Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

blocked for port scanning While using FTP to send files

Discussion in 'General Discussion' started by williamkevenis, Jan 5, 2012.

  1. williamkevenis

    williamkevenis Registered

    Joined:
    Jan 5, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    My clientsarewhensendingfiles to theFTPis being blocked byportscan..
    see below

    Code:
     lfd on srv.hostalagoas.com.br: 187.65.106.56 (BR/Brazil/bb416a38.virtua.com.br) blocked for port scanningTime:    Thu Jan  5 19:03:09 2012 -0200
IP:      187.65.106.56 (BR/Brazil/bb416a38.virtua.com.br)
Hits:    6
Blocked: Temporary Block

Sample of block hits:
Jan  5 19:02:30 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7134 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:33 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7169 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:39 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7287 DF PROTO=TCP SPT=57957 DPT=32672 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:55 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7696 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:02:57 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7727 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
Jan  5 19:03:04 srv kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:54:d6:7a:00:15:2b:28:18:00:08:00 SRC=187.65.106.56 DST=63.143.32.72 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=7810 DF PROTO=TCP SPT=58041 DPT=55416 WINDOW=65535 RES=0x00 SYN URGP=0
     
    #1 williamkevenis, Jan 5, 2012
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You could whitelist your IP in WHM > Plugins > ConfigServer Security & Firewall area so that LFD, their product, doesn't keep blocking you.

    If you would like to ask them why you are being blocked, you might post onto their product's forum:

    ConfigServer Scripts Forum
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelTristan, Jan 5, 2012
  3. XenomediaBV

    XenomediaBV Well-Known Member

    Joined:
    Sep 3, 2009
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    The Netherlands
    cPanel Access Level:
    Root Administrator
    Better yet... try this:

    Enable FTP Passive Mode
    (also for 11_36, but that page doesn't exist yet)

    after making the changes to the ftp config as described above add the Passive Mode port range (49152:65534) to your CSF config:

    Code:
    SECTION:IPv4 Port Settings
# Allow incoming TCP ports
TCP_IN = 20 ..... ,2096[B],49152:65534[/B]
    Restart FTP server and test with an FTP client.

    @cPanel: Can the FTP passive mode settings be added to the "FTP Server Configuration" screen?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 XenomediaBV, Apr 20, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - blocked port scanning
  1. OgreMHDW

    Port 25 is blocked inbound and outbound

    OgreMHDW, Jul 4, 2017, in forum: E-mail Discussion
    Replies:
    1
    Views:
    511
    cPanelMichael
    Jul 4, 2017
  2. ItsMattSon

    SOLVED BIND Disabled & Port 53 blocked

    ItsMattSon, Sep 5, 2016, in forum: Bind/DNS/Nameserver
    Replies:
    6
    Views:
    1,206
    cPanelMichael
    Sep 19, 2016
  3. carolainn

    Update is blocked because RPM database is unstable

    carolainn, Jul 13, 2018, in forum: Database Discussion
    Replies:
    1
    Views:
    87
    cPanelLauren
    Jul 13, 2018
  4. Matic

    Blocked access to images and css, js scripts

    Matic, Jul 3, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    84
    cPanelLauren
    Jul 4, 2018
  5. MihaSCO

    Blocked root

    MihaSCO, Jun 28, 2018, in forum: Security
    Replies:
    1
    Views:
    77
    cPanelLauren
    Jun 28, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice