The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

port 11444

Discussion in 'Security' started by onef, Nov 5, 2010.

  1. onef

    onef Member

    Joined:
    Mar 19, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    We're doing PCI compliance and our scanning company has real problems with port 11444(and the proxy port, 11443) running SSL v2. I ran fuser and found the config file for this service, and found that I can disable SSL for this service, but in my time working with cPanel, I didn't even know this service existed.

    What exactly does this service do?
    Could I just firewall off the port so only localhost can access it?
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    There is no cPanel-configured service that uses 11444. In my searching, the only mentions that I could find of ports 11444 or 11443 refer to Plesk:

    Lexal [V5] :: Plesk 9 tried to login to port 11444 on 127.0.0.1 - SOLVED
    Parallels Forums - Unable to login to plesk 9.0.1 after upgrade from 9.0

    Both refer to SSO for Parallels/Plesk products. Out of curiosity, what is shown in netstat if you grep for these ports?

    Code:
    # netstat -nalp|grep 11443
    # netstat -nalp|grep 11444
    If you are sure that nothing you are running needs these ports, it should be safe to block them with your firewall, but it is curious that anything is listening at all on a cPanel server. Those ports are not even listed in /etc/services on my test server.
     
  3. onef

    onef Member

    Joined:
    Mar 19, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I saw that plesk stuff initially as well, but to the best of my knowledge, this server has always ran cPanel. I think I'm probably just going to firewall the ports off except for localhost, and see what happens.

    Here's the netstat:
    # netstat -nalp|grep 11444
    tcp 0 0 0.0.0.0:11444 0.0.0.0:* LISTEN 3426/sw-cp-serverd
    # netstat -nalp|grep 11443
    tcp 0 0 0.0.0.0:11443 0.0.0.0:* LISTEN 3426/sw-cp-serverd


    And here's fuser for that port:
    # fuser -n tcp 11444
    11444/tcp: 3426
    ps aux|grep 3426
    32008 3426 0.0 0.5 15004 11848 ? S Oct24 0:31 /usr/sbin/sw-cp-serverd -f /etc/sw-cp-server/config

    And here's the conf file for:
    # cat /etc/sw-cp-server/config
    server.modules = ()
    server.document-root = "/dev/null"
    server.port = 10001
    server.bind = "127.0.0.1"
    server.pid-file = "/var/run/sw-cp-server.pid"
    server.errorlog-use-syslog = "disable"
    server.errorlog = "/var/log/sw-cp-server/error_log"
    server.username = "sw-cp-server"
    server.groupname = "sw-cp-server"
     
  4. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I did a Google search on "sw-cp-server" and found this:

    KB Parallels: How do I change the default port for Expand control panel?

    It appears that this is the service for the Plesk Expand control panel. If you are sure it is not in use, you will probably want to shut down the service and prevent it from starting, besides blocking the port with the firewall.

    Based on the knowledgebase article, it appears that the server has had some elements of Plesk/Parallels/SWsoft products installed previously.
     
Loading...

Share This Page