following articles might be of interest:

1. Securing Webservers - FirewallD and fail2ban | Mike Polinowski
2. How To Protect SSH with Fail2Ban on Ubuntu 22.04 | DigitalOcean