pci scan blocked by IPS?

vpswing

Active Member
Jun 4, 2014
35
4
58
cPanel Access Level
Root Administrator
Hi,

May I know what is causing this on our cPanel server? Is it the cPhulkd daemon? How to resolve this, disable cPhulkd when running the scan?
Vulnerability Details: Service: 22:TCP

port(s) became closed during scan: 22,25,53,80,110,143,443,465,587,2082-2083,2086-2087,2095-2096
IP Address:redacted
Host:redacted
Path:
Threat Reference:See pages 14-15 of the [https://www.pcisecuritystandards.org/documents/ASV_Program_Guide_v2.pdf] PCI DSS ASV Program Guide
for more information on handling interference from an IPS during compliance scanning.
Problem:Since a vulnerability scan sends the target a large amount of traffic designed to detect vulnerabilities, an IPS could misinterpret the scan as malicious activity, and react by blocking the scanner. This scan may have been blocked by an IPS. Therefore the results of this scan are inconclusive and cannot be used to support compliance.
Impact:The scan results may be inconclusive.
Resolution:Temporarily disable the Intrusion Prevention System or configure an exception for the scanner's IP address before starting the scan.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,649
323
438
Finland
cPanel Access Level
Root Administrator
If you are using CSF it's rather that.
Then add the scanner's IP to /etc/csf/csf.ignore and restart CSF.
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
713
281
363
cPanel Access Level
DataCenter Provider
@quietFinn is totally correct. If you are using CSF, you'll need to add the PCI's company's IP's to your ignore file. Lots of what a PCI scan does will trip any intrusion detection system.
 

vpswing

Active Member
Jun 4, 2014
35
4
58
cPanel Access Level
Root Administrator
Thanks for the tips, but CSF is not installed, nor LFD. But when I check with 'iptables -L' - there are a bunch of firewall rules listed.
Does cPanel v100.0.5 comes with some built-in firewall rules?
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,046
111
118
Houston, TX
cPanel Access Level
Root Administrator
Thanks for the tips, but CSF is not installed, nor LFD. But when I check with 'iptables -L' - there are a bunch of firewall rules listed.
Does cPanel v100.0.5 comes with some built-in firewall rules?
This wouldn't be an issue of cPanel v100.0.5 in this case. Would it be possible to reach out to your systems administrator or web hosting provider to inquire about any firewall blocks?
 
Thread starter Similar threads Forum Replies Date
B Security 1
V Security 7
A Security 1
G Security 7
M Security 5