Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

could a genuine web session cause port scans

Discussion in 'Security' started by keat63, Nov 30, 2016.

Tags:
  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    933
    Likes Received:
    32
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I see poert scan errors daily, when these originate from a foreign country, i tend not to be too concerned, as CSF blocked them.
    But when these are from the UK, i often wonder if a legitimate customer could have been blocked.

    Could a normal web session cause these errors ?

    *Port Scan* detected from xxx.xxx.xxx.xxx (GB/United Kingdom/Gloucestershire/Gloucester/serverxxx-xxx-xxx-xxx.live-servers.net). 6 hits in the last 55 seconds - *Blocked in csf* for 86400 secs [PS_LIMIT]
     
    #1 keat63, Nov 30, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I have seen reports in the past where it's been hit by legitimate users:

    *Port Scan* detected *Blocked in csf* for 3600 secs [PS_LIMIT] - ConfigServer Community Forum

    You may also find this third-party URL helpful for more information on how this CSF option works:

    CSF *Port Scan* detected - shared hosting

    You could search additional log files on your system (e.g. /usr/local/cpanel/logs/access_log) for the specific IP address to see if it's accessed other services in the past.

    Thank you.
     
    #2 cPanelMichael, Dec 1, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - genuine session cause
  1. Ken Waters

    Alert messages - genuine or not?

    Ken Waters, Oct 6, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    168
    cPanelMichael
    Oct 6, 2017
  2. Evan Ferroli

    create_user_session.php was not found on this server

    Evan Ferroli, Apr 7, 2018, in forum: General Discussion
    Replies:
    10
    Views:
    110
    Evan Ferroli
    Apr 10, 2018
  3. Tagir Gumerov

    Unexpected return value of get_transfer_session_state

    Tagir Gumerov, Mar 28, 2018, in forum: cPanel Developers
    Replies:
    5
    Views:
    110
    cPanelMichael
    Apr 13, 2018
  4. Scott Galambos

    Session lifetime too short after move to EA4

    Scott Galambos, Mar 26, 2018, in forum: EasyApache
    Replies:
    1
    Views:
    51
    cPanelMichael
    Mar 27, 2018
  5. David Gilbert

    SOLVED PHP sessions persisting

    David Gilbert, Feb 21, 2018, in forum: EasyApache
    Replies:
    2
    Views:
    154
    cPanelMichael
    Feb 22, 2018

Share This Page