Dublin-based cpanel ip addresses in

[jeffschips]

Is it normal to see the following entries in:

In cpanel.allow
52.213.169.7 dublin
34.254.37.129 dublin
52.51.23.204 dublin

In cpanel.allow
192.36.148.17 dns
193.0.14.129 dns

??

 

[cPRex]

Hey there! Can you let me know the full path to the configuration file you're looking at?

 

[jeffschips]

Sorry should have done that already:
/etc/csf/cpanel.allow

and

/etc/csf/csf.allow

for:

192.36.148.17 dns
193.0.14.129 dns

 

[cPRex]

Thanks for the clarification - the cpanel.allow file is prepopulated by CSF, and my personal server does have those entries.

csf.allow is manually configured so someone had to add those entries for the DNS at some point.

 

[jeffschips]

I just discovered that the csf.allow entries are for root servers dns service in Europe and an internet time server in Sweden.
Don't know why there and not the U.S. for both of them???

 

[cPRex]

I can't say for sure - if these are both default installations of CSF and you haven't made those modifications, you may want to reach out to their team for clarification: Support – ConfigServer Services

 

[jeffschips]

Thanks I'll look into that.

 

[mtindor]

Interesting.

tcp|in|d=80|s=52.51.23.204 # cPanel SaaS Server
tcp|in|d=443|s=52.51.23.204 # cPanel SaaS Server
tcp|in|d=8443|s=52.51.23.204 # cPanel SaaS Server

tcp|in|d=80|s=52.213.169.7 # cPanel SaaS Server
tcp|in|d=443|s=52.213.169.7 # cPanel SaaS Server
tcp|in|d=8443|s=52.213.169.7 # cPanel SaaS Server

tcp|in|d=80|s=34.254.37.129 # cPanel SaaS Server
tcp|in|d=443|s=34.254.37.129 # cPanel SaaS Server
tcp|in|d=8443|s=34.254.37.129 # cPanel SaaS Server

What the hell is this all about? And TCP 8443? I've never had anything running on TCP 8443.

I don't like any of those Amazon IPs being allowed anywhere. Are these really used by cPanel for communications with cPanel servers?

 

[cPRex]

Once again, we don't make or distribute CSF.

 

[mtindor]

Once again, we don't make or distribute CSF.

Understood. But maybe you could find out if the aforementioned servers are really cPanel operated (on Amazon) and if so, do they truly need inbound connection access to every server? I don't see anything in any cPanel documentation mentioning them. I plan on asking Chirpy, but cPanel would know better than him whether those IPs are legitimate IPs operating cPanel services that need to make inbound connections to our servers.

 

[cPRex]

Yes, we do have some monitoring tools on the Amazon platform and these are those IP addresses. These have been in CSF since at least 2021.

 

[mtindor]

Yes, we do have some monitoring tools on the Amazon platform and these are those IP addresses. These have been in CSF since at least 2021.

Thanks, Rex!

 

[cPRex]

Sure thing - sorry about being short the first time, but we seem to get a lot of "why is CSF..." questions lately and I really just don't have the answers. I was able to look up this one though :D

 

[jeffschips]

Yeah double thanks for looking into that and posting - I was starting to worry a bit. . .

 

[jeffschips]

Comments on the code show "cPanel SaaS Server" so there must be some connection between the two. . .