The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

is it possible to slow down a country

Discussion in 'Security' started by keat63, Dec 21, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    About 75% of the port scans, failed logins etc seem to eminate from CN.
    I don't want to totally block CN in the firewall as we do have some legitmate business out there, but is there some way of maybe slowing them down.
    Even something like a timed firewall block, so CN traffic can only hit the server at given times.
    The only traffic i need to see from CN is email, nothing more.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    CSF should already be helping you here with this. What you might consider is, cutting back on the alerts you get. Out of site out of mind.
     
    quizknows likes this.
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    You might be right.
    Things like port scan, i could do without seeing.
    This is set for 3 scans and your'e out.

    Only trouble is, i'm afraid to turn this of in CSF as it gives the impression that it's required to work.
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Any ideas how i disable port scan detected messages.
    After 4 days away from work, i've got a huge list of emails to catch up on, mostly which are port scan detected.
    I don't want to disable port scan detection, just the message generation.
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sure, Port Scan Tracking section:
     
  6. Archmactrix

    Archmactrix Well-Known Member

    Joined:
    Jan 20, 2012
    Messages:
    132
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Edit: I was too late to answer
     
  7. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I assumed it was that one, however, Its already set to zero, and i'm still recieving about 30 emails per day.
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Are you sure its this specific email? You restarted the firewall of course, right?
     
  9. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    The ones i want to get rid of are the ones in the hourly log scanner report.

    Code:
    /var/log/lfd.log:
    Dec 29 10:04:04  lfd[10295]: *Port Scan* detected from 171.8.30.244 (CN/China/-). 3 hits in the last 55 seconds - *Blocked in csf* [PS_LIMIT]
    Dec 29 10:10:10  lfd[10967]: *Port Scan* detected from 125.111.144.7 (CN/China/-). 3 hits in the last 120 seconds - *Blocked in csf* [PS_LIMIT]
    Dec 29 10:10:28  lfd[11028]: *Port Scan* detected from 113.251.194.63 (CN/China/-). 3 hits in the last 141 seconds - *Blocked in csf* [PS_LIMIT]
    Dec 29 10:23:01  lfd[12553]: *Port Scan* detected from 187.247.170.39 (MX/Mexico/customer-GDL-170-39.megared.net.mx). 3 hits in the last 140 seconds - *Blocked in csf* [PS_LIMIT]
    
    a large number of these hourly reports contain only port scans.
    If i could get rid of these, i could save myself a lot of hassle.
     
    #10 keat63, Dec 29, 2015
    Last edited: Dec 29, 2015
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yea, that's a different email. Log Scanner settings is what you're looking for.

    You can change that from hourly, to something else, there. I prefer Daily, myself.
     
  11. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Might give daily a try for now.
    Thanks
     
    Infopro likes this.
Loading...

Share This Page