could a genuine web session cause port scans

keat63

Well-Known Member
Nov 20, 2014
1,957
266
113
cPanel Access Level
Root Administrator
I see poert scan errors daily, when these originate from a foreign country, i tend not to be too concerned, as CSF blocked them.
But when these are from the UK, i often wonder if a legitimate customer could have been blocked.

Could a normal web session cause these errors ?

*Port Scan* detected from xxx.xxx.xxx.xxx (GB/United Kingdom/Gloucestershire/Gloucester/serverxxx-xxx-xxx-xxx.live-servers.net). 6 hits in the last 55 seconds - *Blocked in csf* for 86400 secs [PS_LIMIT]
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463
Hello,

I have seen reports in the past where it's been hit by legitimate users:

*Port Scan* detected *Blocked in csf* for 3600 secs [PS_LIMIT] - ConfigServer Community Forum

You may also find this third-party URL helpful for more information on how this CSF option works:

CSF *Port Scan* detected - shared hosting

You could search additional log files on your system (e.g. /usr/local/cpanel/logs/access_log) for the specific IP address to see if it's accessed other services in the past.

Thank you.