PCI Compliance fail on Domain starting with 'www.' but no associated ports open


Feb 10, 2015
cPanel Access Level
Website Owner
I have just upgraded from a shared hosting package to a VPS in order to get through PCI compliance and get a performance boost as my site gets busier.

I have a CENTOS 6.6 x86_64 setup.

We have failed our latest security scan with the reason "Domain starting with 'www.' but no associated ports open"
with the solution of....

"Users of SecurityMetrics scanning services are encouraged to add rules to their firewalls and inform their ISPs or hosting providers that security assessment scans may originate from the scanning locations listed in the table below.
SecurityMetrics Scanners
IP Ranges Subnet Mask (Short) Subnet Mask (Long)

- - - Updated - - -

Oops submitted before I was finished.

How do I implement this on WHM or cPanel?


Well-Known Member
Oct 20, 2009
cPanel Access Level
DataCenter Provider
If you are using CSF (Configserver firewall) add this line to /etc/csf/csf.ignore (NOT csf.allow, as csf.allow will make the scanner think every port is open):

If you are not using CSF, I highly recommend it as your software firewall for a cPanel system.