pci scan blocked by IPS?

V

vpswing

Well-Known Member
Jun 4, 2014
48
6
58
cPanel Access Level
Root Administrator
Hi,

May I know what is causing this on our cPanel server? Is it the cPhulkd daemon? How to resolve this, disable cPhulkd when running the scan?
Vulnerability Details: Service: 22:TCP

port(s) became closed during scan: 22,25,53,80,110,143,443,465,587,2082-2083,2086-2087,2095-2096
IP Address:redacted
Host:redacted
Path:
Threat Reference:See pages 14-15 of the [https://www.pcisecuritystandards.org/documents/ASV_Program_Guide_v2.pdf] PCI DSS ASV Program Guide
for more information on handling interference from an IPS during compliance scanning.
Problem:Since a vulnerability scan sends the target a large amount of traffic designed to detect vulnerabilities, an IPS could misinterpret the scan as malicious activity, and react by blocking the scanner. This scan may have been blocked by an IPS. Therefore the results of this scan are inconclusive and cannot be used to support compliance.
Impact:The scan results may be inconclusive.
Resolution:Temporarily disable the Intrusion Prevention System or configure an exception for the scanner's IP address before starting the scan.
 
Q

quietFinn

Well-Known Member
Feb 4, 2006
1,903
467
438
Finland
cPanel Access Level
Root Administrator
If you are using CSF it's rather that.
Then add the scanner's IP to /etc/csf/csf.ignore and restart CSF.
 
F

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
857
368
363
cPanel Access Level
DataCenter Provider
@quietFinn is totally correct. If you are using CSF, you'll need to add the PCI's company's IP's to your ignore file. Lots of what a PCI scan does will trip any intrusion detection system.
 
V

vpswing

Well-Known Member
Jun 4, 2014
48
6
58
cPanel Access Level
Root Administrator
Thanks for the tips, but CSF is not installed, nor LFD. But when I check with 'iptables -L' - there are a bunch of firewall rules listed.
Does cPanel v100.0.5 comes with some built-in firewall rules?
 
cPanelAnthony

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,041
111
118
Houston, TX
cPanel Access Level
Root Administrator
vpswing said:
Thanks for the tips, but CSF is not installed, nor LFD. But when I check with 'iptables -L' - there are a bunch of firewall rules listed.
Does cPanel v100.0.5 comes with some built-in firewall rules?
Click to expand...
This wouldn't be an issue of cPanel v100.0.5 in this case. Would it be possible to reach out to your systems administrator or web hosting provider to inquire about any firewall blocks?
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
I Weak Ciphers - Failing Scan PCI Compliance Security 1
J PCI+ Scan Issues Security 5
B In Progress CPANEL-42515 - PCI Scan complaint about Web Server Predictable Session ID Vulnerability with port 2087 / tcp over ssl Security 6
B PCI Scan Issues Security 1
M PCI Scanning Being Blocked Security 5
Similar threads
Weak Ciphers - Failing Scan PCI Compliance
PCI+ Scan Issues
In Progress CPANEL-42515 - PCI Scan complaint about Web Server Predictable Session ID Vulnerability with port 2087 / tcp over ssl
PCI Scan Issues
PCI Scanning Being Blocked
Top Bottom