could a genuine web session cause port scans

keat63

keat63

Well-Known Member
Nov 20, 2014
1,957
266
113
cPanel Access Level
Root Administrator
I see poert scan errors daily, when these originate from a foreign country, i tend not to be too concerned, as CSF blocked them.
But when these are from the UK, i often wonder if a legitimate customer could have been blocked.

Could a normal web session cause these errors ?

*Port Scan* detected from xxx.xxx.xxx.xxx (GB/United Kingdom/Gloucestershire/Gloucester/serverxxx-xxx-xxx-xxx.live-servers.net). 6 hits in the last 55 seconds - *Blocked in csf* for 86400 secs [PS_LIMIT]
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463
Hello,

I have seen reports in the past where it's been hit by legitimate users:

*Port Scan* detected *Blocked in csf* for 3600 secs [PS_LIMIT] - ConfigServer Community Forum

You may also find this third-party URL helpful for more information on how this CSF option works:

CSF *Port Scan* detected - shared hosting

You could search additional log files on your system (e.g. /usr/local/cpanel/logs/access_log) for the specific IP address to see if it's accessed other services in the past.

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
S SSL_ERROR_BAD_CERT_DOMAIN issue with Primary Website on IP Address Security 3
DJPRMF SOLVED UPS-430 - Horde Webmail 5.2.22 - Account Takeover via Email Security 7
R Auto banning IPs snooping web root? Security 4
M AutoSSL fail for cPanel virtual domains (webmail, webdisk etc.) Security 3
K Alert messages - genuine or not? Security 1
Similar threads
SSL_ERROR_BAD_CERT_DOMAIN issue with Primary Website on IP Address
SOLVED UPS-430 - Horde Webmail 5.2.22 - Account Takeover via Email
Auto banning IPs snooping web root?
AutoSSL fail for cPanel virtual domains (webmail, webdisk etc.)
Alert messages - genuine or not?
Top Bottom