blocked for port scanning While using FTP to send files

williamkevenis

Registered
Jan 5, 2012
1
0
51
cPanel Access Level
Root Administrator
My clientsarewhensendingfiles to theFTPis being blocked byportscan..
see below

Code:
 lfd on srv.hostalagoas.com.br: 187.65.106.56 (BR/Brazil/bb416a38.virtua.com.br) blocked for port scanningTime:    Thu Jan  5 19:03:09 2012 -0200
IP:      187.65.106.56 (BR/Brazil/bb416a38.virtua.com.br)
Hits:    6
Blocked: Temporary Block

Sample of block hits:
Jan  5 19:02:30 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7134 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:33 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7169 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:39 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7287 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:55 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7696 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:57 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7727 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:03:04 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7810 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
42
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
You could whitelist your IP in WHM > Plugins > ConfigServer Security & Firewall area so that LFD, their product, doesn't keep blocking you.

If you would like to ask them why you are being blocked, you might post onto their product's forum:

ConfigServer Scripts Forum
 

XenomediaBV

Well-Known Member
Sep 3, 2009
60
0
56
The Netherlands
cPanel Access Level
Root Administrator
Better yet... try this:

Enable FTP Passive Mode
(also for 11_36, but that page doesn't exist yet)

after making the changes to the ftp config as described above add the Passive Mode port range (49152:65534) to your CSF config:

Code:
SECTION:IPv4 Port Settings
# Allow incoming TCP ports
TCP_IN = 20 ..... ,2096[B],49152:65534[/B]
Restart FTP server and test with an FTP client.

@cPanel: Can the FTP passive mode settings be added to the "FTP Server Configuration" screen?