The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Port Scan* detected from

Discussion in 'Security' started by keat63, Jul 7, 2016.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Over the last 5 days or so, I'm seeing quite a number of port scans detected in CSF, all originating from various random IP's in the UK.

    I have CSF configured to block the IP based on 10 or more port scans.

    My question really is, could normal day to day web usage or operations generate port scans or emulate something that looks like a port scan.
    Would there be any implications (maybe in the short term) to reduce this down to 3 ?
     
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I'm receiving at least 40 of these port scans per day, the odd thing is that 99% of them are coming from various IP's all belonging to Virgin ??
    Could anyone help explain this at all.

    eg: *Port Scan* detected from 92.238.xx.xxx (GB/United Kingdom/Bradford/Shipley/cpc29-brad20-2-0-cust248.17-1.cable.virginm.net).

    *Port Scan* detected from 86.30.xx.xxx (GB/United Kingdom/Glasgow City/Glasgow/cpc3-kirk3-2-0-cust81.14-1.cable.virginm.net).
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    There's only myself who has FTP access, and I don't use Virgin.

    There have been email issues with the Virgin Media servers recently, and I've been heavily involved on the Virgin forum to try and help have this issue resolved.
    I did post my IP address on one post, so i'm wondering if all this traffic might be generated through the forum post somehow.
    Maybe the forum server is trying to resolve the IP ??
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Possibly. This is an example of why you should never post actual IPs, emails or domain names to any public forum, anywhere.

    You might ask the moderators over there if they'll edit your post(s) if needed.
     
Loading...

Share This Page