Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Port scanning.. should i be concerned ??

Discussion in 'Security' started by keat63, Nov 27, 2014.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    981
    Likes Received:
    41
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Chaps.

    I installed CSF this afternoon and can see 3 servers which have been port scanning.
    All 3 servers are in the same data centre as my server.

    all on the same subnet range

    lets assume i'm on xxx.xxx.221.199
    The 3 other servers were

    xxx.xxx.221.8 11 hits in the last 161 seconds - *Blocked in csf* for 3600 secs
    xxx.xxx.220.18 11 hits in the last 166 seconds - *Blocked in csf* for 3600 secs
    xxx.xxx.220.23 11 hits in the last 276 seconds - *Blocked in csf* for 3600 secs

    When i try to connected to these ip's in my browser each one is showing some form of iis7 landing page with a blue logo and welcome in various languages.
     
    #1 keat63, Nov 27, 2014
    Last edited: Nov 27, 2014
  2. smoge

    smoge Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    156
    Report to your data center with logs
     
    #2 smoge, Nov 27, 2014
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    981
    Likes Received:
    41
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I actually called the server provider, to ask if these servers were anything to do with them, maybe DNS servers or similar.
    The guy confirmed that they are indeed their servers, but these are other customers servers.
    I've checked again this evening and it seems that CSF has blocked them permanently
     
    #3 keat63, Nov 27, 2014
  4. 24x7ss

    24x7ss Well-Known Member

    Joined:
    Sep 30, 2014
    Messages:
    271
    Likes Received:
    16
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Block the IP's from which port scanning done. File Abuse complaint to your DC so that they have to take action on that servers.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 24x7ss, Nov 27, 2014
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    981
    Likes Received:
    41
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    i've reported them this morning.
    Thanks
     
    #5 keat63, Nov 28, 2014
  6. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    242
    Likes Received:
    15
    Trophy Points:
    168
    Location:
    Florida
    As for the question, "Should you be worried?" No, you should not be worried. Port scanning is a very easy task for script using hackers. On a secure server, it really isn't all that useful or dangerous.
     
    #6 Serra, Dec 1, 2014
  7. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Generally when I get reports like these in my data center, it is because the other customers have dropbox with the lansync feature enabled. Lansync sends out tons of broadcast traffic. Likely that's what it is; I'd just block them. You can be sure if your logs show port 17500 that it is dropbox and not intentionally malicious.

    I usually see it on windows servers, which is consistent with you seeing IIS.
     
    #7 quizknows, Dec 2, 2014
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Right, as mentioned, the scan itself is relatively harmless. Note that if you are concerned about overall security of your system, the Security Advisor is a good place to start:

    Security Advisor

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 cPanelMichael, Dec 16, 2014
  9. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    981
    Likes Received:
    41
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I'm still tweaking security advisor and csf, but still have a heck of a lot to learn.
     
    #9 keat63, Dec 16, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - Port scanning should
  1. vented

    New Thread IP and port for subdomain?

    vented, Jun 23, 2018 at 1:49 AM, in forum: Bind/DNS/Nameserver
    Replies:
    1
    Views:
    32
    24x7server
    Jun 23, 2018 at 10:39 AM
  2. webdsn

    How to export SSL from cPanel with .pfx

    webdsn, Jun 21, 2018 at 2:38 AM, in forum: Security
    Replies:
    2
    Views:
    55
    webdsn
    Jun 21, 2018 at 8:54 PM
  3. Lillike

    Kernel does not support the prevention of symlink ownership attacks

    Lillike, Jun 20, 2018 at 9:08 AM, in forum: Security
    Replies:
    1
    Views:
    37
    cPanelLauren
    Jun 20, 2018 at 12:03 PM
  4. Lillike

    Security Advisor: close port 3306 in the server’s firewall

    Lillike, Jun 20, 2018 at 8:51 AM, in forum: Security
    Replies:
    1
    Views:
    43
    cPanelLauren
    Jun 20, 2018 at 11:59 AM
  5. upsforum

    The system encountered errors during transport error

    upsforum, Jun 15, 2018, in forum: Data Protection
    Replies:
    3
    Views:
    112
    cPanelLauren
    Jun 22, 2018 at 9:56 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice