Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

blocked for port scanning While using FTP to send files

Discussion in 'General Discussion' started by williamkevenis, Jan 5, 2012.

  1. williamkevenis

    williamkevenis Registered

    Joined:
    Jan 5, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    My clientsarewhensendingfiles to theFTPis being blocked byportscan..
    see below

    Code:
     lfd on srv.hostalagoas.com.br: 187.65.106.56 (BR/Brazil/bb416a38.virtua.com.br) blocked for port scanningTime:    Thu Jan  5 19:03:09 2012 -0200
IP:      187.65.106.56 (BR/Brazil/bb416a38.virtua.com.br)
Hits:    6
Blocked: Temporary Block

Sample of block hits:
Jan  5 19:02:30 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7134 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:33 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7169 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:39 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7287 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:55 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7696 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:57 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7727 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:03:04 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7810 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
     
    #1 williamkevenis, Jan 5, 2012
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,606
    Likes Received:
    33
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You could whitelist your IP in WHM > Plugins > ConfigServer Security & Firewall area so that LFD, their product, doesn't keep blocking you.

    If you would like to ask them why you are being blocked, you might post onto their product's forum:

    ConfigServer Scripts Forum
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelTristan, Jan 5, 2012
  3. XenomediaBV

    XenomediaBV Well-Known Member

    Joined:
    Sep 3, 2009
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    The Netherlands
    cPanel Access Level:
    Root Administrator
    Better yet... try this:

    Enable FTP Passive Mode
    (also for 11_36, but that page doesn't exist yet)

    after making the changes to the ftp config as described above add the Passive Mode port range (49152:65534) to your CSF config:

    Code:
    SECTION:IPv4 Port Settings
# Allow incoming TCP ports
TCP_IN = 20 ..... ,2096[B],49152:65534[/B]
    Restart FTP server and test with an FTP client.

    @cPanel: Can the FTP passive mode settings be added to the "FTP Server Configuration" screen?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 XenomediaBV, Apr 20, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - blocked port scanning
  1. timesurfer

    Blocked port 25 is a false or real problem?

    timesurfer, May 10, 2019, in forum: E-mail Discussion
    Replies:
    5
    Views:
    654
    timesurfer
    May 11, 2019
  2. OgreMHDW

    Port 25 is blocked inbound and outbound

    OgreMHDW, Jul 4, 2017, in forum: E-mail Discussion
    Replies:
    1
    Views:
    820
    cPanelMichael
    Jul 4, 2017
  3. ccw

    How to Find the IP Blocked by the Firewall in WHM?

    ccw, Apr 20, 2019, in forum: Security
    Replies:
    5
    Views:
    367
    cPanelLauren
    Apr 22, 2019
  4. brand_land

    Access to this mail system has been blocked

    brand_land, Feb 17, 2019, in forum: E-mail Discussion
    Replies:
    7
    Views:
    137
    cPanelMichael
    Feb 20, 2019
  5. Kalin Dial

    Can you whitelist an IP in a blocked country in cPHulk

    Kalin Dial, Feb 8, 2019, in forum: Security
    Replies:
    1
    Views:
    148
    cPanelLauren
    Feb 11, 2019

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice