Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Switching Off Port 993 - Is Anyone Using It?

Discussion in 'Security' started by BobHoliday, Nov 23, 2018.

  1. BobHoliday

    BobHoliday Member

    Joined:
    Sep 6, 2013
    Messages:
    23
    Likes Received:
    3
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    I'm getting pounded by distributed attacks on imap port 993. I've used ConfigServer Firewall to lock down access to only the EU, US, Aus and Canada which has helped but the country source of the attacks now has migrated with my rule change.

    I'm pretty sure none of my users use 993 so I could just switch it off but I'd like to be sure.

    Where can I view or monitor successful connections to 993 by legitimate users so I can see that there are none, or see who's using it and talk them into using POP instead?

    TY!
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,947
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. BobHoliday

    BobHoliday Member

    Joined:
    Sep 6, 2013
    Messages:
    23
    Likes Received:
    3
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    I know how to configure the firewall - I know how to block port 993... I want to know if any of my server users are using it and if so which. Is there a way to do that?
     
  4. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    442
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    See this post on StackExchange

    superuser.com/questions/604998/monitor-tcp-traffic-on-specific-port/848966#848966

    - you could probably modify it to suit your needs
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelLauren likes this.
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    506
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    If none of your users is connecting to the server using IMAP securely then there really should be no issues with filtering the port, though I wouldn't recommend this course of action, in the event one your users would like to at some point.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. BobHoliday

    BobHoliday Member

    Joined:
    Sep 6, 2013
    Messages:
    23
    Likes Received:
    3
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    I don't know if any of them are - I want to monitor the port for successful logins so I can find out. I would ask them all but none of my clients know the difference between imap and pop3 I don't suspect.
     
  7. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    506
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    The suggestions provided by @rpvw might be best to observe that behavior then. Just modify the dport line to reflect 993 and the --log-prefix to something that reflects what you're doing "993 logins" or similar.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice