The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

blocked for port scanning While using FTP to send files

Discussion in 'General Discussion' started by williamkevenis, Jan 5, 2012.

  1. williamkevenis

    williamkevenis Registered

    Joined:
    Jan 5, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    My clientsarewhensendingfiles to theFTPis being blocked byportscan..
    see below

    Code:
     lfd on srv.hostalagoas.com.br: 187.65.106.56 (BR/Brazil/bb416a38.virtua.com.br) blocked for port scanningTime:    Thu Jan  5 19:03:09 2012 -0200
    IP:      187.65.106.56 (BR/Brazil/bb416a38.virtua.com.br)
    Hits:    6
    Blocked: Temporary Block
    
    Sample of block hits:
    Jan  5 19:02:30 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7134 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
    Jan  5 19:02:33 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7169 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
    Jan  5 19:02:39 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7287 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
    Jan  5 19:02:55 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7696 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
    Jan  5 19:02:57 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7727 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
    Jan  5 19:03:04 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7810 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
    
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You could whitelist your IP in WHM > Plugins > ConfigServer Security & Firewall area so that LFD, their product, doesn't keep blocking you.

    If you would like to ask them why you are being blocked, you might post onto their product's forum:

    ConfigServer Scripts Forum
     
  3. XenomediaBV

    XenomediaBV Well-Known Member

    Joined:
    Sep 3, 2009
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    The Netherlands
    cPanel Access Level:
    Root Administrator
    Better yet... try this:

    Enable FTP Passive Mode
    (also for 11_36, but that page doesn't exist yet)

    after making the changes to the ftp config as described above add the Passive Mode port range (49152:65534) to your CSF config:

    Code:
    SECTION:IPv4 Port Settings
    # Allow incoming TCP ports
    TCP_IN = 20 ..... ,2096[B],49152:65534[/B]
    Restart FTP server and test with an FTP client.

    @cPanel: Can the FTP passive mode settings be added to the "FTP Server Configuration" screen?
     
Loading...

Share This Page